Troubleshoot FIDO security keys
Use the information here to help you diagnose common issues that you might encounter when working with FIDO2 security keys.
Topics
I can't enable my FIDO security key
Consult the following solutions depending on your status as an IAM user or system administrator
IAM users
If you can't enable your FIDO security key, check the following:
-
Are you using a supported configuration?
For information on devices and browsers you can use with WebAuthn and AWS, see Supported configurations for using passkeys and security keys.
-
Are you using Mozilla Firefox?
Current Firefox versions support WebAuthn by default. To enable support for WebAuthn in Firefox, do the following:
-
From the Firefox address bar, type
about:config
. -
In the Search bar of the screen that opens, type
webauthn
. -
Choose security.webauth.webauthn and change its value to true.
-
-
Are you using any browser plugins?
AWS does not support the use of plugins to add WebAuthn browser support. Instead, use a browser that offers native support of the WebAuthn standard.
Even if you're using a supported browser, you may have a plugin that is incompatible with WebAuthn. An incompatible plugin may prevent you from enabling and using your FIDO-compliant security key. Disable any plugins that might be incompatible and restart your browser. Then, retry enabling the FIDO security key.
-
Do you have the appropriate permissions?
If you don't have any of the above compatibility issues, you may not have the appropriate permissions. Contact your system administrator.
System administrators
If your IAM users can't enable their FIDO security keys despite using a supported configuration, check their permissions. For a detailed example, see IAM tutorial: Permit users to manage their credentials and MFA settings.
I can't sign in using my FIDO security key
If you can't sign in to the AWS Management Console using your FIDO security key, first see Supported configurations for using passkeys and security keys. If you're using a supported configuration but cannot sign in, contact your system administrator for assistance.
I lost or broke my FIDO security key
Up to eight MFA devices of any combination of the currently supported MFA types
Other issues
If you have an issue with FIDO security keys that is not covered here, do one of the following:
-
IAM users: Contact your system administrator.
-
AWS account root users: Contact AWS Support
.