YubiKey 5C NFC Help

WIN11User · Jul 8, 2025

Trying to setup a new YubiKey with Google and keep getting rejected with issues like,

A passkey can’t be created on this device

passkeys_scene_add_error_light_a0bd19faf8e692ef792b64c824471337.svg

Your device doesn’t support creating passkeys, but you can create a passkey on another device

It's like I can never get to the right place as I try to follow various instructions.

Ready to send these Keys back!

neemobeer · Jul 8, 2025

Do you have a pin setup on the key?

Any extensions that block scripts in your browser?

WIN11User · Jul 9, 2025

neemobeer said:
Do you have a pin setup on the key?

Any extensions that block scripts in your browser?

Pin is set using YubiKey Manager, no extensions that would interfere with browser.

I used this process on a desktop PC (Windows 11 Pro & Firefox 140.xx):
* In Firefox, browse to Sign in - Google Accounts

* In left-hand menu, click on "Security",
linked to Sign in - Google Accounts

* Click on "Passkeys and Security Keys",
linked to https://accounts.google.com/v3/signin/challenge/pwd

* Click "Create a passkey",
linked to Account settings: Your browser is not supported..

* This shows "A passkey can’t be created on this device"; click "Use another device"

What do they mean by "device?"

neemobeer · Jul 9, 2025

Try with Chrome or Edge and see if it works. "Device" generically refers to your computer, but is misleading that its the computer that doesn't support the creation. I'm fairly certain it's going to be a Firefox issue

WIN11User · Jul 9, 2025

neemobeer said:
Try with Chrome or Edge and see if it works. "Device" generically refers to your computer, but is misleading that its the computer that doesn't support the creation. I'm fairly certain it's going to be a Firefox issue

Thought maybe that was the issue also, but was not. Does the same thing on Chrome. Also though it might be the fact that I am running a portable version of the browser, but the full version does the same thing. I don't have or desire Edge. Tried with 2 YubiKeys.

Comport Colin · Jul 10, 2025

If someone tells me "you can create a passkey on another device" and there's a button "Use another device", guess what I would do?
Possibly, your yubikey is addressed than. Possibly, windows' first choice is a different device that you are not aware of - so simply try it out.

WIN11User · Jul 10, 2025

Comport Colin said:
If someone tells me "you can create a passkey on another device" and there's a button "Use another device", guess what I would do?
Possibly, your yubikey is addressed than. Possibly, windows' first choice is a different device that you are not aware of - so simply try it out.

Pressing "Use another device" prompts for a "PIN" and I never had a PIN for google anything. Not only that, but there is no place I can see to create or change a PIN. Attempting to setup YubiKey on an Android phone does nothing when clicking on "Create a passkey"
YubiKey teck support is essentially non-existent, no chat support or phone support, just never ending email.

neemobeer · Jul 10, 2025

Can you double check that your yubikey supports discoverable passkeys?

Also do you use this key a lot? Yubikeys only support about 25 discoverable creds.

I might also suggest looking at event log. I don't recall the exact log name could be CTAP, WebAuthn or even filled under Windows Hello

WIN11User · Jul 10, 2025

neemobeer said:
Can you double check that your yubikey supports discoverable passkeys?

Also do you use this key a lot? Yubikeys only support about 25 discoverable creds.

I might also suggest looking at event log. I don't recall the exact log name could be CTAP, WebAuthn or even filled under Windows Hello

The YubiKey 5C NFC does not natively support discoverable passkeys as defined by the WebAuthn (Web Authentication) standard.

Discoverable passkeys are a feature of FIDO2 (which is part of the WebAuthn standard) that allows for a passwordless login experience where the authentication credential (the passkey) can be automatically discovered by the authenticating device (such as a browser or application).

I do not use the key a lot as I have as yet been able to set the key(s) up. They are brand new.

Comport Colin · Monday at 7:05 AM

@WIN11User - is that from chatGPT, or who says "the YubiKey 5C NFC does not natively support discoverable passkeys as defined by the WebAuthn (Web Authentication) standard."? I have used passkeys on yubikey 5 NFC, and was under the impression that means, they are discoverable.

"Pressing "Use another device" prompts for a "PIN" and I never had a PIN for google anything" - use the yubikey manager to set PINs, probably you'll discover that one has been set up and if you don't know it, reset it using the PUK or reset your yubikey altogether if no other keys are on it.

WIN11User · Monday at 9:06 AM

Comport Colin said:
@WIN11User - is that from chatGPT, or who says "the YubiKey 5C NFC does not natively support discoverable passkeys as defined by the WebAuthn (Web Authentication) standard."? I have used passkeys on yubikey 5 NFC, and was under the impression that means, they are discoverable.

"Pressing "Use another device" prompts for a "PIN" and I never had a PIN for google anything" - use the yubikey manager to set PINs, probably you'll discover that one has been set up and if you don't know it, reset it using the PUK or reset your yubikey altogether if no other keys are on it.

regardless, I have decided to return the YubiKeys. They do not offer that much more protection than using programs such as KeePassXC and a KEYFILE all stored by me (as opposed to stored in the cloud by hack-able or breached sites. I can insert a USB with my KEYFILE when I need to open KeePassXC and KeePassXC-Browser.

I'm sure there will be rebuttable regarding my claim, so have-at-it!

neemobeer · Monday at 9:18 AM

In very simple terms.
Passkeys are a lot more secure than any password since the private keys used to generate authentication material never leave the authenticator device and therefore are very phish resistant.

Discoverable passkeys: When the term discoverable is used it means the passkey process can discover the passkey and authenticate a user without having to enter a username. Typically only user verification happens with a strong authentication form such as pin or biometrics.

If you have to enter your user identity (email, username) then it's not a discoverable passkey but rather a server-side passkey

YubiKey 5C NFC Help

Well-known member

A passkey can’t be created on this device​

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Well-known member

My Computer

Similar threads

A passkey can’t be created on this device