diff --git a/internal/api/grpc/auth/user_converter.go b/internal/api/grpc/auth/user_converter.go
index 59b9daa844..0f1756854c 100644
--- a/internal/api/grpc/auth/user_converter.go
+++ b/internal/api/grpc/auth/user_converter.go
@@ -431,7 +431,7 @@ func userChangesToAPI(changes *usr_model.UserChanges) (_ []*auth.Change) {
 func verifyWebAuthNFromModel(u2f *usr_model.WebAuthNToken) *auth.WebAuthNResponse {
 	return &auth.WebAuthNResponse{
 		Id:        u2f.WebAuthNTokenID,
-		PublicKey: u2f.PublicKey,
+		PublicKey: u2f.CredentialCreationData,
 		State:     mfaStateFromModel(u2f.State),
 	}
 }
diff --git a/internal/user/repository/eventsourcing/eventstore.go b/internal/user/repository/eventsourcing/eventstore.go
index 371f0c74bc..6d553a3492 100644
--- a/internal/user/repository/eventsourcing/eventstore.go
+++ b/internal/user/repository/eventsourcing/eventstore.go
@@ -1316,6 +1316,7 @@ func (es *UserEventstore) AddU2F(ctx context.Context, userID string) (*usr_model
 		return nil, err
 	}
 	webAuthN.WebAuthNTokenID = tokenID
+	webAuthN.State = usr_model.MFAStateNotReady
 	repoUser := model.UserFromModel(user)
 	repoWebAuthN := model.WebAuthNFromModel(webAuthN)