The Duo platform leverages certified YubiKey hardware to provide strong two-factor authentication so end-users can securely access data and applications on the network or in the cloud.
How does YubiKey integrate with Duo?
Add Token in Duo Admin Panel
- Log into the Duo Security Admin Panel.
- Go to 2FA Devices → Hardware Tokens.
- Click the Import Hardware Tokens button.
- Set the dropdown to YubiKey AES.
Is YubiKey a U2F?
The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, and authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols developed by the FIDO Alliance.
What is Duo WebAuthn?
WebAuthn (Web Authentication API) is an open standard that allows third parties like Duo to tap into built-in biometric authenticators on laptops and smartphones. This means users can securely log into their accounts with the built-in TouchID fingerprint reader on MacOS laptops.
What is a key for Duo Security?
What are Security Keys? A security key plugs into your USB port and when tapped or when the button is pressed it sends a signed response back to Duo to validate your login. Duo uses the U2F and WebAuthn authentication standards to interact with your security keys. You may also see WebAuthn referred to as “FIDO2”.
How do you get OTP for YubiKey?
The YubiKey has an integrated touch-contact that triggers the OTP generation. Generated OTPs are sent as keystrokes by the emulated keyboard, thereby allowing the OTPs to be received by any text input field or command prompt.
Do you need two Yubikeys?
A: Nope, this is not necessary. There is nothing wrong with purchasing a backup key that is a different form factor than your primary key. It will work the same as long as it is from the same YubiKey series.
Is duo a U2F?
Duo uses the U2F and WebAuthn authentication standards to interact with your security keys.
Does YubiKey support WebAuthn?
With WebAuthn, servers can integrate with authenticators such as the YubiKey, a USB token, a smart phone, Apple’s Touch ID, and Windows Hello. The private key is securely stored on the device, while the server stores the public key and randomly generates challenges for the authenticator to sign.
Where is my Duo Security Key?
Access the Duo enrollment page via a link emailed by your administrator, or when you log in for the first time to a Duo protected resource. Select Security Key from the list of devices and then click Continue.
How many OTP can YubiKey store?
OATH (Yubico Authenticator) – the YubiKey 5’s OATH application can hold up to 32 OATH-TOTP credentials (AKA authenticator app codes).
Which YubiKey devices can be used with Duo Security?
All YubiKey devices can be used as authentication methods with Duo Security. The only Yubico-manufactured device that won’t work with Duo for One-Time Password (OTP) authentication is the FIDO U2F Security Key, as it is a U2F-only device. The U2F Security Key can still be used for U2F-based authentication.
What are the U2F security key requirements for duo?
U2F Security Key Requirements. In order to use a U2F security key with Duo, make sure you have the following: Additionally, your administrator must enable the use of U2F tokens in Duo. Check with your organization’s support team or help desk to verify that U2F is allowed if you are uncertain.
What is the difference between a YubiKey OTP and security key?
Some YubiKey tokens (like the YubiKey 5 Series) have both OTP (one-time password) and Security Key (including U2F) functionality. There are several differences between the two. The USB device protects the user’s private keys with a tamper-resistant component known as a secure element (SE).
How do I assign my YubiKey OTP tokens to duo users?
If entering multiple YubiKey OTP tokens, enter the token information one per line. After importing your YubiKey OTP tokens into Duo you can assign them to users for Duo-protected application logins, or to Duo administrators for use when logging into the Duo Admin Panel.
