Access Keys:
Skip to content (Access Key - 0)
Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History
<< Previous Version 12 Next >>

Q: How do I register my YubiKey for use with Duo 2FA?

  • How can I register my hardware token for use with Duo?
  • Can I use a hardware token with Duo 2FA?

Context

You can use a Yubikey USB hardware token to generate a One Time Passcode (OTP) for use with Duo. This is useful if you don't have a smartphone, prefer a physical token for your second factor, or as a secondary backup option in case you don't have access to your phone.

Registering a Yubikey with Duo Security requires two steps:

Configuring the Yubikey hardware token

To configure your Yubikey with One Time Passcode:

  1. Download and install the Yubikey Personalization Tool from the Yubico website.
  2. Once installed, insert your Yubikey into the USB port. Verify it is plugged in correctly by the solid/blinking green light in the middle of the gold circle.
    Mac OS X users might encounter a prompt to set up a new keyboard the first time a Yubikey is connected. If you encounter this prompt, close the window and continue with the setup.
  3. Open the Yubikey Personalization Tool. Under Personalize your Yubikey in select Yubico OTP Mode.
  4. Select Quick for program mode.
  5. Next, select Configuration Slot 1 and uncheck the Hide values box to revel the Private Identity and Secret Key.
  6. Click Write configuration.
  7. You may be prompted to save the log file.
    Some users may encounter the following warning about overwriting the configuration in Slot 1. This is normal as some Yubikeys come pre-configured with YubiCloud credentials in slot 1.
Keep this window and information open in order to register your token with Duo

Registering it with Duo Two-Factor authentication

Once you have the token configured, you can add it to your Duo devices:

  1. Navigate to https://duo.mit.edu.
  2. Once signed in, click on Register a new hardware token.
    Result: You are brought to the registration page.
  3. Make sure the appropriate token type is selected. For any model YubiKey, select Yubikey.
  4. Enter (copy & paste) the Serial Number (in Decimal format), Private Identity, and Secret Key you generated when configuring your Yubikey and select Submit.
    Result: You will be returned to the Duo settings page with a message saying the enrollment was successful.

    You can now test your hardware token by authenticating to a service that requires Duo.

Note

If you would like a YubiKey you can pick one up at the Service Desk in E17-110 or by submitting a request here https://ist.mit.edu/duo/token-request

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Last Modified:

page-info: unable to locate page


Get Help

Request help
from the Help Desk
Report a security incident
to the Security Team
Feedback
This product/service is:
Easy to use
Average
Difficult to use
This article is:
Helpful
Inaccurate
Obsolete
Adaptavist Theme Builder (4.2.3) Powered by Atlassian Confluence 3.5.13, the Enterprise Wiki