diff --git a/tests/test_device.py b/tests/test_device.py
index 7f2158b2..9406131b 100644
--- a/tests/test_device.py
+++ b/tests/test_device.py
@@ -16,7 +16,7 @@ def info(form_factor):
         serial=None,
         version=Version(5, 3, 0),
         form_factor=form_factor,
-        supported_capabilities={TRANSPORT.USB: 0xFF},  # type: ignore
+        supported_capabilities={TRANSPORT.USB: CAPABILITY(0xFF)},  # type: ignore
         is_locked=False,
         is_fips=False,
     )
@@ -24,7 +24,7 @@ def info(form_factor):
 
 def info_nfc(form_factor):
     with_nfc = info(form_factor)
-    with_nfc.supported_capabilities[TRANSPORT.NFC] = 0xFF
+    with_nfc.supported_capabilities[TRANSPORT.NFC] = CAPABILITY(0xFF)
     return with_nfc
 
 
@@ -37,8 +37,14 @@ def test_yk5_formfactors():
     assert get_name(info_nfc(FORM_FACTOR.USB_C_KEYCHAIN), kt) == "YubiKey 5C NFC"
     assert get_name(info(FORM_FACTOR.USB_C_NANO), kt) == "YubiKey 5C Nano"
     assert get_name(info(FORM_FACTOR.USB_C_LIGHTNING), kt) == "YubiKey 5Ci"
-    assert get_name(info(FORM_FACTOR.USB_A_BIO), kt) == "YubiKey Bio"
-    assert get_name(info(FORM_FACTOR.USB_C_BIO), kt) == "YubiKey C Bio"
+    assert (
+        get_name(info(FORM_FACTOR.USB_A_BIO), kt)
+        == "YubiKey Bio - Multi-protocol Edition"
+    )
+    assert (
+        get_name(info(FORM_FACTOR.USB_C_BIO), kt)
+        == "YubiKey C Bio - Multi-protocol Edition"
+    )
     assert get_name(info(FORM_FACTOR.UNKNOWN), kt) == "YubiKey 5"
     assert get_name(info_nfc(FORM_FACTOR.UNKNOWN), kt) == "YubiKey 5 NFC"
 
@@ -84,8 +90,14 @@ def test_yk5_fips_formfactors():
     )
     assert get_name(fips(info(FORM_FACTOR.USB_C_NANO)), kt) == "YubiKey 5C Nano FIPS"
     assert get_name(fips(info(FORM_FACTOR.USB_C_LIGHTNING)), kt) == "YubiKey 5Ci FIPS"
-    assert get_name(fips(info(FORM_FACTOR.USB_A_BIO)), kt) == "YubiKey Bio FIPS"
-    assert get_name(fips(info(FORM_FACTOR.USB_C_BIO)), kt) == "YubiKey C Bio FIPS"
+    assert (
+        get_name(fips(info(FORM_FACTOR.USB_A_BIO)), kt)
+        == "YubiKey Bio - Multi-protocol Edition FIPS"
+    )
+    assert (
+        get_name(fips(info(FORM_FACTOR.USB_C_BIO)), kt)
+        == "YubiKey C Bio - Multi-protocol Edition FIPS"
+    )
     assert get_name(fips(info(FORM_FACTOR.UNKNOWN)), kt) == "YubiKey 5 FIPS"
     assert get_name(fips(info_nfc(FORM_FACTOR.UNKNOWN)), kt) == "YubiKey 5 NFC FIPS"
 
diff --git a/ykman/_cli/__main__.py b/ykman/_cli/__main__.py
index c19776fd..b59895eb 100644
--- a/ykman/_cli/__main__.py
+++ b/ykman/_cli/__main__.py
@@ -277,7 +277,7 @@ def require_device(connection_types, serial=None):
     help="specify private key and certificate chain for secure messaging, "
     "can be used multiple times to provide key and certificates in multiple "
     "files (private key, certificates in leaf-last order), OR SCP03 keys in hex "
-    "(K-ENC K-MAC [K-DEK])",
+    " separated by colon (:) K-ENC:K-MAC[:K-DEK]",
 )
 @click.option(
     "-p",
@@ -360,7 +360,7 @@ def cli(
     if reader and device:
         ctx.fail("--reader and --device options can't be combined.")
 
-    use_scp = bool(scp_sd or scp_cred or scp_ca)
+    use_scp = bool(any(scp_sd) or scp_cred or scp_ca)
 
     subcmd = next(c for c in COMMANDS if c.name == ctx.invoked_subcommand)
     # Commands that don't directly act on a key
@@ -413,9 +413,12 @@ def resolve():
             else:
                 ca = None
 
-            re_hex_keys = re.compile(r"^[0-9a-fA-F]{32}$")
-            if all(re_hex_keys.match(k) for k in scp_cred) and 2 <= len(scp_cred) <= 3:
-                scp03_keys = StaticKeys(*(bytes.fromhex(k) for k in scp_cred))
+            key_fmt = r"[0-9a-fA-F]{32}"
+            re_hex_keys = re.compile(rf"^{key_fmt}:{key_fmt}(:{key_fmt})?$")
+            if len(scp_cred) == 1 and re_hex_keys.match(scp_cred[0]):
+                scp03_keys = StaticKeys(
+                    *(bytes.fromhex(k) for k in scp_cred[0].split(":"))
+                )
                 scp11_creds = None
             else:
                 f = click.File("rb")