Troubleshooting
MFA Hardware Key (YubiKey, etc.) Not Detected on Mac? Try These Fixes
YubiKey or other MFA hardware key not detected on Mac? Walk through the fixes — USB issues, browser permissions, and driver checks — to get it working.
You plug in your YubiKey to authenticate to your work account, the website prompts you to tap, and… your Mac doesn’t seem to know the key exists. Or it works in Chrome but not Safari. Or it worked yesterday and stopped today. MFA hardware keys are reliable when set up right, but Mac can introduce specific quirks.
Identify the key type
Different MFA keys speak different protocols:
- USB-A YubiKey: plugs into USB-A ports; requires adapter on USB-C-only Macs
- USB-C YubiKey: plugs directly into modern Macs
- Lightning + USB-C YubiKey 5Ci: for iPhones and Macs
- NFC YubiKey: can tap to phone but doesn’t work over NFC on most Macs (no NFC reader)
- Other FIDO2/U2F keys: Google Titan, Feitian, etc.
This matters because the connection requirements differ. A USB-A YubiKey through a low-quality adapter is a common failure point.
Verify the key is detected at all
Plug in the key and check System Information (Apple menu → About This Mac → More Info → System Report → USB).
The key should appear in the device tree:
- YubiKey: shows up as “YubiKey” or “Yubico YubiKey”
- Google Titan: shows as “Google Titan Security Key”
- Generic FIDO2 keys: usually labeled by manufacturer
If you see the key listed:
- Hardware connection is fine
- Issue is software-side (browser, driver, permissions)
If you don’t see it:
- Cable, adapter, port, or hardware issue
- Try a different port or direct connection
For deeper inspection:
ioreg -p IOUSB
That dumps the live USB device tree. The key should appear with its vendor ID (Yubico is 0x1050, Feitian is 0x096e, etc.).
Try a different USB port
Apple’s M-series Macs occasionally have port-specific quirks. If the key doesn’t work on one port, try the others.
For USB-A keys via adapter, also try:
- Different USB-A to USB-C adapter (cheap adapters fail often)
- Plugging directly into the Mac, bypassing any hubs
- A USB hub with proper power if the key needs a hub
YubiKeys are extremely low power so they generally work on any port. If yours doesn’t, the adapter or cable is more often the cause than the port itself.
Check the indicator light
YubiKeys have an LED that tells you what they’re doing:
- Solid green: idle, connected, ready
- Slow blink (about once per second): waiting for tap
- Fast blink: error or reset state
- No light at all: not getting power
If there’s no light at all when plugged in, the key isn’t getting power. Check the cable, adapter, or port.
If the light is solid but tapping doesn’t work, the connection is fine but the protocol or browser side isn’t communicating with the key.
Browser-specific issues
MFA hardware keys depend on the browser implementing WebAuthn properly. Different browsers behave differently:
- Safari: native WebAuthn support, generally reliable
- Chrome: native WebAuthn support; very good FIDO2 support
- Firefox: WebAuthn supported; sometimes lags on newer protocols
- Brave/Arc/etc.: based on Chromium, behave like Chrome
If the key works in one browser but not another:
- Check the failing browser is up to date
- Try in Safari as a baseline (Apple updates it with macOS)
- Some sites only fully support certain browsers for hardware keys
For Safari specifically, FIDO2 with USB hardware keys generally works, but some older sites built for Chrome may have issues. Firefox has had a couple of historical bugs around U2F vs FIDO2 detection that updates have addressed.
For Touch ID-equipped Macs
If you have a Mac with Touch ID, browsers may default to using Touch ID as the security key instead of your hardware YubiKey. This is fine for most uses but can be confusing.
In System Settings → Touch ID & Password, you can manage Touch ID’s role. For sites that ask for security keys, the browser usually offers both Touch ID and hardware key options — pick the one you want.
For some enterprise systems that require a hardware key specifically (not platform authenticator), Touch ID won’t satisfy the policy. The site will explicitly ask you to plug in a USB key.
Check FIDO2 vs U2F protocols
There are two related but different protocols:
- U2F: older, simpler; works with most older keys
- FIDO2/WebAuthn: newer; supports passwordless and more features
Some keys support both. Some sites support only one. Mismatches cause “key not recognized” errors.
If your key worked on a site months ago and doesn’t now, the site may have upgraded to FIDO2-only and your older U2F-only key is no longer compatible. Check the manufacturer’s documentation for your specific model’s protocol support.
For YubiKey:
- YubiKey 4: U2F + FIDO2
- YubiKey 5: full FIDO2 + many other protocols
- Older YubiKeys (Neo): U2F only
Reset key registration if it’s been re-keyed
If you reset your YubiKey (FIDO reset) for any reason, all your existing site registrations are invalidated. Sites you previously enrolled with the key won’t recognize it anymore until you re-register.
To re-register:
- Sign in to the site with backup methods (recovery codes, SMS, etc.)
- Go to Security/2FA settings
- Remove the old key registration
- Add the key again
This is normal and intended — it prevents anyone who steals your key from using your old registrations.
Use Yubico Authenticator app for diagnostics
For YubiKeys, Yubico provides a free app called Yubico Authenticator that lets you inspect the key’s state, see what protocols are enabled, and run diagnostics.
If your key doesn’t show up in the Authenticator app, the key isn’t being detected at the system level — same issue as not being seen by browsers.
If the Authenticator app sees it but browsers don’t, you’ve narrowed the problem to browser-side issues.
The app is also where you manage TOTP credentials stored on the key (separate from FIDO2/U2F).
Check macOS version
Older macOS versions had FIDO2 support gaps:
- Catalina: basic U2F support
- Big Sur and later: improved FIDO2 support
- Monterey and later: WebAuthn improvements
- Ventura+: better support for resident keys
If you’re on a very old macOS version, a hardware key that should work may have software-side limitations. Run all updates at System Settings → General → Software Update.
Test on a different Mac
If you’ve worked through everything and the key still won’t work, try it on another Mac. This separates “key issue” from “Mac issue.”
- Key works on another Mac → your Mac has a software or USB issue
- Key fails everywhere → key hardware problem
For Macs with the issue, common fixes:
- Clearing stale USB device records
- Restarting the USB subsystem (reboot)
- Checking for kernel extension conflicts (Safe Mode test)
For dead keys, YubiKeys have warranty coverage from Yubico. Other manufacturers vary.
Boot in Safe Mode
If a previously-working key stopped working after installing software, an extension or background process may be intercepting USB. Safe Mode rules this out.
- Apple Silicon: Shut down, hold the power button until startup options appear, pick your drive while holding Shift, click “Continue in Safe Mode”
- Intel: Restart, immediately hold Shift
If the key works in Safe Mode, restart normally and disable login items at System Settings → General → Login Items & Extensions until you find the conflict.
Common culprits include security software, virtualization software, and some browser extensions that hook USB.
There’s a faster waySweep does the cleanup in seconds. Try Sweep free →
Quick fix order
When an MFA hardware key isn’t detected:
- Check the LED to confirm power
- Look in
System Information → USBfor the device - Try a different port and bypass any hubs
- Test in Safari as a known-good browser
- Use Yubico Authenticator (or equivalent) to verify the key directly
- Update macOS to the latest version
- Test on a different Mac to isolate
- Boot in Safe Mode to rule out software conflicts
Most key issues are USB-side (port, adapter, cable) or browser-side (out of date, wrong protocol). The keys themselves are robust and rarely fail. Walk the list before assuming yours is dead.