How to delete a credential from a YubiKey

I have a YubiKey security key, which I'm using daily to logon to different Microsoft Portals (check https://msadmin.center) as an user or as an administrator. So I have several accounts on my YubiKey, for personal accounts and business accounts.

Today is my last day at a customer, so I want to delete the customer’s credentials (in the orange rectangle) from my YubiKey, without to delete all the other accounts that I still use. Yesterday, I asked at Twitter if someone knows how I can do this and Yubico reacted back that this can be done via the Yubico Manager CLI.

What do we need?

We need to download and install the Yubico Manager from their website at https://www.yubico.com/support/download/yubikey-manager/. With this software, the CLI is also installed. That’s what we need! Back to the command prompt! 😁

Requirements

Your YubiKey must have at least firmware 5.2.x. You can check this to open the YubiKey Manager app. If your YubiKey is lower than 5.2.x, then you can’t make use of this and you need to do a complete reset of your YubiKey.
Furthermore, we can use the documentation on https://docs.yubico.com/software/yubikey/tools/ykman/Using_the_ykman_CLI.html.

Let’s start!

1. After you have downloaded and installed the YubiKey Manager software, you must open a command prompt as an administrator, and you go to C:\Program Files\Yubico\YubiKey Manager.
2. Type ykman.exe fido credentials list and press Enter and your PIN to get a list of the credentials that are stored at your YubiKey.
3. If you know the credential ID, that you want to delete, type ykman.exe fido credentials delete [credential id] and press Enter, followed by the PIN.
4. You will get a conformation and press Y to delete the credential.
5. Type ykman.exe fido credentials list, to check if the credential has been deleted.

Result

The result is that the credential that you want to delete is now deleted and you will not see it again in the list as shown in figure 1.