GetPinRetriesCommand Class
Namespace: Yubico.YubiKey.Fido2.Commands Assembly: Yubico.YubiKey.dllGets the number of PIN retries remaining for FIDO2.
public class GetPinRetriesCommand : IYubiKeyCommand<GetPinRetriesResponse>Implements
Remarks
When verifying a FIDO2 PIN, it is possible that the user will incorrectly type it in and it will fail. Fail enough times in a row, and the YubiKey may block further authentication attempts. Once this has happened, the YubiKey FIDO application must be reset - resulting in the loss of all FIDO credentials.
While this may seem catastrophic, it is actually a valuable protection mechanism against attackers guessing at the YubiKey's PIN. The range of possible PINs far exceeds the limited number of guesses available to the user. By locking out the FIDO application, an attacker is denied the opportunity of unlimited guessing.
For non-malicious cases, where a user simply mistyped their PIN, the user will likely never exhaust the number of allowed retries. This is because the retry counter is reset to the configured number of retries once a valid PIN has been entered. For example: If the retry counter started with 8 retries and you enter in 4 false guesses, the retry counter will be reset to 8 if you enter the correct PIN on the 5th retry.
The number of allowable retries is configurable, and may differ between YubiKeys. By default, it is set to 8 retries. This command will return the current number of remaining retries for this particular YubiKey. Use the value returned by this command's partner response class instead of making any assumptions as to the number of retries remaining.
Constructors
| Name | Description |
|---|---|
| GetPinRetriesCommand() | Constructs a new instance of GetPinRetriesCommand. |
Properties
| Name | Description |
|---|---|
| Application | Gets the YubiKeyApplication (e.g. PIV, OATH, etc.) to which this command applies. |
Methods
| Name | Description |
|---|---|
| CreateCommandApdu() | Creates a well-formed CommandApdu to send to the YubiKey. |
| CreateResponseForApdu(ResponseApdu) | Creates the corresponding IYubiKeyResponse implementation for the current command. |