FIDO2 PIN lost 12345

Hello,

I’ve been using a Nitrokey FIDO2 for a few months. Just now, one of the sites (WordPress) has converted from U2F to FIDO2. Where I previously only needed to touch the Nitrokey to gain access (as a second factor), now a PIN is requested.

I’m pretty sure I remember this PIN (which I might have set on initialization, but never used since), but it isn’t accepted. Finally I’m now get the warning that the key will be “locked” if I enter the wrong PIN again.

How do I fix this? Full reset is an option, but will this clear the issue or is “locked” to be taken literally, meaning “key disabled permanently”?

Regards

Hi!

  1. In case you do not use Windows, then you can try to use Firefox, which by default works on U2F, and regain access to the account.
  2. Factory Reset deletes all FIDO2 Resident Keys (if any) and generates new master secret, which is used for regular authorization for FIDO2 and U2F. You will lost access to all accounts you are registered with it.

More information:

Yes, I’m aware of that (loss of all data on reset). But the key is not physically “locked out” or any such thing, it just needs a reset, then it’s as good as new again?

BTW, the PIN is used for the whole key, not for a single account, right? The key can serve many different accounts, but only use a single PIN for all of them?

Regards

  1. Exactly. It is not a permanent lock. After the reset it is as good as new.
  2. Yes, the PIN is a general one.

Thank you!

Regards