Set Up Multi-Factor Authentication (MFA) - Register Your YubiKey Physical Security Key

Issue/Question

How do I set up the Yubikey for Multi-Factor Authentication?  

Environment

  • Multi-Factor Authentication 

Additional Details

WHAT IS A PHYSICAL SECURITY KEY? 
The YubiKey is a hardware authentication device that protects access to computers, networks, and online services. It allows users to securely log into their accounts instead of using an app, call, or text. Like other MFA methods, it helps protect against phishing, eliminates account takeovers, and enables compliance requirements for strong authentication. 


If you prefer to not use your personal device to add the Microsoft Authenticator app, or do not have cellular or Wi-Fi service where you work, this would be the solution for you. 


You will be required to have at least one other MFA method registered to your account so you don’t get locked out of your account if your YubiKey gets lost or stolen. 


 Note: Physical security keys will not work for virtual environments. 
 
HOW DOES A PHYSICAL SECURITY KEY WORK? 
The current YubiKey offered is capable of both USB-C and NFC. 

  • For USB-C use: Simply plug in your YubiKey to your device’s USB-C drive and gently tap the Y on the key. 
  • For Near-Field Communication (NFC) use: Tap the YubiKey to the NFC radio on your device. 

For more information on NFC, refer to our YubiKey FAQ. 
 
HOW TO REQUEST A PHYSICAL SECURITY KEY 

If you already have a YubiKey, you may associate it with your account by using the steps within the Details section of this article. 

If you would like to request a YubiKey be provided by Macomb Community College for free, you must submit a request to IT.  You can click this link to take you to the service request page, or search “Request Physical Token for Multi-Factor Authentication (MFA)” in our Client Portal. 
 
You will be able to register the YubiKey to your account once you pick it up and have it in front of you. 

IMPORTANT: Do not proceed until you physically have your YubiKey in front of you AND have registered at least one other method of MFA. 

Details

 Note: These directions are typical for most users, but your experience might be slightly different. Please contact the Service Desk if you need any assistance with MFA or SSPR registration. 

  • Enter your password and click Sign in.
  • If you are prompted to stay signed in, click No.

  • Click Add method, on the Security Info page. 

  • Select Security key from the drop-down, click Add. 

 

  • You will have two options for configuring your YubiKey: USB or NFC. We will go through each of the options below.

 Note: You will be able to use both USB and NFC regardless of the way you configure the YubiKey in this step. These options are just for the initial setup of the YubiKey. 

 

CONFIGURATION OPTION ONE: USB CONFIGURATION 

Have your YubiKey next to you and be ready to plug into your laptop or desktop.

  • Select USB device.  
  • Click Next. 

  • You will be redirected to a Windows Security system message

  • Click OK.

  • Click OK to continue. 

  • Insert your YubiKey into the USB-C port on your laptop or desktop. 

  • Create a PIN. The PIN must be between 6-8 characters. 

 Note: You are responsible for knowing your PIN. The IT team cannot find it for you or reset it.

  • Gently tap the Y on your YubiKey. 
  • The Y should light up. 

  •  Name your security key. It is recommended to name it with the following: YubiKey - ## ### ###. The eight-digit number can be found on the back of your YubiKey. This identifier may be able to help you if your YubiKey is lost or stolen. 

 YubiKey setup complete. 

  • Click Done. 

 

 

  •  You will be brought back to the Security Info page. You should now see Security key listed like the screenshot below.  

If you have added any other MFA or SSPR methods previously, they will all be listed here. 

 

  •  Select Change next to the default sign-in method to change the default sign-in method to hardware token instead of notification. 

  • Select Authenticator app or hardware token – code from the drop-down menu. 
  • Click Confirm. 

You will be brought back to the Security Info page and a pop-up in the upper right corner will let you know you successfully changed your default sign-in method. 

 

CONFIGURATION OPTION TWO: NFC CONFIGURATION 

Have your YubiKey next to you. 

  • Select NFC device.  
  • Click Next. 

  • You will be redirected to a Windows Security system message

  • Click OK.

  • Click OK to continue. 

  • Place your YubiKey near the NFC reader. 
  • Gently tap the Y on the YubiKey. 

  • Create a PIN. The PIN must be between 6-8 characters. 

 Note: You are responsible for knowing your PIN. The IT team cannot find it for you or reset it.

  •  Name your security key. It is recommended to name it with the following: YubiKey - ## ### ###. The eight-digit number can be found on the back of your YubiKey. This identifier may be able to help you if your YubiKey is lost or stolen. 

 YubiKey setup complete. 

  • Click Done. 

 

 

  •  You will be brought back to the Security Info page. You should now see Security key listed like the screenshot below.  

If you have added any other MFA or SSPR methods previously, they will all be listed here. 

 

  •  Select Change next to the default sign-in method to change the default sign-in method to hardware token instead of notification. 

  • Select Authenticator app or hardware token – code from the drop-down menu. 
  • Click Confirm. 

You will be brought back to the Security Info page and a pop-up in the upper right corner will let you know you successfully changed your default sign-in method. 

 
 

Print Article

Details

Article ID: 131089
Created
Wed 3/31/21 2:55 PM
Modified
Mon 11/28/22 4:07 PM

Related Articles (2)

What Verification Methods are Available to me for Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)
Explanation of different methods of Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)