For use with two-step verification, OIT strongly recommends the use of a phone or tablet using the Duo Mobile app. This can work even if your mobile device does not have a network connection, such as when traveling internationally. Even without installing the app, a phone number (including landlines) can be entered to receive a call or text message as a form of authentication. This is highly recommended.

If you have no way of using another device, OIT recommends the purchase of a physical security token or key. This is a USB device that you can plug into your computer as a second form of authentication, in lieu of using another device like a phone or tablet. Once purchased and connected to your Brown account, the security key appears as an option in Duo. When Duo prompts for you to authenticate, simply tap the security key with your finger.

If you are choosing to purchase a physical security token, use the following guide:

• For Brown employees using departmental funds, physical tokens can be purchased using your department's funds by your regular IT professional through the OIT Hardware Services storefront. These can then be brought or delivered to the OIT Service Center for setup.
• For personal purchases, OIT recommends the YubiKey 5 series, although any security key supporting “FIDO2 / WebAuthn” is compatible with Duo if you can bring it to the OIT Service Center for setup. Prices range based on the model size and specifications. Be sure to order a device that can be used with the USB ports on your computer.
• If you are unable to bring your key to the OIT Service Center, only the YubiKey 5 series is supported at this time. Be sure to order a device that can be used with the USB ports on your computer. You can then follow the Manual YubiKey Setup instructions below.

Authenticating with your YubiKey

If your key was set up at the OIT Service Center

When you log on using Duo, you can simply touch the metal contact on your security key to log in. Some types of keys flash as a prompt for you to authenticate. In certain browsers, you may need to select the key specifically, from the Other options menu.

If your computer prompts you to identify your keyboard when you connect the YubiKey, dismiss the window.

If your key was set up using the manual setup instructions below

When prompted, tap and hold the metal contact on your security key for a few seconds. Once it begins typing, you may let go. If the YubiKey passcode option isn't selected by default, first click Other options and then YubiKey passcode.

Manual YubiKey Setup

Note: the instructions below only apply if you have purchased a YubiKey and are unable to bring/send it to the OIT Service Center for setup. If you are in this situation, please contact us for assistance with the setup process. These instructions are supplied for supplemental reference only.

1. Download, install, and run YubiKey Manager.
2. Connect the YubiKey to your computer.
   1. If your computer prompts you to identify your keyboard when you connect the YubiKey, dismiss the window.
3. Within YubiKey Manager, select Applications > OTP.
   1. On macOS, you may be prompted to grant Input Monitoring permissions to YubiKey Manager. If so, allow it, relaunch the app, and again select Applications > OTP.
4. Select Configure under the desired slot (Long Touch (Slot 2) is recommended to avoid accidental activation).
5. Ensure Yubico OTP is selected and click Next.
6. Click Use serial, and both of the Generate buttons. DO NOT click “Finish” yet.
7. Open myaccount.brown.edu/profile/twostep and sign in.
8. Under Add a New Hardware Token, fill out the form as follows:
   1. Type: YubiKey
   2. Serial: The number printed on your device, and visible at the top of the YubiKey Manager window.
   3. YubiKey Private ID: Copy and paste from the Private ID field in YubiKey Manager.
   4. YubiKey AES key: Copy and paste from the Secret key field in YubiKey Manager.
9. Click Add Hardware Token.
10. In YubiKey Manager, click Finish.