Authenticate with YubiKeys

Tags Security

Summary

This article discusses how to request, set up, and use a YubiKey.

YubiKeys are physical tokens that help to make Duo Two Factor Authentication a quick and easy process. A YubiKey is very similar to a small flash drive. Unlike the past Duo hard tokens, which generated a code to be typed in manually; the YubiKeys generate a Duo code directly into the passcode box for you.

Environment

Duo Two Factor Authentication users for the University of Michigan.

Directions

Requesting a YubiKey

Photo of a YubiKey next to a laptop, prior to inserting it into the USB port.
Figure 1: Ready to insert YubiKey
  1. You can request a YubiKey from LSA TS Service Desk by emailing LSATechnologyServices@umich.edu.
  2. You will need to provide your uniqname and the format — USB or USB C — of YubiKey that you need based on the inputs of your machine.
Photograph of a YubiKey inserted into a laptop USB port
Figure 2: Properly inserted YubiKey

Using a YubiKey

  1. Place the YubiKey into a USB input in your machine, preferably in a spot that is easy for you to reach. The YubiKey has a gold side and a black side; make sure the gold side is facing up when inserting it into the computer. A green light will blink if it is inserted properly. For continual use the YubiKey does not need to be taken out once placed in the port. See Figure 2 for how a properly inserted YubiKey should look.
  2. When you authenticate in Duo, choose "Enter a Passcode." If you have automatic push set up through Duo, you can change those settings by following these instructions.
  3. Click inside of the text box and touch the side of your YubiKey with your finger; doing so will initiate a long string of randomly generated text.
  4. Click "Log In" or press Enter on your keyboard.
  5. You should now be authenticated! You will need to touch the YubiKey every time you authenticate through Duo when using the token option; however, you also have the option to authenticate through your other devices instead.

Notes

Anytime you touch the YubiKey it will generate a string of random letters. Be careful not to accidentally touch it when you are working in other programs with typing and text.

There is a box you can click before entering the YubiKey code that will keep you logged in for 12 hours.

The CCID/Smart Card functionality of the Yubikey will mean that the key will blink periodically, even when in a laptop in sleep mode or with the lid closed. This is expected functionality and has no noticeable impact on battery life.

YubiKeys can also be used with many non-U-M services like social media or banking to provide Two Factor protection. Currently this is only supported when using the Chrome browser

More information on Duo settings is available.

Print Article