Yubikey (U2F) Keys for Duo

What is a Yubikey?

Yubikeys are hardware devices that support the Universal 2nd Factor (U2F) protocol.  They are physical devices that can be added to your Duo account as either a primary or backup method of approving a Duo TFA authentication requests.  Instead of receiving a TXT message, phone call, or push notification, you can instead use a Yubikey.

Why Yubikeys?

Yubikeys are simple, inexpensive devices which can be quickly added to your Duo account through Duo self-service.  They help to ensure that you have access to Duo-secured services even without an internet connection or your phone.  To use a Yubikey, plug the device into a USB port on the computer that is accessing Duo-protected services and touch the flashing key symbol on the key.  No need to access your phone or wait for a TXT, call, or push notification.

Some Yubikeys are designed to be carried on a keychain while others are designed to be left plugged into your computer's USB port.

What's the catch?

Right now, only Chrome (version 38+), Opera (version 40+), and Firefox (version 60+/Quantum) browsers support the U2F protocol that Yubikey uses.   You won't have any success trying to use your Yubikey with Internet Explorer or Safari. To use Firefox, you must follow these instructions to enable U2F.

Where can I get them?

Yubikeys are available at the Kenyon College Bookstore for purchase.  For short-term scenarios (in case you lose your phone, for instance), they can also be checked out at Circulation in the library.  Finally, other Yubikey formats are available for purchase directly from Yubico.

How do I add a Yubikey to my accounts?

Yubikey enrollment is simple and fully self-service.  To begin, access a service protected by Duo.  If you're off campus, remote.kenyon.edu is a great option.  For on-campus, use mybanner.kenyon.edu.  

Enter your Kenyon network username and password as prompted.  At the Duo prompt, click "Add a new device".

Add new device

To proceed, you'll need to authorize a Duo request.  Choose your preferred method to be taken to the device self-service page.  For Yubikey, choose "U2F token" and click "Continue".

Select "U2F token"

To complete enrollment, a pop-up window should appear with instructions.  Insert the Yubikey into a USB port on your computer as instructed and touch the flashing key symbol.

Touch the flashing key symbol to enroll

When successful, this completes the enrollment process!  You will be shown your list of registered devices which will now include the U2F token.  You can begin using your U2F token from this point.

"U2F token" appears in your device list