Hi!
- Nitrokey App does not manage Nitrokey FIDO2 at the moment. PIN setting is possible through Windows 10 settings menu, as well as Chrome settings (Settings → Privacy and Security → Manage security keys), as was mentioned in previous replies.
- Nitrokey FIDO2 handles both FIDO U2F and FIDO2 requests. If the given service does not handle FIDO2 yet, the PIN will never be requested.
- Even if the service is handling the FIDO2, PIN for the FIDO2 action still has to be requested on its side (called
UV), so the browser would show the PIN request popup. Otherwise a standard signature will be used, based only on the user presence (UPin short), which is a touch button press in case of Nitrokey FIDO2 device. We have not added any custom code to block the PIN-less FIDO2 calls, as this would violate the FIDO2 specification. Additionally some browsers tend to use the FIDO U2F interface by default (e.g. Firefox seems to do so).
Could you provide please the test cases, so we could investigate them?
Resident keys are supported by Nitrokey FIDO2. We will look into it.
Edit:
- I tried YK playground, and got it working on Chrome 80 dev (80.0.3970.5), but not Firefox 70/72 nightly.
- Bitwarden Passwordless.dev | Bitwarden not worked for me in any browser.