I need to reset PIN of my FIDO2 token.
Reset procedure could be useful also to anyone who wants to give their token to someone else and want to make sure that everything is erased from it.
There is a nice article Use FIDO U2F security keys with Fedora Linux - Fedora Magazine, which describes how to use the token, but PIN reset is not described there.
1 Like
Unfortunately, it is not possible to add a new comment to the great article Use FIDO U2F security keys with Fedora Linux - Fedora Magazine. Therefore, I decided to post the question and answer here.
BEWARE: Resetting the token will not only reset PIN, but will delete EVERYTHING from the token, including all the website associations.
Steps to reset FIDO2 token from terminal:
- Install
fido2-toolspackage, if not installed already
$ sudo dnf install fido2-tools
-
Connect the token which you want to reset. Connect only this one token, to avoid mistakenly resetting another token.
-
Find device name of the token
$ fido2-token -L
/dev/hidraw2: vendor=0x32a3, product=0x3203 (GoTrust Idem Key 1C)
In this case, /dev/hidraw2 is the device name.
- Prepare reset command
In terminal, prepare the next command, so you can run it quickly just by pressing Enter:fido2-token -R <device name>
Example:
$ fido2-token -R /dev/hidraw2
-
Perform reset sequence
Most tokens can be reset only within five (5) seconds after their connection.- To reset a token, first remove it.
- Connect the token and then run the prepared command in the terminal within five seconds after connection.
- Token starts blinking, touch its touch pad.
- Reset takes a few seconds then.
-
When I did not run reset command within 5 seconds after the token connection, I got the following error:
$ fido2-token -R /dev/hidraw2
fido2-token: fido_dev_reset: FIDO_ERR_NOT_ALLOWED
3 Likes
It would be nice to have also a GUI way to perform the reset.
I tried to reset the token in Chrome on Fedora 37, i3wm spin, but it did not work.
1 Like
I agree. I’ve asked for this to be included in the GNOME Control Center, maybe?
1 Like