I can set a FIDO PIN by running ykman fido access change-pin. I can later change the PIN by running the same command again. But there is no way to remove the PIN again.
As far as I understand, this is a limitation of the CTAP protocol. Still, ykman should document that limitation. Specifically, it should:
Warn users that this action cannot be undone
Explain what exactly will happen, so users can make an informed decision if they want to do it anyway
Provide recovery options, e.g. explain how to use ykman fido reset and what other effects it has
I can set a FIDO PIN by running
ykman fido access change-pin. I can later change the PIN by running the same command again. But there is no way to remove the PIN again.As far as I understand, this is a limitation of the CTAP protocol. Still, ykman should document that limitation. Specifically, it should:
ykman fido resetand what other effects it has