I think I know the problem here.
FIDO U2F is the first iteration of the FIDO standard (October 9, 2014). It is used for Universal 2 Factor only. It does not support PIN codes.
Then came FIDO2, which is a different FIDO standard (November 12, 2015). It supports full passwordless authentication as well as additional features over and above FIDO U2F, including PIN support.
When you deploy the “fido” applet for Apex Flex via Fidesmo, you can choose U2F or FIDO2. Our U2F applet is feature complete, but our FIDO2 applet is still in rough shape and it is a BETA version only. You cannot install both U2F and FIDO2 on the same device, they are not compatible side by side.
If you use the Apex Manager app, it will tell you which applet you have installed… if it’s U2F or FIDO2. I personally have the U2F applet deployed for two reasons; 1) our U2F applet is stable and finished while the FIDO2 applet is kinda garbage right now, and 2) almost all websites support U2F but only a few things support / require FIDO2