Summary
This article provides instructions forsetting up Multi-Factor Authentication (MFA) for your USNH Microsoft (M365) account via a YubiKey security key. YubiKeyis a physical securitykey which enables strong multi-factor authentication into a variety of systems. EnterpriseTechnology & Services recommends YubiKeys in situations where phone (either phone call or text message) or authenticator app is not an option.
We recommendthat you consult the for information where to buy a YubiKey. Additionally, YubiKeyoffers an online quiz for selecting the right YubiKey for your needs at:https://www.yubico.com/quiz/
Product Quick Facts:
- YubiKeys are small USB devices that are inserted into a desktop or laptop computer USB port / Lighting connector
- Pressing the top or side button on the YubiKey generates and automatically enters a passcode on MFA prompts
- YubiKey 5 series meet Microsoft’s Modern Authentication hardware requirements
IMPORTANT:Before beginning the steps below, you must complete theinitial set up of your YubiKeyper the manufacturer's instructions at:https://www.yubico.com/setup/
Choose the option you prefer:
- To set up YubiKey for MFA without other MFA methods- requires calling the Help Desk first.
- YubiKey Self-registration- requires having at least one additional MFA sign-in method such as phone and/or authenticator app.
Note:These instructions were created using a Yubikey 5C NFC (both FIPS and non FIPS) and while other current Yubikey models should work, they may have a slightly different registration process.
How-To
Task: To set up Multi-factor Authentication (MFA) for your USNHMicrosoft account using a Yubikey(security key)without other MFA methods - requires calling the Help Desk first
IMPORTANT: ET&S strongly recommends that you set up one or more backup MFA methods to use if your Yubikey is lost or stolen.
The YubiKey MFA registration process requires that you first validate who you are via a confirmation code. If you plan to add multiple MFA methods, we recommend you add those other methods first.Once you have another sign-in method(s), such as a phone and/or the Microsoft authenticator app, you can go ahead andself-register your Yubikey without needing to call the Help Desk.
If you do not have any other MFA methods available, proceed with these instructions to set up your YubiKey with the assistance of the Help Desk.
Instructions
Note: These instructions assume you are using a computer and have your YubiKey ready. They also assume that you have completed the initial set upof your Yubikey per the manufacturer's instructions.
Step 1-Call the Technology Help Desk to obtain a Temporary Access Pass,also known as a One Time Passcode (OTP).
- KSC: (603) 358-2532
- PSU: (603) 535-2929
- UNH/USNH: (603) 862-4242
Step 2-After the One Time Passcode (OTP) has been issued to you, on your computer, go to:myaccount.microsoft.com
Step 3-Click onUPDATE INFOin theSecurity infotile.
Step 4- You should see Temporary access pass (One Time Passcode) listed in your Security infoprofile. ClickAdd sign-in method.
Step 5-Click theChoose a methoddrop down and selectSecurity key
Step 6- ClickAddthenNext
Step 7- UnderVerify your identity, clickUse Temporary Access Pass
Step 8- Enter the Temporary Access Pass (OTP) that you received from the Help Desk in Step 1 and click Next
Step 9- Under Security key, selectUSB devicefor Yubikey 5C NFC (both FIPS and non FIPS).
Step 10- Have your YubiKey ready. ClickNext.
Step 11- When prompted, plug your YubiKey into the USB port, then touch the button or sensor on your YubiKey.
Step 12- A browser pop-up should appear where you mustcreate a YubiKey PIN. Type the PIN you want in the blank and clickNext..
Note:This is a PIN that you create. Keep it safe and do not share it with anyone.If you lose or forget your YubiKey PIN, you will have to work with the YubiKey YubiKey Managerapplication to reset your PIN, or work with the YubiKey manufacturer directly.ET&S has no access to assist with lost YubiKey PINs.This is why ET&S strongly recommends you have a alternate method(s) set up for MFA.
Step 13-When prompted,touch your YubiKey againto complete the request.
Step 14- Click Allow to allow this site to see your security key.
Step 15- Name your Security key, then click Next.
Step 16- Success - you're all set! Click Done.
Outcome
TheSecurity infotab should now displaySecurity keyas a sign-in method. You can now use your YubiKey for MFA for M365 when required.
Back to top
Task:YubiKey Self-registration - To set up Multi-factor Authentication (MFA) for your USNHMicrosoft account using a Yubikey(security key)in addition to other MFA methods- requires having at least one additional MFA sign-in method such as phone and/or authenticator app
IMPORTANT: Associating your YubiKeywith your USNHMicrosoft account requires that you firstset up a phone number or the Microsoft Authenticator appas the primarymethod of MFA. This is because the YubiKey MFAregistration process must first validate who you are by sending a confirmation codeto initiate the set up.
Once the Yubikeyis set up, you may choose to remove the phone or authenticator app from your sign-in methods. However, ET&S strongly recommendsthat you keep one or more backup MFAmethodsto use if your Yubikeyis lost or stolen.
If you do not have any other MFA methods available, see the instructions above to set up MFA using a Yubikey(security key)without other MFA methods - requires calling the Help Desk first.
Instructions
Note: These instructions assume you are using a computer and have your YubiKey ready. They also assume that you have completed the initial set upof your Yubikey per the manufacturer's instructions.
Step 1-On your computer, go to:myaccount.microsoft.com
Step 2- Click onUPDATE INFOin theSecurity infotile
Step 3- ClickAdd sign-in method
Step 4- Click theChoose a methoddrop down and selectSecurity key
Step 5- ClickAddthenNext
Step 6 - You will be prompted to sign into your USNH M365 account. Use your existing MFA method to approve the sign in when asked.
Step 7 - Continue from Step 9 in the instructions above to complete the YubiKey registration process.
Outcome
TheSecurity infotab should now displaySecurity keyas a sign-in method. You can now use your YubiKey for MFA for M365 when required.
Back to top
Further Readings
MFA: Setting up Multi-Factor Authentication (MFA) for M365
MFA: Adding Backup Multi-Factor Authentication (MFA) Methods
Need additional help?
Visit theTechnology Help Desk Support pageto locate your local campus contact information or tosubmit an online technology support request. For password issues you must call or visit the Help Desk in person.
