Docs

Guides

Blog

Tools

FIDO2.1 Security Key Management Tool for macOS – User Guide

Overview

The FIDO2.1 Security Key Management Tool is a macOS application for managing FIDO2.1 security keys on Apple Silicon Macs. It provides a simple interface to view device information, manage passkeys, change PINs, and perform factory resets. While the macOS version of the tool is compiled from the same open-source codebase as the Windows and Linux versions, there are some platform-specific differences. Notably, macOS assigns a different hardware IORegistry (IOReg) ID to the key each time it is replugged. As a result, both the graphical interface and command-line interface (CLI) behave slightly differently compared to their Windows and Linux counterparts.
This tool is compatible with most FIDO2.1-compliant security keys, including those from other manufacturers. However, NFC functionality depends on the specific NFC reader used, and support may vary. Additionally, the smartcard interface is not fully supported at this time.


System Requirements
Important: This version requires a Mac with Apple Silicon processor. It will not work on Intel-based Macs.
  • macOS Ventura (13.0) or later
  • Apple Silicon Mac (M1, M2, or later)
  • Compatible FIDO2.1 security key
  • USB port (for USB keys) or an NFC reader (for NFC keys)

Installation
Installing from DMG

  1. Download the .dmg file from our official website
  2. Open the downloaded .dmg file (double-click in Finder)
  3. Drag the application icon to your Applications folder
  4. Eject the DMG (right-click the disk icon on your desktop → "Eject")
  5. Launch from Launchpad or the Applications folder

Getting Started
First Launch
Permission Note: When first plugging in a USB key, the system will ask for permission. Click on "Allow".
FIDO2.1 Security Key Management Tool for macOS – User Guide
Also, some keys support HID keyboard emulation; because of this, macOS may launch the keyboard setup assistant — simply cancel (hit "Quit" button) if this happens.

FIDO2.1 Security Key Management Tool for macOS – User Guide


Main Interface

The application window contains three main sections:

  1. Device Selection – Dropdown menu showing connected FIDO2 keys
  2. Information Panel – Displays key details in a clean table
  3. Action Buttons – Perform operations on the selected key

Basic Operations
Connecting Your Key
  1. Insert your security key (USB) or place it on the NFC reader
  2. Click the refresh button if your key isn't automatically detected
  3. Select your device from the dropdown menu

    FIDO2.1 Security Key Management Tool for macOS – User Guide
Viewing Key Information
  1. Select your key from the device list
  2. Enter your PIN when prompted (use "0000" if no PIN is set)

    FIDO2.1 Security Key Management Tool for macOS – User Guide

  3. The information panel will display:
    • Manufacturer and model
    • FIDO protocol version
    • Storage capacity
    • Additional technical details

  4. FIDO2.1 Security Key Management Tool for macOS – User Guide
Advanced Features
Managing Passkeys
  1. Select your key and enter the PIN
  2. Click the "Passkeys" button (only active if passkeys are present)

    FIDO2.1 Security Key Management Tool for macOS – User Guide

  3. View all stored credentials, organized by website/domain
  4. Select any credential to see detailed information
  5. Click "Delete Passkey" to remove unwanted credentials
Changing Your PIN
Security Tip: Always choose a strong PIN with at least 6 digits and complexity. FIDO2 keys from the PIN+ series do not allow weak PINs.
  1. Select your key from the device list
  2. Click the "Change PIN" button

    FIDO2.1 Security Key Management Tool for macOS – User Guide

  3. Follow the terminal instructions that appear
  4. Enter the current PIN when prompted
  5. Enter and confirm your new PIN
Factory Reset
Warning: This will permanently erase all credentials and settings!
  1. Click the "fido2-manage CLI" button
  2. Issue the following command: fido2-manage -reset -device 1 (assuming you're resetting device #1)
    FIDO2.1 Security Key Management Tool for macOS – User Guide
  3. Unplug and replug your key when instructed
  4. Touch the key when it starts blinking
  5. Wait for the confirmation message

The CLI can be used to manage the keys and is an alternative to the GUI. For example, to set a PIN on a new FIDO2 key, follow the steps below:

Setting a PIN Using CLI

To set a PIN on a new security key via the command-line interface, follow these steps:

  1. Launch the GUI application.
  2. Click on the “fido2-manage CLI” button to open a terminal window.
  3. Enter the following command in the terminal (assuming your device is listed as device #1):
    fido2-manage -setPIN -device 1
  4. Follow the prompts to enter and confirm your new PIN.

After completing these steps, your key will be initialized with the new PIN and ready for secure operations.

Troubleshooting
Common Issues

Key Not Detected

  • Try a different USB port (avoid hubs)
  • Check for physical damage to the key
  • Restart the application

PIN Problems

  • "Invalid PIN" – You may have entered it incorrectly
  • "PIN Blocked" – Unplug and replug the key to reset attempts
  • "PIN Required" – You need to set a PIN first

Application Crashes

  • Ensure you're using the ARM64 version on Apple Silicon
  • Update to the latest macOS version
  • Check for application updates
Security Best Practices
  • Always set a complex PIN
  • Remember your PIN — if you forget it, you risk losing access to accounts
  • Regularly check and remove unused passkeys
  • Only perform a factory reset if absolutely necessary — this removes all data, and access to previously enrolled services will be lost
  • Keep your application updated
About

FIDO2.1 Security Key Management Tool
Version 0.2 (ARM64) – macOS

Download DMG Source Code
© TOKEN2 Sarl, Versoix, Switzerland

Support: [email protected]