PIN management

This section describes how to set the minimum PIN length, create or update a PIN, and require a user to chnage their PIN on first use.

Set the admin PIN for a FIDO key

You can set the admin PIN once only.

This one-time procedure cannot be reverted. This function is available on FIDO 2.1 keys only.

To set the admin PIN:

1. Insert the FIDO key and open FIDO Key Manager.

2. Select Admin > Set admin PIN for this FIDO Key.

   

3. Enter the admin PIN, confirm it, and then select Submit.

   The admin PIN must be 16 characters in length and can include plain text and special characters.

   

   You are prompted to confirm this one-time operation.

4. Select Yes to set the admin PIN. This also sets the FIDO key to managed mode.

   

Update an admin PIN

You can update an admin PIN after it has been set.

This operation is available on FIDO 2.1 keys only.

To update an admin PIN:

1. Insert the FIDO key and open FIDO Key Manager.

2. Select Admin > Update Admin PIN.

   

3. Enter the current admin PIN and then select Submit.

   This step displays only if you are entering the admin PIN for the first time. After the admin PIN is authenticated, this step is skipped for the rest of the session.

4. Enter the admin PIN, confirm it, and then select Submit.

   The admin PIN must be 16 characters in length and can include plain text and special characters.

   

Create a FIDO key PIN

To create a PIN for a FIDO key:

1. Insert your FIDO key and open FIDO Key Manager.

2. Select Set up PIN.

   

3. Enter a PIN.

   Observe the minimum PIN length.

   

4. Confirm the PIN and then select Submit.

Change a FIDO key PIN

To change your existing FIDO key PIN:

1. Insert your FIDO key and open FIDO Key Manager.

2. Select Change PIN.

   

3. Enter your current PIN, your new PIN, and then select Submit.

   

   If your current PIN is invalid:

   • Your number of attempts will be reduced. If only two attempts remain, a warning message displays.
     

   • If the last attempt fails, the FIDO key is locked. Contact the administrator to unblock the key.
     

   If the PIN is valid:

   • A confirmation message displays.
     

Set PIN length

You can set a minimum PIN length for FIDO keys.

This operation is available only on FIDO 2.1 Key managed by admin.

To set the minimum PIN length:

1. Open FIDO Key Manager.

2. Select Admin > Configure PIN length.

   

   The Enter Admin PIN screen displays.

   This step displays only if you are entering the admin PIN for the first time. After the admin PIN is authenticated, this step is skipped for the rest of the session.

3. Enter the minimum PIN length, from 4 to 63 characters, and then select Submit.

   

4. Change the PIN, since the PIN length has changed, and then select Submit.

   This is mandatory if the PIN has already been set. Otherwise, you can change the PIN later.

   

Force PIN change

You can force users to change their PIN after their first use, as follows:

1. Open FIDO Key Manager.

2. Select Admin > Force PIN Change.

   

3. Provide the admin PIN and then select Submit.

   

4. Select the checkbox to force the PIN change and then select Submit.

   

After completing this procedure, the Force PIN change option is grayed-out and also unavailable from the Admin menu. Once checked, you cannot uncheck the Force PIN change checkbox. STA unchecks the checkbox only after the user changes their PIN.