FIDO2.1 Security Key Management Tool - GUI for fido2-manage.exe
The FIDO2.1 Security Key Management Tool is a utility designed to manage and interact with FIDO2.1 security keys. It provides functionalities to view information, manage relying parties, and perform various operations on connected FIDO2.1 devices.
Important: This tool requires administrative privilegesSince Windows 10 version 1903, Microsoft has implemented its WebAuthn API to interact with FIDO authenticators. Access from non-administrator accounts is restricted to this API, requiring any tool that manages FIDO keys to be executed with administrative privileges.
2. Main Window:
- Displays a list of connected FIDO2.1 devices.
- Select a device from the dropdown to view information and manage settings. Use "Refresh" button to show keys plugged in after launching the app.
- After choosing a device from the list, a valid PIN is necessary to proceed. If no PIN is set, the 'Set PIN' button will be the only active function.
- Displays information about the selected FIDO2.1 device.
- Shows the passkey storage information, such as total storage capacity available on the device, used and free passkey slots, etc.
- Provides details such as manufacturer, model, AAGUID, version, available algorithms, transports, and more. Scroll through the data grid for additional information.
- Opens a new window displaying information about passkeys (resident keys) stored on the selected device.
- Please be patient as the list of passkeys is loaded; it may take some time to retrieve the information depending on the number of passkeys and hardware model.
- Disabled if no device is selected or if the selected device has no passkeys stored.
- Resets the selected FIDO2.1 device to its default state.
- Resetting a FIDO2.1 key is only possible within 10 seconds after plugging in, so you may need to replug the key when resetting.
- Requires confirmation and pressing/touching the button before execution.
- Opens a new window to change the PIN for the selected device.
- Opens a new window to set the PIN for the selected device.
- Enabled only if the selected key does not have a PIN set.
- Updates the list of connected FIDO2.1 devices in the dropdown (i.e. plugged after the app is launched).
Device Info Element:
Change PIN Button:
Set PIN Button:
3. Passkeys Window:
- Displays a list of passkeys stored with the selected FIDO2.1 device.
- To remove a passkey, select the row in the list and click on Delete
- Passkey removal requires confirmation before execution. To complete the removal, press 'Y' on the keyboard when the console prompt, as shown below, appears.
- This tool interacts only with FIDO2.1 security keys.
- Only USB transport is currently supported.
- PCSC/NFC support is under development for future releases.
- The tool currently supports PIN authentication only.
5. Download Section
Click the download button to get the tool.
download FIDO2.1 Manager
6. FAQ:Q: Is this for Token2 devices only?
A: No, being a member of FIDO Alliance, we try to make tools usable with any devices compliant with the current standards. This tool can be used with any FIDO2.1 security key, not only ours.
Q: My Google Titan v2 is not working with your tool.
A: Google Titan v2 is a FIDO2.0 device. FIDO2.0 does not allow passkey management. Our tool only supports FIDO2.1 standard.
Q: Is this Token2's original software? Why was this created?
A: This is simply a GUI wrapper of a libfido2 based command-line utility. The need raised from the fact that there is currently no standalone FIDO2.1 passkey management tool for Windows available. Our customers were not comfortable using command line tools or Chromium-based management methods - this tool is to address these needs.
Subscribe to our mailing list
Want to keep up-to-date with the latest Token2 news, projects and events? Join our mailing list!