Tools

Tools for FIDO keys

FIDO2.1 Security Key Management Tool - GUI for fido2-manage.exe

Name: Token2 C301-i programmable hardware token for Office 365 and Azure MFA
Brand: Token2
SKU: t2-51
Price: 21 EUR
Availability: InStock
Rating: 5 (4752 reviews)

1. Overview:

The FIDO2.1 Security Key Management Tool is a utility designed to manage and interact with FIDO2.1 security keys. It provides functionalities to view information, manage relying parties, and perform various operations on connected FIDO2.1 devices.

Important: This tool requires administrative privileges

Since Windows 10 version 1903, Microsoft has implemented its WebAuthn API to interact with FIDO authenticators. Access from non-administrator accounts is restricted to this API, requiring any tool that manages FIDO keys to be executed with administrative privileges.

Starting from v1.1, this tool supports managing FIDO2.1 devices over NFC transport. Only one NFC reader with a FIDO2.1 device should be present in the system (the tool will only attempt to enumerate/read the first one, appearing as pcsc://slot0). Please note that NFC stability depends on the precise positioning of the NFC card antenna overlapping with the reader's reading area. NFC functionality was tested only using NFC Reader devices provided by Token2.

2. Main Window:

Devices Dropdown:

Displays a list of connected FIDO2.1 devices or NFC Readers.
Select a device from the dropdown to view information and manage settings. Use "Refresh" button to show keys plugged in after launching the app.
After choosing a device from the list, a valid PIN is necessary to proceed. If no PIN is set, the 'Set PIN' button will be the only active function.

Device Info Element:

Displays information about the selected FIDO2.1 device.
Shows the passkey storage information, such as total storage capacity available on the device, used and free passkey slots, etc.
Provides details such as manufacturer, model, AAGUID, version, available algorithms, transports, and more. Scroll through the data grid for additional information.

Show Passkeys:

Opens a new window displaying information about passkeys (resident keys) stored on the selected device.
Please be patient as the list of passkeys is loaded; it may take some time to retrieve the information depending on the number of passkeys and hardware model.
Disabled if no device is selected or if the selected device has no passkeys stored.

Reset Button:

Resets the selected FIDO2.1 device to its default state.
Resetting a FIDO2.1 key is only possible within 10 seconds after plugging in, so you may need to replug the key when resetting.
Requires confirmation and pressing/touching the button before execution.

Change PIN Button:

Opens a new window to change the PIN for the selected device.

Set PIN Button:

Opens a new window to set the PIN for the selected device.
Enabled only if the selected key does not have a PIN set.

Refresh Button:

Updates the list of connected FIDO2.1 devices in the dropdown (i.e. plugged after the app is launched).

3. Passkeys Window:

Displays a list of passkeys stored with the selected FIDO2.1 device.
To remove a passkey, select the row in the list and click on Delete
Passkey removal requires confirmation before execution. To complete the removal, press 'Y' on the keyboard when the console prompt, as shown below, appears.

4. Limitations:

This tool interacts only with FIDO2.1 security keys.
Only USB and NFC transports are currently supported.
NFC support is available starting from v1.1 of this tool. NFC functionality was tested only using NFC Reader devices provided by Token2.
The tool currently supports PIN authentication only.

5. Download Section

Click the download button to get the tool.

download FIDO2.1 Manager v1.2

6. FAQ:

Q: Is this for Token2 devices only?
A: No, being a member of FIDO Alliance, we try to make tools usable with any devices compliant with the current standards. This tool can be used with any FIDO2.1 security key, not only ours.

Q: My Google Titan v2 is not working with your tool.
A: Google Titan v2 is a FIDO2.0 device. FIDO2.0 does not allow passkey management. Our tool only supports FIDO2.1 standard.

Q: Is this Token2's original software? Why was this created?
A: This is simply a GUI wrapper of a libfido2 based command-line utility. The need raised from the fact that there is currently no standalone FIDO2.1 passkey management tool for Windows available. Our customers were not comfortable using command line tools or Chromium-based management methods - this tool is to address these needs.