FIDO2 Access Key

Brave integrates management of FIDO2 access keys (e.g. Yubikey). Simply go to the parameters at brave://settings/securityKeys

You can reset the key, set or change the key PIN, manage passkeys and fingerprints.

However, it lacks the ability to force or unforce user verification by PIN entry, a function that enhances security.

This function is included in the libfido2 library and is available on the command line in the fido2-token command-line utility, which enables this forcing/unforcing to be carried out via the command :

fido2-token -S -u device

Enables the CTAP 2.1 “user verification always” feature on device.

fido2-token -D -u device

Disables the CTAP 2.1 “user verification always” feature on device.

That’s all Brave needs to manage all access key functionalities.