Adding new FIDO device/ wallet compromised

Hello everyone,

I’m facing the following problem.

I suspect my recovery phrase might be compromised on an Internet Identity that has quite a bit of ICP staked.

So just to be sure I would like to reset the recovery phrase, actually think that is a handy feature just for this reason.

Now, the account is accessible through the recovery phrase and my FIDO key(YubiKey) and I have got the following problems.

I don’t have the PIN for the specific YubiKey that is used with that account. And it keeps asking me for it.

For this reason I bought a second YubiKey to try add that one to the Identity and then change the seed phrase.

However when I try to add a 2nd FIDO key while having the main one I use to login plugged in, I just keep getting an error message.

When I press add Recovery device nothing happens, it just reloads the site, or it asks me for some PIN.

I am really at a loss as to what to do and am honestly kind of scared I might completely lose access to the account if I screw up myself, you know in the process of trying to eliminate the potential threat of the eventually compromised seed phrase.

I know this whole ordeal might sound incredibly stupid but I just would be so happy to have someone comment on this situation and maybe steer me into the right way…

Thanks in advance

To resolve this issue, the user should follow these steps:

1. Recover using the recovery phrase: Since the account is still accessible through the recovery phrase, the user should first recover the account using the recovery phrase. This will ensure they have access to the account before proceeding.

2. Skip adding a new passkey: After recovering the account, the user should skip adding a new passkey for now.

3. Remove the existing passkey: The user should then remove the existing passkey by pressing the three dots next to the passkey. This will delete the passkey associated with the compromised recovery phrase.

4. Add a new passkey: After removing the existing passkey, the user should add a new passkey by pressing “Add new Passkey”. This will create a new passkey for the account.

5. Set up a new recovery phrase: Once the new passkey is added, the user should set up a new recovery phrase for the account. This will ensure that the compromised recovery phrase is no longer associated with the account.

By following these steps, the user should be able to reset their Internet Identity recovery phrase and secure their account.