Using Yubikey 5 as security device

Hi there!
I use a Yubikey 5, which is a fully enabled fido2 device, for cloudflare 2fa authentication. But everytime the device is used a pin prompt appears. For my opinion this is not nessecary, because cloudflare doesn‘t use passwordless auth such as microsoft does. Is it possible for cloudflare‘s developers to implement fido2 without promting for a pin?


Ah ha! So I’m not the only one. I asked YubiCo about this (this isn’t happening because of Cloudflare). It’s a FIDO2 setting on your YubiKey.

YubiKey Manager can turn it off.

1 Like

I think disabling fido2 is just a workaround, because u2f does not support entering pin and fido2 is backward compatible to u2f. so after disabling fido2, u2f will be used and the pin prompt is disabled. But if anyone uses fido2 passwordless authentication feature (microsoft365, for example), this won‘t work anymore. The service itself (microsoft or cloudflare) can decide if a pin is mandarory or not. So in conclusion passwordless should require a pin and a yubikey used with fido2 as u2f shouldn‘t.

1 Like

So finally cloudflare has to implement fido2 in the correct way: Disable pin for 2fa or either implement fido2 passwordless.

This topic was automatically closed after 30 days. New replies are no longer allowed.