{"id":268776,"date":"2023-08-29T14:26:34","date_gmt":"2023-08-29T11:26:34","guid":{"rendered":"https:\/\/shop.thekernel.ua\/yubikey-smart-card-mode-on-macos-convenient-authentication-for-developers"},"modified":"2023-08-30T17:17:48","modified_gmt":"2023-08-30T14:17:48","slug":"yubikey-smart-card-mode-on-macos-convenient-authentication-for-developers","status":"publish","type":"post","link":"https:\/\/shop.thekernel.ua\/en\/yubikey-smart-card-mode-on-macos-convenient-authentication-for-developers","title":{"rendered":"YubiKey Smart Card Mode on macOS \u2013 convenient authentication for developers"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;4.21.0&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_row _builder_version=&#8221;4.21.0&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.21.0&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; global_colors_info=&#8221;{}&#8221;]<span style=\"font-weight: 400;\">Smart cards have been very popular for many years as a reliable means of identification, authentication, and authorization in businesses and educational institutions. They come in a variety of form factors: from a SIM card on a phone to a plastic card. However, if you use a smart card in the form of a credit card, you will need a special reader, i.e. additional equipment. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">For developers who only need access to a macOS account, this is inconvenient, so it&#8217;s an unnecessary purchase for IT enterprises. And they won&#8217;t be necessary if you simply purchase YubiKey security keys that support <\/span><a href=\"https:\/\/shop.thekernel.ua\/en\/yubikey-smart-card-mode-without-additional-equipment\"><span style=\"font-weight: 400;\">smart card mode<\/span><\/a><span style=\"font-weight: 400;\">.<\/span> <\/p>\n<p><span style=\"font-weight: 400;\">Let&#8217;s have a look at how YubiKeys work in smart card mode on macOS and how to set them up.<\/span><\/p>\n<p><b>Plan of the article:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#symisni\"><span style=\"font-weight: 400;\">MacOS-compatible security keys<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#vimogi\"><span style=\"font-weight: 400;\">YubiKey PIV connection requirements<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#nalashtuvannya1\"><span style=\"font-weight: 400;\">Setting up the YubiKey PIV<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#nalashtuvannya2\"><span style=\"font-weight: 400;\">Set up a YubiKey to log in to your account<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#yakskinuti\"><span style=\"font-weight: 400;\">How to reset and disconnect your YubiKey<\/span><\/a><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"#ysynennya\"><span style=\"font-weight: 400;\">Troubleshooting and other issues<\/span><\/a><\/li>\n<\/ul>\n<h2 id=\"symisni\"><b>MacOS-compatible security keys<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Some YubiKey series have a PIV (personal identity verification) smart card function and support the CCID (integrated circuit card interface device) protocol. That is, they can identify a person and do not require additional reading equipment, just USB or lightning. More information is provided in the article: \u201c<\/span><a href=\"https:\/\/shop.thekernel.ua\/en\/yubikey-smart-card-mode-without-additional-equipment\"><span style=\"font-weight: 400;\">YubiKey smart card mode without additional hardware<\/span><\/a><span style=\"font-weight: 400;\">\u201d.<\/span> <\/p>\n<p><span style=\"font-weight: 400;\">The table below shows the series of smart card keys with different form factors. <\/span><br \/>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=&#8221;1_2,1_2&#8243; use_custom_gutter=&#8221;on&#8221; gutter_width=&#8221;2&#8243; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;1_2&#8243; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; background_color=&#8221;#e8e8e8&#8243; custom_padding=&#8221;2%||1%||false|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h3 style=\"text-align: center;\"><b>YubiKey 5 series keys<\/b><\/h3>\n<p>[\/et_pb_text][et_pb_image src=&#8221;https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2023\/08\/YubiKey5.png&#8221; alt=&#8221;yubikey5&#8243; title_text=&#8221;yubikey5&#8243; align=&#8221;center&#8221; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; width=&#8221;18%&#8221; max_width=&#8221;18%&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; custom_padding=&#8221;||||false|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/shop.thekernel.ua\/en\/shop\/yubikey-5-nfc\"><span style=\"font-weight: 400;\">YubiKey 5 NFC<\/span><\/a><\/p>\n<p>[\/et_pb_text][et_pb_image src=&#8221;https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2020\/09\/YubiKey-5C-NFC-1.png&#8221; alt=&#8221;yubikey5&#8243; title_text=&#8221;YubiKey 5C NFC 1&#8243; align=&#8221;center&#8221; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; width=&#8221;18%&#8221; max_width=&#8221;18%&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; custom_padding=&#8221;||||false|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/shop.thekernel.ua\/en\/shop\/yubikey-5c\"><span style=\"font-weight: 400;\">YubiKey 5C<\/span><\/a><\/p>\n<p>[\/et_pb_text][et_pb_image src=&#8221;https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2019\/04\/YubiKey-5C.png&#8221; alt=&#8221;YubiKey 5C&#8221; title_text=&#8221;YubiKey 5C&#8221; align=&#8221;center&#8221; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; width=&#8221;18%&#8221; max_width=&#8221;18%&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; width=&#8221;100%&#8221; module_alignment=&#8221;left&#8221; custom_padding=&#8221;||1%||false|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/shop.thekernel.ua\/en\/shop\/yubikey-5c-nfc\"><span style=\"font-weight: 400;\">YubiKey 5C NFC<\/span><\/a><\/p>\n<p>[\/et_pb_text][et_pb_image src=&#8221;https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2019\/09\/yubikey-5ci-500&#215;500.png&#8221; alt=&#8221;yubikey5&#8243; title_text=&#8221;yubikey-5ci-500&#215;500&#8243; align=&#8221;center&#8221; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; width=&#8221;18%&#8221; max_width=&#8221;18%&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; custom_padding=&#8221;||1%||false|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/shop.thekernel.ua\/en\/shop\/yubikey-5ci\"><span style=\"font-weight: 400;\">YubiKey 5Ci<\/span><\/a><\/p>\n<p>[\/et_pb_text][et_pb_image src=&#8221;https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2019\/04\/YubiKey-5-Nano.png&#8221; alt=&#8221;YubiKey 5 Nano&#8221; title_text=&#8221;YubiKey 5 Nano&#8221; align=&#8221;center&#8221; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; width=&#8221;18%&#8221; max_width=&#8221;18%&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; custom_padding=&#8221;||||false|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/shop.thekernel.ua\/en\/shop\/yubikey-5-nano-2\"><span style=\"font-weight: 400;\">YubiKey 5 nano<\/span><\/a><\/p>\n<p>[\/et_pb_text][et_pb_image src=&#8221;https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2019\/04\/YubiKey-5C-Nano.png&#8221; alt=&#8221;YubiKey 5C Nano&#8221; title_text=&#8221;YubiKey 5C Nano&#8221; align=&#8221;center&#8221; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; width=&#8221;18%&#8221; max_width=&#8221;18%&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/shop.thekernel.ua\/en\/shop\/yubikey-5c-nano-2\"><span style=\"font-weight: 400;\">YubiKey 5C nano<\/span><\/a><\/p>\n<p>[\/et_pb_text][\/et_pb_column][et_pb_column type=&#8221;1_2&#8243; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; background_color=&#8221;#e8e8e8&#8243; custom_padding=&#8221;2%||2%||true|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h3 style=\"text-align: center;\"><b>YubiKey FIPS series keys<\/b><\/h3>\n<p>[\/et_pb_text][et_pb_image src=&#8221;https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2023\/08\/YubiKey5.png&#8221; alt=&#8221;yubikey5&#8243; title_text=&#8221;yubikey5&#8243; align=&#8221;center&#8221; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; width=&#8221;18%&#8221; max_width=&#8221;18%&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; custom_padding=&#8221;||||false|false&#8221; hover_enabled=&#8221;0&#8243; global_colors_info=&#8221;{}&#8221; sticky_enabled=&#8221;0&#8243;]<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/shop.thekernel.ua\/en\/shop\/yubikey-fips\"><span style=\"font-weight: 400;\">YubiKey 5 NFC FIPS<\/span><\/a><\/p>\n<p>[\/et_pb_text][et_pb_image src=&#8221;https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2020\/09\/YubiKey-5C-NFC-1.png&#8221; alt=&#8221;yubikey5&#8243; title_text=&#8221;YubiKey 5C NFC 1&#8243; align=&#8221;center&#8221; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; width=&#8221;18%&#8221; max_width=&#8221;18%&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; custom_padding=&#8221;||||false|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/shop.thekernel.ua\/en\/shop\/yubikey-5c-nfc-fips\"><span style=\"font-weight: 400;\">YubiKey 5C NFC FIPS<\/span><\/a><\/p>\n<p>[\/et_pb_text][et_pb_image src=&#8221;https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2019\/04\/YubiKey-5C.png&#8221; alt=&#8221;YubiKey 5C&#8221; title_text=&#8221;YubiKey 5C&#8221; align=&#8221;center&#8221; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; width=&#8221;18%&#8221; max_width=&#8221;18%&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; custom_padding=&#8221;||||true|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/shop.thekernel.ua\/shop\/yubikey-c-fips-2-2\"><span style=\"font-weight: 400;\">YubiKey 5C FIPS<\/span><\/a><\/p>\n<p>[\/et_pb_text][et_pb_image src=&#8221;https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2022\/12\/YubiKey-5Ci-FIPS.png&#8221; alt=&#8221;yubikey 5ci fips&#8221; title_text=&#8221;yubikey 5ci fips&#8221; align=&#8221;center&#8221; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; width=&#8221;18%&#8221; max_width=&#8221;18%&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; custom_padding=&#8221;||||false|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/shop.thekernel.ua\/en\/shop\/yubikey-5ci-fips\"><span style=\"font-weight: 400;\">YubiKey 5Ci FIPS<\/span><\/a><\/p>\n<p>[\/et_pb_text][et_pb_image src=&#8221;https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2019\/05\/yubikey-fips-1.png&#8221; alt=&#8221;YubiKey 5C&#8221; title_text=&#8221;YubiKey Nano FIPS&#8221; align=&#8221;center&#8221; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; width=&#8221;18%&#8221; max_width=&#8221;19%&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; custom_padding=&#8221;||||false|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/shop.thekernel.ua\/en\/shop\/yubikey-nano-fips-2\"><span style=\"font-weight: 400;\">YubiKey 5 nano FIPS<\/span><\/a><\/p>\n<p>[\/et_pb_text][et_pb_image src=&#8221;https:\/\/shop.thekernel.ua\/wp-content\/uploads\/2022\/12\/YubiKey-5C-Nano-FIPS.png&#8221; alt=&#8221;yubikey 5c nano fips&#8221; title_text=&#8221;yubikey 5c nano fips&#8221; align=&#8221;center&#8221; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; width=&#8221;18%&#8221; max_width=&#8221;18%&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_image][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; custom_padding=&#8221;||||false|false&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<p style=\"text-align: center;\"><a href=\"https:\/\/shop.thekernel.ua\/en\/shop\/yubikey-c-nano-fips\"><span style=\"font-weight: 400;\">YubiKey 5C nano FIPS<\/span><\/a><\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text _builder_version=&#8221;4.22.1&#8243; _module_preset=&#8221;default&#8221; text_font_size=&#8221;16px&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h2 id=\"vimogi\"><b>YubiKey PIV connection requirements<\/b><\/h2>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Version of macOS High Sierra (10.13) or later. <\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Access to the administrator account.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><a href=\"https:\/\/shop.thekernel.ua\/en\/yubikey-manager\"><span style=\"font-weight: 400;\">YubiKey Manager<\/span><\/a> <span style=\"font-weight: 400;\">application<\/span><span style=\"font-weight: 400;\">,<\/span> <a href=\"https:\/\/developers.yubico.com\/yubikey-manager-qt\/Releases\/yubikey-manager-qt-latest-mac.pkg\"><span style=\"font-weight: 400;\">version for macOS<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<\/ul>\n<p><b>Note.<\/b> <span style=\"font-weight: 400;\">Users with Apple Silicon processors are advised to read<\/span> <a href=\"#potribna\"><span style=\"font-weight: 400;\">this section beforehand<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/p>\n<h2 id=\"nalashtuvannya1\"><b>Setting up the YubiKey PIV<\/b><\/h2>\n<h3><b>Standard settings<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">YubiKey PIV has standard settings:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>PIN code<\/strong>: 123456 (6-8 characters allowed, macOS requires only a number).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>PUK<\/strong>: 12345678 (6-8 characters allowed).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\"><strong>Control key<\/strong>: 010203040506070801020304050607080102030405060708.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">If you need to reset the settings to the default, use the YubiKey Manager:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Connect the YubiKey to your computer.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Open the YubiKey Manager app.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Find the tab: \u201cApplications\u201d.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Select: \u201cPIV\u201d.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click: \u201cReset PIV\u201d.<\/span><\/li>\n<\/ul>\n<h3><b>How to set a new PIN, PUK and control key<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Insert the YubiKey.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Log in to the YubiKey Manager app and follow the link \u201cApps\u201d -&gt; \u201cPIV\u201d.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Select the \u201cSet up PINs\u201d function.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click on the \u201cChange PIN\u201d button.<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Enter the current code that was set by the manufacturer, or select the \u201cPrevious option\u201d function.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Enter a new PIN \u2013 it must be a 6- to 8-digit string of numbers because macOS doesn&#8217;t accept other characters for the code.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Confirm your new PIN and remember it or keep it in a safe place.<\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click the button \u201cChange PIN code of smart card connection\u201d.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">You can also change the PUK (or Control Key) in the same way by selecting the \u201cChange PUK\u201d (or \u201cChange Control Key\u201d) function in the \u201cSet up PIN\u201d section.<\/span><\/p>\n<h2 id=\"nalashtuvannya2\"><b>Set up a YubiKey to log in to your account<\/b><\/h2>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Open the Applications page in the YubiKey Manager app and select the PIV section.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click the \u201cSettings for macOS\u201d link.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Next, if you changed the standard PIN code, PUK or control key, enter it when prompted by the server and click the \u201cOK\u201d button.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Remove the YubiKey and plug it back into the USB port.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">When prompted to \u201cPair with macOS smart card,\u201d click the \u201cPair\u201d button.<\/span> <i><span style=\"font-weight: 400;\">If you don&#8217;t see this prompt, go to the<\/span><\/i> <span style=\"font-weight: 400;\">\u201c<\/span><a href=\"#ysynennya\"><i><span style=\"font-weight: 400;\">Troubleshooting<\/span><\/i><\/a><span style=\"font-weight: 400;\">\u201d<\/span> <i><span style=\"font-weight: 400;\">section to try to resolve the issue.<\/span><\/i><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">After that, enter your account password and click the \u201cPair\u201d button again. <\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Next, in the \u201cSmart card connection\u201d window, enter your configured PIN code and click \u201cOK\u201d.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Then, when prompted by the system, enter the password from the account and click &#8220;OK&#8221;.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Try checking the configuration by pressing <b>Ctrl+Command+Q<\/b> \u2013 this command will lock the computer. Now try to unlock it with the YubiKey \u2013 insert the security key and enter the PIN.<\/span><\/p>\n<h2 id=\"yakskinuti\"><b>How to reset and disconnect your YubiKey<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Sometimes you may need to remove the YubiKey from your computer. Follow the instructions below to avoid being blocked from logging in. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">First, you need to remove the system requirement for using a smart card, if it has been configured. Because if you remove the YubiKey first, access to the system will be blocked. You can then choose to remove all certificates that were installed when you used YubiKey on your macOS device, or just the certificates you need to sign in.<\/span><\/p>\n<h3><b>How to remove the system requirement for using a smart card on macOS<\/b><\/h3>\n<h4><b>Remove a single YubiKey or smart card<\/b><\/h4>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Open the terminal and enter the request: <\/span><span style=\"font-weight: 400;\"><code>sc_auth list [username]<\/code><\/span><span style=\"font-weight: 400;\">where instead of <\/span><span style=\"font-weight: 400;\"><code>[username]<\/code><\/span><span style=\"font-weight: 400;\">you need to add a username. <\/span> <\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Copy the hash corresponding to your user. <\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Run the command: <\/span><span style=\"font-weight: 400;\"><code>sc_auth unpair -h [hash]<\/code><\/span><\/li>\n<\/ul>\n<h4><b>Delete all keys or smart cards belonging to the same user<\/b><\/h4>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Open the terminal.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enter your request: <\/span><span style=\"font-weight: 400;\"><code>sc_auth unpair -u [username]<\/code><\/span><\/li>\n<\/ul>\n<h4><b>Delete all keys or smart cards of the currently logged-in user<\/b><\/h4>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Open the terminal.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enter your request: <\/span><span style=\"font-weight: 400;\"><code>sc_auth unpair -u $(whoami)<\/code><\/span><\/li>\n<\/ul>\n<h4><b>Disable the pairing interface on macOS<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">If you don&#8217;t want macOS to prompt you to add your YubiKey to your system record when you sign in to various apps and services with your hardware device, use the following settings:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Open the terminal.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enter your request: <\/span><span style=\"font-weight: 400;\"><code>sc_auth pairing_ui -s disable<\/code><\/span><span style=\"font-weight: 400;\"> <\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">If you want to revert to the previous settings, use the command: <\/span><span style=\"font-weight: 400;\"><code>sc_auth pairing_ui -s enable<\/code><\/span><\/p>\n<h3><b>How to remove certificates from YubiKey<\/b><\/h3>\n<h4><b>Delete all certificates<\/b><\/h4>\n<p><span style=\"font-weight: 400;\">Deleting all certificates results in a reset to the original settings. So the actions will be appropriate:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the YubiKey Manager interface, select the tab: \u201cApplications\u201d.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Select: \u201cPIV\u201d.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click: \u201cReset PIV\u201d.<\/span><\/li>\n<\/ul>\n<h4><b>Remove only the certificates that are used to log in to macOS<\/b><\/h4>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the YubiKey Manager app, tap Apps\u2013 &gt; \u00abPIV\u00bb.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Next, click the Configure certificates button.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Authentication tab, click Delete.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Confirm the action by clicking \u201cYes\u201d.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If you are prompted for a PIN, enter the PIN and click \u201cOK\u201d. If you are prompted to enter a control key, enter it and click \u201cOK\u201d.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Now go to the \u201cKey Management\u201d tab and repeat the same steps.<\/span><\/li>\n<\/ul>\n<h2 id=\"ysynennya\"><b>Troubleshooting and other issues<\/b><\/h2>\n<h3><b>\u201cPair with a macOS smart card\u201d prompt does not appear<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">If you don&#8217;t see the \u201cPair with macOS Smart Card\u201d prompt when you&#8217;re setting up a macOS system account sign-in, the pairing interface might be disabled. Try the following steps to resolve this issue: <\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Open the terminal.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enter the command: <\/span><span style=\"font-weight: 400;\"><code>sc_auth pairing_ui -s enable<\/code><\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Check the user status by running: <\/span><span style=\"font-weight: 400;\"><code>sc_auth pairing_ui -s status<\/code><\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The interface should be enabled, so try resetting your YubiKey.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">If the previous steps did not lead to the desired result, try other options:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Run the command: <\/span><span style=\"font-weight: 400;\"><code>sc_auth pairing_ui -f<\/code><\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If this step doesn&#8217;t help either, type it into the terminal: <\/span><span style=\"font-weight: 400;\"><code>sc_auth identities<\/code><\/span><span style=\"font-weight: 400;\">, to see if your system detects paired smart cards at all. <\/span> <\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If it does, you should get something like this answer: <\/span><\/li>\n<\/ul>\n<table>\n<tbody>\n<tr>\n<td><span style=\"font-weight: 400;\"><code>SmartCard:com.apple.pivtoken:2D2248DE2F337A1F99C34BE4DCF44B61 Unpaired identities: A205691C39CBE2FF81F72070C8FEE6B27DF4E527    Certificate For PIV Authentication (Yubico PIV Authentication)<\/code><\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In this case, you can replace the hash (i.e. this line from the example: <\/span><span style=\"font-weight: 400;\"><code>A205691C39CBE2FF81F72070C8FEE6B27DF4E527)<\/code><\/span><span style=\"font-weight: 400;\">to the line responsible for displaying indicators: <\/span> <span style=\"font-weight: 400;\"><code>sudo sc_auth pair -h &lt;hash &gt; -u $(whoami)<\/code><\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If you have not received a response to your request <\/span><span style=\"font-weight: 400;\"><code>sc_auth pairing_ui -f<\/code><\/span><span style=\"font-weight: 400;\">, you will have to reset the smart card program on the YubiKey. To do this, enter the command in the terminal: <\/span><span style=\"font-weight: 400;\"><code>ykman piv reset<\/code>.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">When you receive a prompt from the system, click <\/span><b>Y<\/b><span style=\"font-weight: 400;\">, and then <\/span><b>Enter<\/b><span style=\"font-weight: 400;\">, to confirm it.<\/span><\/li>\n<\/ul>\n<h3 id=\"potribna\"><b>YubiKey smart card required<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Users with Apple Silicon processors should be careful and careful when setting up authentication with the YubiKey, as there is a risk of locking the system. This is because unlike Intel processors, Apple Silicon&#8217;s Macs require a smart card to unlock FileVault, a fully integrated disk encryption solution. In this scenario, only the last used smart card will work to unlock the system. This can cause the spare key to not work, and the smart card requirement can lead to a lockout if done incorrectly. Therefore, before making changes to the configuration, you should first carefully read the instructions from Apple (<\/span><a href=\"https:\/\/support.apple.com\/en-us\/HT208372\"><span style=\"font-weight: 400;\">instruction 1<\/span><\/a><span style=\"font-weight: 400;\">, <\/span><a href=\"https:\/\/support.apple.com\/guide\/deployment\/configure-macos-smart-cardonly-authentication-depfce8de48b\/1\/web\/1.0\"><span style=\"font-weight: 400;\">instruction 2<\/span><\/a><span style=\"font-weight: 400;\">). <\/span> <\/p>\n<h3><b>Multiple YubiKeys and macOS computers<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">You can use one smart card for several computers. To do this, insert the key into each of the macOS and follow the steps described in the section <\/span><a href=\"#nalashtuvannya2\"><span style=\"font-weight: 400;\">YubiKey settings<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">You can also connect multiple keys to one macOS. To do this, go through the setup procedure with each YubiKey security key. You will now be able to use any of these keys to log in to a single system account. Login is by PIN code. You can optionally set the same PIN code for all keys or, vice versa, use different codes.<\/span><\/li>\n<\/ul>\n<p><b>Note.<\/b><span style=\"font-weight: 400;\"> One key can only be associated with one specific user account.<\/span><\/p>\n<h3><b>Lost or stolen YubiKey<\/b><\/h3>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If you set up your smart card for passwordless sign-in using <\/span><a href=\"https:\/\/support.apple.com\/en-us\/HT208372\"><span style=\"font-weight: 400;\">Apple&#8217;s instructions<\/span><\/a><span style=\"font-weight: 400;\">, look for the \u201cTurn off smart card-only authentication\u201d section in the instructions and use it to disable the system&#8217;s requirement.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If you have not configured the previous feature, you can log in with your password (or a spare key), then reset and disconnect the YubiKey according to <\/span><a href=\"#nalashtuvannya2\"><span style=\"font-weight: 400;\">as described above<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<\/ul>\n<hr>\n<p>We&#8217;ve covered how to set up YubiKey on macOS. We would like to remind you to have spare keys to your accounts just in case. They don&#8217;t have to be the same form factor for you to connect them. The main thing is that they are compatible with your device and have the appropriate protocols. To quickly and easily find a YubiKey primary or secondary key for yourself, <a href=\"https:\/\/shop.thekernel.ua\/en\/find-the-right-yubikey\"><span style=\"font-weight: 400;\">follow the link<\/span><\/a> <span style=\"font-weight: 400;\">or click the button below.<\/span>[\/et_pb_text][et_pb_button button_url=&#8221;https:\/\/shop.thekernel.ua\/en\/find-the-right-yubikey&#8221; button_text=&#8221;Pick up the YubiKey&#8221; button_alignment=&#8221;center&#8221; _builder_version=&#8221;4.21.2&#8243; _module_preset=&#8221;default&#8221; custom_button=&#8221;on&#8221; button_text_size=&#8221;16px&#8221; button_bg_use_color_gradient=&#8221;on&#8221; button_border_width=&#8221;4px&#8221; button_border_radius=&#8221;83px&#8221; button_letter_spacing=&#8221;1px&#8221; custom_padding=&#8221;1%|3%|1%|3%|true|true&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_button][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;4.21.0&#8243; _module_preset=&#8221;default&#8221; background_color=&#8221;RGBA(255,255,255,0)&#8221; use_background_color_gradient=&#8221;on&#8221; background_enable_mask_style=&#8221;on&#8221; background_mask_style=&#8221;honeycomb&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;4.21.0&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][et_pb_text _builder_version=&#8221;4.21.0&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;]<\/p>\n<h2 style=\"text-align: center;\">Similar materials in the Knowledge Base<\/h2>\n<p>[\/et_pb_text][et_pb_blog fullwidth=&#8221;off&#8221; posts_number=&#8221;3&#8243; include_categories=&#8221;399&#8243; _builder_version=&#8221;4.21.0&#8243; _module_preset=&#8221;default&#8221; global_colors_info=&#8221;{}&#8221;][\/et_pb_blog][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Smart cards have been very popular for many years as a reliable means of identification, authentication, and authorization in businesses and educational institutions. They come in a variety of form factors: from a SIM card on a phone to a plastic card. However, if you use a smart card in the form of a credit [&hellip;]<\/p>\n","protected":false},"author":55,"featured_media":268780,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_seopress_robots_primary_cat":"none","_seopress_titles_title":"YubiKey smart card mode on macOS ","_seopress_titles_desc":"Let's have a look at how YubiKeys work in smart card mode on macOS and how to set them up.\n","_seopress_robots_index":"","_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[439],"tags":[],"class_list":["post-268776","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-settings-en"],"acf":[],"_links":{"self":[{"href":"https:\/\/shop.thekernel.ua\/en\/wp-json\/wp\/v2\/posts\/268776","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/shop.thekernel.ua\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/shop.thekernel.ua\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/shop.thekernel.ua\/en\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/shop.thekernel.ua\/en\/wp-json\/wp\/v2\/comments?post=268776"}],"version-history":[{"count":7,"href":"https:\/\/shop.thekernel.ua\/en\/wp-json\/wp\/v2\/posts\/268776\/revisions"}],"predecessor-version":[{"id":268993,"href":"https:\/\/shop.thekernel.ua\/en\/wp-json\/wp\/v2\/posts\/268776\/revisions\/268993"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/shop.thekernel.ua\/en\/wp-json\/wp\/v2\/media\/268780"}],"wp:attachment":[{"href":"https:\/\/shop.thekernel.ua\/en\/wp-json\/wp\/v2\/media?parent=268776"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/shop.thekernel.ua\/en\/wp-json\/wp\/v2\/categories?post=268776"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/shop.thekernel.ua\/en\/wp-json\/wp\/v2\/tags?post=268776"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}