In order to use a YubiKey with Duo, you must have the following:
- A supported browser (Chrome 70, Firefox 60, Safari 13 or Microsoft Edge 79 or later)
- An available USB port the same type as your key (USB-A or USB-C)
- Any YubiKey (EXCEPT YubiKey’s U2F-only key!)
Enrolling your YubiKey
If you previously enrolled other devices in Duo, you can easily add your new security key as an additional authenticator.
Note: It is suggested that your perform these steps in Google Chrome or Edge, as doing so will make the key automatically usable in all other supported browsers.
- Visit a Duo-protected webpage, such as https://myaccount.brown.edu/. If you are already logged in you must logout and reload the page.
- At the Duo Prompt do not approve the login. Instead, click the Add a new device link in the left column and approve the new Duo login request using your already enrolled phone or other device.
- Select Security Key for the type of device you are adding and click continue.
- On the next screen, to enroll your security key click continue. A browser popup should appear.
- When the browser popup appears plug in and tap your YubiKey. You may be asked to tap a second time.
- You should be taken back to your devices page and now see a security key has been added and is ready for use!
(Optional) you can click the device options button next to the security key to give it a more descriptive name.
Authenticating with your YubiKey
The next time you log on using Duo, you can simply tap or insert your security key to log in. Some types of keys flash as a prompt for you to authenticate.
You do not need to explicitly select the security key from the drop-down list of available devices to use it for authentication in Chrome or Edge if you also enrolled it in one of those browsers.
In other browsers, you may need to select your security key from the drop-down list of your authentication devices.
Once you select your security key from the list, click Use Security Key and tap your security key when prompted.