![](/confluence/s/en/2171/1/_/images/icons/emoticons/warning.gif)
Q: How do I register my YubiKey for use with Duo 2FA?
- How can I register my hardware token for use with Duo?
- Can I use a hardware token with Duo 2FA?
Context
You can use a Yubikey USB hardware token to generate a One Time Passcode (OTP) for use with Duo. This is useful if you don't have a smartphone, prefer a physical token for your second factor, or as a secondary backup option in case you don't have access to your phone.
Registering a Yubikey with Duo Security requires two steps:
Configuring the Yubikey hardware token
To configure your Yubikey with One Time Passcode:
- Download and install the Yubikey Personalization Tool from the Yubico website.
- Once installed, insert your Yubikey into the USB port. Verify it is plugged in correctly by the solid/blinking green light in the middle of the gold circle.
Mac OS X users might encounter a prompt to set up a new keyboard the first time a Yubikey is connected. If you encounter this prompt, close the window and continue with the setup. - Open the Yubikey Personalization Tool. Under Personalize your Yubikey in select Yubico OTP Mode.
- Select Quick for program mode.
- Next, select Configuration Slot 1 and uncheck the Hide values box to revel the Private Identity and Secret Key.
- Click Write configuration.
- You may be prompted to save the log file.
![]() | Keep this window and information open in order to register your token with Duo |
Registering it with Duo Two-Factor authentication
Once you have the token configured, you can add it to your Duo devices:
- Navigate to https://duo.mit.edu.
- Once signed in, click on Register a new hardware token.
Result: You are brought to the registration page.
- Make sure the appropriate token type is selected. For any model YubiKey, select Yubikey.
- Enter (copy & paste) the Serial Number (in Decimal format), Private Identity, and Secret Key you generated when configuring your Yubikey and select Submit.
Result: You will be returned to the Duo settings page with a message saying the enrollment was successful.
You can now test your hardware token by authenticating to a service that requires Duo.
Note
If you would like a YubiKey you can pick one up at the Service Desk in E17-110 or by submitting a request here https://ist.mit.edu/duo/token-request
Labels:
None