Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1949
Views
1
Helpful
5
Replies

Hardware token as online second factor

Go to solution
commodiusvicus
Level 1
Level 1

‎06-24-2020 09:22 AM

I have a YubiKey I’d like to be able to use instead of the mobile push as a second factor after entering a password for logging into Windows. This is working for offline authentication, but I’d like to be able to do it online also. I’m not seeing an option to select the YubiKey from the dropdown in my list of devices, even though I’ve already associated with my user account in the control panel. Is there a way to make this work?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎06-25-2020 12:13 PM

For online login with the token you just click the Enter a Passcode button and tap your YubiKey to enter and submit the OTP. You don’t need to explicitly select a device.

Duo, not DUO.

View solution in original post

5 Replies 5

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎06-24-2020 11:53 AM

Do you have an OTP-generating YubiKey, or is it U2F only? If it is capable of generating OTPs, did you import the token info into Duo and assign that token to your Duo user account?

It’s possible to attach U2F-only YubiKeys to user accounts in Duo as well, but those won’t work for online Windows logins (which is why I’m asking those specific questions about the token and how you attached it to your user).

Duo, not DUO.
0 Helpful

Go to solution
commodiusvicus
Level 1
Level 1
In response to DuoKristina

‎06-25-2020 11:31 AM

As you can see, the YubiKey is set up as a hardware token associated with my user account – in fact I don’t even have it configured for U2F, only OTP. However, Android phone is the only device in the dropdown. Authentication with the YubiKey works fine in offline mode, but is not an option for online. Could this be because I’m using Duo Free?

2X_c_c2a3fa9d890f1fc9184554758deab903a35d51a2.jpeg
2X_5_50ef88e3ad3a06a9231137fe4c192b70f4610884.png
2X_4_4be2b22a55203b8a5e02172eddcb52a6c27bbe71.png

0 Helpful

Go to solution
commodiusvicus
Level 1
Level 1

‎06-24-2020 11:57 AM

It can do both, and I did generate the OTP and import the token, then assign it to my user account. A hardware token associated with my YubiKey shows up under my 2FA devices under “Hardware Tokens”

0 Helpful

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎06-25-2020 12:13 PM

For online login with the token you just click the Enter a Passcode button and tap your YubiKey to enter and submit the OTP. You don’t need to explicitly select a device.

Duo, not DUO.

Go to solution
commodiusvicus
Level 1
Level 1
In response to DuoKristina

‎06-25-2020 12:25 PM

My bad! That worked, thanks so much.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents