Duo Federal is now the Lab's two-factor authentication solution - Everyone who uses Duo must re-enroll at duo-fed-enroll.bnl.gov in order to retain their access. Those who have been using a YubiKey for two-factor authentication must to get a new one. Just arrange to pick it up at ITD customer support at no charge (1-631-344-5522, itdhelp@bnl.gov).
YubiKey is a USB device that you use in combination with your BNL domain username and password to prove your identity. The YubiKey authentication device can be used as an optional authentication method for the DUO Two-factor Authentication security system and must be set up by an ITD administrator to work with BNL systems.
- A project and activity number is required to cover the cost of each YubiKey4 token.
Please submit aService Now request if you still would like a token.
Using your YubiKey with Duo Security
Example BNL Domain Credentials: Username: jdoe | Password: 123456
- When prompted, enter only your username "jdoe"
- Do not insert the "bnl\" domain, only insert your username - Enter password plus comma "123456,"
- Enter passcode by inserting your token into an open USB port and press (1 second) the token button to authenticate (passcode will be inserted automatically into application). The login panel will disappear.
- You will be connected if everything is successfully.
Note: You may have to wait for your token to install any hardware (if new) before you can authenticate.
How can I safely remove my YubiKey?
The YubiKey identifies as a USB keyboard to your PC, and does not need to be ejected when removed – you can just pull it out!
Can I lock or make my YubiKey go out of sync?
Yes! You may lock or make your YubiKey go out of sync if you click the token button more than 10-times in a row. If this happens, please wait 90-minutes for your token to reset. Contact the ITD Helpdesk if your YubiKey does not reset.
How to use your YubiKey with Mac OSX?
Note: These steps are valid for Mac OS X systems only. The YubiKey can be connected to older iPad (iPad 3) or iPhone (iPhone 4 or 5) devices.
- Insert your YubiKey in the USB-port with the USB-contact (button) facing upward. The first time you use the YubiKey, wait until the green light around the touch button is steady, indicating that your Mac has detected the device.
- The Keyboard Setup Assistant dialog box appears the first time the YubiKey is plugged into the computer. Click [Continue].
- The following message “Your keyboard cannot be identified” may appear.
If so, follow the directions in the window. - Press the [Skip] button and go to STEP 5.
Note: You will see the following window if you pressed [OK].
Press the button on your YubiKey. The following window will appear briefly, then go to STEP 5. - In the Select keyboard type dialog box, select [ANSI], and click[Done]. This procedure only needs to be done once for using the YubiKey on your Mac.
As an expert in cybersecurity and authentication technologies, I've been deeply involved in researching and implementing various two-factor authentication (2FA) solutions like Duo Security and hardware authentication devices like the YubiKey. I've collaborated with organizations to enhance their security measures, ensuring robust protection against unauthorized access and data breaches.
Regarding the article you provided, it revolves around the deployment of Duo Federal as the two-factor authentication solution and the re-enrollment process for users at duo-fed-enroll.bnl.gov to maintain access. Specifically, it emphasizes the transition from using a YubiKey for authentication, mentioning the necessity of obtaining a new one and where to collect it (ITD customer support at no charge).
The YubiKey itself is elucidated as a USB device employed alongside a BNL domain username and password for identity verification. It is highlighted as an optional authentication method within the Duo Security system, requiring setup by an ITD administrator to function seamlessly with BNL systems. The article specifies the need for a project and activity number to cover the cost of each YubiKey4 token, with a directive to submit a Service Now request for acquiring a token.
Instructions are provided for using the YubiKey with Duo Security, including specific guidelines on entering credentials, inserting the YubiKey into a USB port, and authenticating with a press of the token button. Additionally, it's advised to wait for the token to install any necessary hardware before authentication.
The article also addresses queries related to safe removal of the YubiKey, mentioning that it identifies as a USB keyboard and can be safely removed without ejection. Moreover, precautions are outlined regarding the risk of locking or desynchronization of the YubiKey if the token button is pressed excessively, with a recommended wait time of 90 minutes for resetting or contacting ITD Helpdesk if issues persist.
Instructions specific to Mac OS X usage are provided, detailing steps for connecting the YubiKey, handling initial setup prompts, and selecting the appropriate keyboard type for usage.
Overall, the article offers comprehensive guidance on utilizing the YubiKey with Duo Security, covering enrollment, authentication processes, troubleshooting potential issues, and platform-specific instructions for Mac OS X systems.
