In order to test something, I need to set a PIN on a yubikey. I found that I can do that using ykman fido access change-pin. However, I did not find any option to remove that PIN afterwards. I only want to set the PIN for a short test, so how can I remove it again?
I do not want a factory reset. I only want to reset the fido PIN.
As far as I'm aware, the CTAP protocol which governs FIDO behavior does not define such behavior, so you have to do a complete reset of the FIDO applications to reset the PIN.
ykman fido reset
CTAP 2.1 does specify a set minimum PIN length feature which allows you to set a flag requiring the PIN to be changed on the next use, but I have not yet encountered a Yubikey with that feature present.
Update
According to a press release that was released today, the new Yubikey firmware does support the aforementioned CTAP 2.1 features. This however still doesn't change the fact that a key's PIN cannot be reset without resetting the FIDO applications and credentials.