Yubico has created a small utility that can secure access to a Windows computer when used in conjunction with a YubiKey. When properly configured, both the user’s password and YubiKey are required to gain access to the account. When using this tool it is highly recommended to configure a second, back-up YubiKey at the same time in the event access to the primary YubiKey is lost.
This guide will show you how to enable a YubiKey to protect your Windows Login. To do so, you will need the following:
- A local (non-cloud or domain) account on Windows 7, 8, or 10 (32-bit or 64-bit). A local account means you are logging in directly to your computer (rather than logging in to your Outlook.com or domain/corporate account).
- You need administrator privileges to install the Windows Logon Tool. In addition, you need to reboot your computer after the installation.
Installing the Windows Logon Tool
1. Configure your YubiKey for challenge-response using HMAC-SHA1 with variable input for slot 2. For instructions on how to do this using the YubiKey Personalization Tool, review the instructions in the Yubico Windows Login Guide (available in PDF format from our Documentation page). When configuring your YubiKey, be sure that “Require user input (button press)” is not selected.
2. Download the YubiKey Windows Logon installation file from our Download page. The installation file is the same for Microsoft Windows 7/8/10, for 32-bit and 64-bit editions.Open the installation file and click “Install”.
Note: What you need to install is checked. These items are installed automatically. If the Microsoft .NET Framework is not installed, however, you will need to download and install that file yourself.
3. Click “Yes” in the User Account Control window.
4. Follow the setup wizard.
5. Launch the YubiKey Logon Administration, that can be accessed from the Start menu.
You will find it under the folder Yubico → YubiKey Logon → YubiKey Logon Administration.
6. Click “Yes” in the User Account Control window.
7. Click “Yes” to enable YubiKey logon for your computer.
8. Choose to reboot now or after associating the YubiKey with a user.
9. Click the arrow to select the user you want to configure in the YubiKey Logon Administration window.
10. If you have not already done so, insert your YubiKey in the USB port on your computer.
11. Click Configure.
12. Click “Yes” to enable the YubiKey Logon for the specified user.
13. Optional: Click Test to perform a test with the YubiKey.
14. If you have not already done so, reboot your computer now.
15. Log on to Windows with the YubiKey inserted in an available USB port.
Note: Enter your ordinary password and not an OTP from the YubiKey in the password field. The YubiKey challenge-response will take place without any user interaction.
Provide your feedback!
We want every Yubico Product to reflect our dedication to ease-of-use and reliability. We welcome any user feedback regarding issues, improvements or general comments. Please add your suggestions, feedback and questions at our forum.