Yubikey Physical Hardware Instructions
Get more information about all the latest CBU events, including WebEx and Zoom links, at www.cbu.edu/events. See you there!
Overview
This guide was created to assist with adding a physical hardware token henceforth referred to as a “YubiKey” on the Microsoft Account as an authentication Method for Multi-Factor Authentication (MFA) in lieu of the Microsoft Authenticator app on a mobile device. This YubiKey must be removed if utilizing after the authentication process and kept on your person to ensure utmost security following its activation. It will be required to utilize the YubiKey every time you attempt to login to a Microsoft enabled MFA service (such as Outlook). If lost or stolen, report the incident to ITS immediately so proper action can be taken to remove the YubiKey method on your Microsoft Account.
Steps for Activation
Step 1: Locate the “Yubico Authentication” program on the desktop machine. Generally, this will be available on the desktop via shortcut. In the event that the shortcut is not on the desktop, search for the program using the search function in the bottom left corner of the Windows 10 machine as you would any other program.
Step 2: Open the “Yubico Authentication” program. You will be instructed to insert your YubiKey. Insert the YubiKey into a free USB slot on your machine so the gold contact point is touching the physical lip inside the USB Slot. If entered correctly the Yubico Authenticator App will notify you that No Accounts Exist on your key during first-time setup.
(Note: If you insert the YubiKey backwards, where the contact point is not reaching the USB, the app will not detect the YubiKey. Try turning the YubiKey around or another USB slot).
Step 3: Click the Add button on the Yubico Authenticator app and you will be prompted “Scan” a QR code. This QR code is generated by Microsoft during the MFA additional method setup process discussed earlier in this document, but will be reviewed here as well.
Step 4: Navigate to the My Account preferences on your Microsoft account and select the “Security Info” > “Update Info” section prompts. From this selection, select the option that states “+ Add Method” where a drop-down menu will present multiple options, choose “Authenticator App”. Click “Add” then select the blue texts that states “I want to use a different Authenticator app.”
Step 5: Click “Next” on the screen until you are prompted with a QR Code. Ensure the window is still open with the QR code and open the Yubico Authenticator App and hit “Scan”. The Yubico Authenticator App will automatically verify the QR code and list “Microsoft” as the “Issuer” and your email as the Account Name. Verify that the “Require Touch” selection is checked and hit “Add.”
Step 6: Click “Next” on the window with the QR code and Microsoft will ask for a 6-digit Key to confirm to add the Authentication method. On the Yubico Authenticator App, your account will have 6 * above your account name, double click on the account to initiate touch, and lightly press on the gold circle on your YubiKey. A temporary 6-digit code will appear in the section previously marked by 6 * to enter into the requested area by Microsoft. Once entered, the Generic “Authenticator App” will appear as an option in your Microsoft account under “Security Info.”
You have successfully added YubiKey physical hardware token as an MFA authentication method.
(Note: This temporary 6-digit code will time out after a short period and require you to repeat the steps and touch the YubiKey again to generate a new code. This code generation will be required every time you login to a Microsoft MFA enabled application.)
Troubleshooting
If your YubiKey is lost or stolen, immediately report the incident to ITS so proper action can be taken on the account, to ensure account security and access.
However, if you need to reset the account on your YubiKey for any reason, you can do so in the Yubico Authenticator Desktop Application while the YubiKey is plugged in.
To do so, click on the vertical ellipses in the top left corner to open the “Settings” menu. You can set an additional password for further security here, or utilize the “Reset” option to remove all accounts and set the YubiKey back to factory default settings.
(Note: If this is done, your YubiKey will no longer provide access as an MFA option for your Microsoft account and must be re-setup with the instructions above).