����ӰԺ

The registration process to set up a YubiKey is the same for Windows, MacOS (using a Chrome browser) and mobile devices. However, MacOS requires that a PIN be set on the security key prior to registering the key with Microsoft. 

If you are using MacOS with Safari, a PIN must be set on the security key before registering the key with Microsoft. You must have software installed (i.e. ) and be able to run that software as Administrator. For employees with MacOS, contact your IT staff to assist in establishing the PIN using the IT Pro workstation and process below. 

1. Install the . 
2. Open Yubico Authenticator and click on the shield icon on the left.  
3. Click "Set PIN" to the right under "Manage."  
4. Enter a PIN and click "Save." 

You will notice that it now shows "Change PIN" under "Manage."

Find details about Multifactor (MFA) Registration. 

1. Go to  
2. Select “Security info.” 
3. Click “Add sign-in method.”  
4. Select “Security key” and click “Add.” (You may be asked to sign in again.) 
5. Choose “USB device.” 
6. Have your key ready to plug into the USB port and click “Next.” 
7. You will be directed to another splash page. Choose “Security key.” 
8. Click “Next.” 
9. Click “OK” twice. 
10. Insert the security key into the USB port. 
11. Set a PIN that is at least eight characters. It should be a combination of numbers and letters.  
12. Touch your security key that is still plugged in. 
13. Click “OK” to be redirected back to the “My Sign Ins” security info page. 
14. Name your security key. This name will be displayed on the security info page so you can identify your security key. 

The key is now set up. 

Key Importance

• Treat your security key with the same importance as a car key. 
• Do not inscribe your name or any other meaningful personal information on the key. This includes stickers or keychains that contain personally identifiable information. 

PIN Security

• A PIN is mandatory and should not be simplistic, such as “000000” or “123456.” 
• Avoid writing the PIN on a sticky note; instead, create a memorable code that doesn’t require physical or electronic documentation. 
• Do not disable interfaces to circumvent the PIN prompt. 
• The minimum PIN length is six characters, with a preference for eight or more alphanumeric characters. 
• PINs must not contain any personal identifiers like Employee ID, Social Security number, phone number or any details related to the key owner. 

Key Custody

• Never leave your YubiKey or other security key unattended. 
• When traveling, keep the key separate from your laptop; for example, if the laptop is in a bag, carry the key in your pants pocket, purse or another carrying method. 

Key Storage

• Upon stepping away from your laptop or computer, remove the key and store it securely, preferably on your person. 
• Do not keep your security key attached to your name badge/University ID card. 

Public Use Precautions

In public settings, be cautious of onlookers when entering your PIN. Physically rotate yourself 90 degrees to shield the PIN entry from view as you type it. 

Authentication Methods

After both the security key and the Microsoft Authenticator application have been configured on the account, visit to remove the SMS and phone call authentication options from your account. These methods are less secure. 

Loss Prevention

In case of a lost or stolen key, report it immediately to the Division of IT by contacting the IT Help Desk. As soon as possible, remove the security key as an authentication method from your account. 

1. Log in to with your alternative multi-factor method (i.e. Microsoft Authenticator). 
2. Select “Security info.” 
3. Click on “Delete” next to security key/method for the device that was lost or stolen. 
4. Click “OK” to confirm deletion of security key.