Hardware token as online second factor

I have a YubiKey I’d like to be able to use instead of the mobile push as a second factor after entering a password for logging into Windows. This is working for offline authentication, but I’d like to be able to do it online also. I’m not seeing an option to select the YubiKey from the dropdown in my list of devices, even though I’ve already associated with my user account in the control panel. Is there a way to make this work?

Do you have an OTP-generating YubiKey, or is it U2F only? If it is capable of generating OTPs, did you import the token info into Duo and assign that token to your Duo user account?

It’s possible to attach U2F-only YubiKeys to user accounts in Duo as well, but those won’t work for online Windows logins (which is why I’m asking those specific questions about the token and how you attached it to your user).

It can do both, and I did generate the OTP and import the token, then assign it to my user account. A hardware token associated with my YubiKey shows up under my 2FA devices under “Hardware Tokens”

As you can see, the YubiKey is set up as a hardware token associated with my user account – in fact I don’t even have it configured for U2F, only OTP. However, Android phone is the only device in the dropdown. Authentication with the YubiKey works fine in offline mode, but is not an option for online. Could this be because I’m using Duo Free?


For online login with the token you just click the Enter a Passcode button and tap your YubiKey to enter and submit the OTP. You don’t need to explicitly select a device.

1 Like

My bad! That worked, thanks so much.