With passkeys becoming more prevalent, and with the ability to store passkeys on hardware security keys (e.g., YubiKeys) for passwordless login, it is imperative to set a strong FIDO2 PIN on your security keys.
Otherwise, someone who has stolen or found one of your security keys may be able to brute-force guess the PIN, which would reveal information about what accounts can be accessed with the key (see screenshot below):
Thus, if you are using a security key for passwordless login, the FIDO2 PIN should be random (not something guessable, like 123456 or a phone number, birthdate, etc.). Please note that PINs used for FIDO2 can be up to 63 characters long, and may contain both letters and numbers.
The good news is that (at least on a YubiKey) an attacker only has 8 guesses before the key’s FIDO2 function is blocked (and resetting the FIDO2 protocol to unblock its use results in all stored passkeys being wiped from the key).
You can therefore choose your PIN entropy based on what odds you wish to give to an attacker who is attempting to guess your PIN. Specifically, to make the probability of success no greater than P, the PIN entropy E should be:
E ≥ 3 - (log P)/(log 2)
The table below shows how long your random PIN should be to limit the attacker’s probability of success to some value P, based on what character set is used:
| P | E | Numeric | Alpha* | Alphanumeric** |
|---|---|---|---|---|
| 10–3 | 13.0 bits | 4 | 3† | 3† |
| 10–4 | 16.3 bits | 5 | 4 | 3† |
| 10–6 | 22.9 bits | 7 | 5 | 4 |
| 10–9 | 32.9 bits | 10 | 7 | 6 |
| 10–12 | 42.9 bits | 13 | 10 | 8 |
*The “Alpha” column assumes letters of the same case (e.g., all lowercase).
**The “Alphanumeric” column assumes numbers and mixed-case letters (there was no significant improvement for going from single-case alphabetic to single-case alphanumeric PINs).
†Because the minimum PIN length is 4 characters, these 3-character random PINs would have to be padded by adding a non-random character.