Choose a topic:
What is a security key?
Security keys are a convenient alternative to using your cell phone, office phone or email to handle the Multi-Factor Authentication (MFA) system currently being used by the university. These easy-to-use keys help get you logged into your computer, provide fast access to websites and applications, and are more secure than other modes of authentication. Security keys help to protect against account takeovers, online attacks and phishing attempts.
When selecting a security key:
- Choose keys that necessitate physical touch to operate, ensuring active participation in the authentication process.
- Do not use nano-sized keys to prevent them from being left in the computer, especially for laptops. The larger size reduces the risk of forgetting the key in the device and causing physical damage when transporting the laptop.
If you would like to use a security key, you must purchase one. Departments may also purchase security keys for their employees if they wish by contacting their IT staff. We recommend purchasing one of the following security keys:
- Security Key NFC by Yubico – This is the best choice for most users
- YubiKey 5C NFC or YubiKey 5 NFC
Yubico offers a 20% educational discount for students, faculty and staff at https://www.yubico.com/education-offer/.
Setting up a security key
The registration process to set up a YubiKey is the same for Windows, MacOS (using a Chrome browser) and mobile devices. However, MacOS requires that a PIN be set on the security key prior to registering the key with Microsoft. Scroll down for instructions for setting a PIN on MacOS.
Microsoft Multi-Factor Authentication (MFA) registration
- Go to mysignins.microsoft.com.
- Select “Security info.”
- Click “Add sign-in method.”
- Select “Security key” and click “Add.” (you may be asked to sign in again)
- Choose “USB device.”
- Have your key ready to plug into the USB port and click “Next.”
- You will be directed to another splash page. Choose “Security key.”
- Click “Next.”
- Click “OK” twice.
- Insert the security key into the USB port.
- Set a PIN that is at least 8 characters. It should be a combination of numbers and letters. See PIN Security for recommendations for selecting a secure PIN.
- Touch your security key that is still plugged in.
- Click “OK” to be redirected to back to the “My Sign Ins” Security info page.
- Name your security key. This name will be displayed on the Security info page so you can identify your security key.
- The key is now set up.
Setting a PIN on MacOS
If you are using MacOS with Safari, a PIN must be set on the security key prior to registering the key with Microsoft. You must have software installed (i.e. YubiKey Manager) and be able to run that software as Administrator. For employees with MacOS, contact your IT staff to assist in establishing the PIN using the IT Pro workstation and process below.
- Install the Yubico Authenticator app.
- Once installed, open Yubico Authenticator and click on the shield icon on the left.
- Next, click "Set PIN" to the right under "Manage."
- Enter a PIN and click "Save."
- You will notice that it now shows "Change PIN" under "Manage."
Security key best practices
Key Importance:
- Treat your security key with the same importance as a car key.
- Do not inscribe your name or any other meaningful personal information on the key. This includes stickers or keychains that contain said personally identifiable information.
PIN Security:
- A PIN is mandatory and should not be simplistic, such as “000000” or “123456.”
- Avoid writing the PIN on a sticky note; instead, create a memorable code that doesn’t require physical or electronic documentation.
- Do not disable interfaces to circumvent the PIN prompt.
- The minimum PIN length is 6 characters, with a preference for 8 or more alphanumeric characters.
- PINs must not contain any personal identifiers like Employee ID, Social Security number, phone number or any details related to the key owner.
Key Custody:
- Never leave your YubiKey or other security key unattended.
- When traveling, keep the key separate from your laptop; for example, if the laptop is in a bag, carry the key in your pant pocket, purse or another carrying method.
Key Storage:
- Upon stepping away from your laptop or computer, remove the key and store it securely, preferably on your person.
- Do not keep your security key attached to your name badge/University ID card.
Public Use Precautions:
- In public settings, be cautious of onlookers when entering your PIN. Physically rotate yourself 90 degrees to shield the PIN entry from view as you type it.
Authentication Methods:
- After both the security key and the Microsoft Authenticator application have been configured on the account, visit mysignins.microsoft.com to remove the SMS and phone call authentication options from your account. These methods are less secure.
Loss Prevention:
- In case of a lost or stolen key, report it immediately to the Division of IT by contacting the IT Help Desk.
- And as soon as possible remove the security key as an authentication method from your account.
- Login to mysignins.microsoft.comwith your alternative multi-factor method (i.e. Microsoft Authenticator.
- Select “Security info.”
- Click on “Delete” next to security key/method for the device that was lost or stolen.
- Click “OK” to confirm deletion of security key.
Reviewed 2024-10-04