How to Set Up a Yubikey USB Authenticator

Objective

These instructions provide a guide on setting up a Yubikey USB authenticator for the first time. A YubiKey USB authenticator is a hardware security key that provides an extra layer of protection for online accounts. It generates one-time passwords, supports two-factor authentication, and can be used on various devices and platforms to secure access to sensitive information and prevent unauthorized access.

In this article:

 

Users

This article is intended for use by all university members.

 

Before You Begin

Depending on your model of Yubikey, verify that the Yubikey Manager or Yubico Authenticator software has been installed. Download links for the software can be found here:

To find out which Yubikeys support FIDO2 authentication, compare various series and models
here: https://www.yubico.com/store/compare/

 

 

Initial Setup

  1. Insert a Yubikey into an available compatible USB port.
  2. Download the Yubico Software to perform management and initial setup of the key. These instructions will use Yubikey Manager.
  3. If the key is properly inserted, start the Yubikey Manager software. The plugged-in Yubikey will be shown on the Home screen.
    Yubikey Manager home screen displaying a Yubico Security Key C NFC device.
     
  4. Click the Applications tab and select the option FIDO2.
  5. Click the Set PIN button to create a Personal Identification Number (PIN) for this device. A created PIN must use at least 4 characters.
    A Yubikey Manager window for setting a FIDO2 PIN with the message "The FIDO2 PIN must be at least 4 characters."
     
  6. Enter the PIN again in the Confirm PIN section and click Set PIN to save it.
  7. When a PIN is saved, a label will appear near the FIDO2 PIN option stating as such and the available retries before the key wipes itself.
  8. If a user does not remember their PIN, select the Reset option to the right. This will wipe the key of the previous information. Any authorizations dependent upon this key must be reconfigured with the key's new settings.
    A Yubikey Manager window displaying FIDO2 options for Change PIN and Reset FIDO

 

Additional Resources

Instructions for enrolling a Yubikey authenticator to Duo for an additional multifactor method can be found below:

 

 

Print Article

Related Articles (3)

Duo - Hardware Token Enrollment (Yubikey) - Mac
Multi-factor authentication (MFA) combines two concepts to allow users log in access: something users know, i.e., a password, and something users have, i.e., a hardware token. This guide will assist users in registering a new hardware token.
Duo - Hardware Token Enrollment (Yubikey) - Windows
Multi-factor authentication (MFA) combines two concepts to allow users log in access: something users know, i.e., a password, and something users have, i.e., a hardware token. This guide will assist users in registering a new hardware token.
Duo - Setting up Two Factor Authentication on a Mobile Device
Instructions for setting up the Duo Mobile app

Related Services / Offerings (3)

Privileged Access Management (Passwords)
Privileged Access Management (PAM) is a security solution that helps organizations manage and monitor privileged user access to critical systems and sensitive data. It helps prevent unauthorized access and reduce the risk of insider threats.
TrueYou Account Self Service
TrueYou is the Identity Management system where you manage your authentication information
Two-Factor Authentication (2FA) - Duo
Extra layer of login protection provided by Duo.