Using the YubiKey Manager GUI

Important

End-of-Life (EOL) for the YubiKey Manager GUI was announced on February 19, 2025 and will commence on February 19, 2026. The YubiKey Manager GUI will not be supported by Yubico following the EOL date. For more details, see Yubico’s End-of-Life policy and the End-of-Life Products page.

For an alternative to the YubiKey Manager GUI, see the Yubico Authenticator application. Yubico Authenticator supports the latest YubiKey features and is available for desktop and mobile devices.

Launch YubiKey Manager GUI on Windows

Windows Launch using Graphical Interface

1. Open the Start menu panel, locate and click the YubiKey Manager GUI app.

2. Optionally, right-click the YubiKey Manager GUI icon and select, Pin to Start or Pin to taskbar.

   

Windows Launch using Windows Command Line

To launch from the command line 64 bit system:

C:\>"C:\Program Files\Yubico\YubiKey Manager\ykman-gui.exe"

To launch from the command line 32 bit system:

C:\>"C:\Program Files (x86)\Yubico\YubiKey Manager\ykman-gui.exe"

Debug Logging Mode

To launch ykman with debug logging enabled, add the following to the execution command:

--log-level DEBUG --log-file %USERPROFILE%\Desktop\ykman-log.txt

For example:

C:\>"C:\Program Files (x86)\Yubico\YubiKey Manager\ykman-gui.exe"
   --log-level DEBUG --log-file %USERPROFILE%\Desktop\
   ykman-log.txt

Launch YubiKey Manager GUI on MacOS

1. Open Launchpad, locate and click the YubiKey Manager GUI icon.

2. Optionally, right-click the YubiKey Manager GUI icon in the task bar and select Options > Keep in Dock.

   

YubiKey Manager GUI Version

To identify the version of the YubiKey Manager GUI on either Windows or MacOS:

1. Launch the YubiKey Manager GUI.

2. Click About in the upper right corner of the GUI. The version is displayed in a popup box.

   

View YubiKey Firmware Version

To identify the version of the YubiKey on either Windows or MacOS:

1. Launch the YubiKey Manager, GUI version.

2. At the YubiKey Manager GUI prompt, insert your YubiKey and touch.

   

   If your YubiKey is already connected, the YubiKey Manager GUI Home tab is displayed.

   Note that the tool only reads a single YubiKey at a time, so if you have multiple keys connected, it might not be evident which one YubiKey Manager GUI is identifying.

3. View the listed YubiKey firmware version.

   When your YubiKey credential is accepted YubiKey Manager GUI opens the Home tab and lists the accepted YubiKey firmware:

   • YubiKey series (e.g., YubiKey 5)
   • Firmware (e.g., 5.4.X)
   • Images of the various form factors within that series.
   

Managing Applications

YubiKey Manager GUI can be used to check which applications are enabled on which interface and to enable or disable each application on each physical interface.

View Available Interfaces

The Interfaces tab displays your key’s form factor (for example, USB), and the interfaces it has. Use the Interfaces tab to configure what is available on that key. For example, you can disable the interfaces/applications by deselecting the respective checkboxes.

View YubiKey Enabled Applications

1. Launch the YubiKey Manager, GUI version.

2. Insert the YubiKey whose applications you want to manage.

3. View available applications. Select the Applications tab.

   

Enable and Disable Applications

1. Launch the YubiKey Manager, GUI version.

2. Insert the YubiKey whose applications you want to manage.

3. View available applications. Select the Interfaces tab.

   A checkbox with a tick is shown next to each enabled applications.

4. Enable to disable applications for the YubiKey.

   1. Select the checkbox to enable an application.
   2. Unselect the checkbox to disable an application.
   3. Click Save Interfaces.
   

Note

For the YubiKey 5Ci, any modifications made to the applications over the USB interface also apply to the applications over Lightning®.

Locking

Once the desired applications have been selected, a lock code can be set to prevent changes to the set of enabled applications. This is done using the ykman CLI ykman config set-lock-code. The lock code is 16 bytes presented as 32 hex characters. For more information, see ykman config set-lock-code [OPTIONS].

Configure YubiKey Slot on YubiKey

1. Launch the YubiKey Manager, GUI version.

2. Insert the YubiKey whose applications you want to manage.

3. Select application to configure.

   1. Select the Applications tab.
   2. Select from the displayed list of applications.

4. Select the YubiKey slot to configure. Click the slot Configure button.

   

5. Complete the configuration options. These are specific to each application type.

Resetting FIDO2 Function

Resetting the key is not the same as unblocking it. Because resetting the FIDO2 function returns the key to its beginning state when it has no PIN, you must set a new PIN and enroll the key again after resetting it.

1. Remove your YubiKey if it is still connected to your machine, then launch ykman and insert your key.

   

2. Click on the word Applications at the top of that tab. A list of menu options appears. The specific options depend on the key.

   

3. Select FIDO2. The FIDO2 page appears.

   

4. Click the Reset FIDO button. The Reset FIDO confirmation popup appears.

   

5. Click Yes. Everything on the key is removed: the PIN (if set) is deleted. The Remove and re-insert your YubiKey! prompt appears.

   

6. Remove and re-insert your YubiKey. The Touch your YubiKey prompt appears, and the green LED flashes.

   

7. Touch your YubiKey. The message “FIDO applications have been reset” appears at the bottom of the Applications page.

8. Remove the key in preparation for re-enrolling it.

---

Click for Yubico Support.