Yubico has created a small utility that can secure access to a Windows computer when used in conjunction with a YubiKey. When properly configured, both the user’s password and YubiKey are required to gain access to the account. When using this tool it is highly recommended to configure a second, back-up YubiKey at the same time in the event access to the primary YubiKey is lost.
This guide will show you how to enable a YubiKey to protect your Windows Login. To do so, you will need the following:
- A local (non-cloud or domain) account on Windows 7 or 8 (32-bit or 64-bit)
- YubiKey Hardware with firmware 2.2 or later. Should you wish to make a back-up YubiKey (highly recommended), please have another YubiKey available.
- The YubiKey needs to be configured with our Personalization Tools for HMAC-SHA1 challenge-response with variable input in slot 2.
- For optimal user experience, we recommend to not have “button press” configured for challenge-response. If button press is configured, please note you will have to press the YubiKey twice when logging in.
How to enable YubiKey Windows Login
Please note: You need to have administrator privileges to be able to install and you need to reboot your computer after the installation.
For Step-by-Step instructions, including how to configure your YubiKey in HMAC-SHA1 mode, please download the Yubico Windows Login Guide [PDF].
1. Download the YubiKey Logon installation file. To do this, download here.
The installation file is the same for Microsoft Windows 7 and Windows 8, for 32-bit and 64-bit editions.
2. Open the installation file and click “Install”.
Note: What you need to install is checked. These items are installed automatically. If the Microsoft .NET Framework is not installed, however, you will need to download and install that file yourself.
3. Click “Yes” in the User Account Control window.
4. Follow the setup wizard.
5. Launch the YubiKey Logon Administration, that can be accessed from the Start menu.
You will find it under the folder Yubico → YubiKey Logon → YubiKey Logon Administration.
6. Click “Yes” in the User Account Control window.
7. Click “Yes” to enable YubiKey logon for your computer.
8. Choose to reboot now or after associating the YubiKey with a user.
9. Click the arrow to select the user you want to configure in the YubiKey Logon Administration window.
10. If you have not already done so, insert your YubiKey in the USB port on your computer.
11. Click Configure.
12. Click “Yes” to enable the YubiKey Logon for the specified user.
13. Optional: Click Test to perform a test with the YubiKey.
14. If you have not already done so, reboot your computer now.
15. Log on to Windows with the YubiKey inserted in an available USB port.
Note: Enter your ordinary password and not an OTP from the YubiKey in the password field. The YubiKey challenge-response will take place without any user interaction.
Provide your feedback!
We want every Yubico Product to reflect our dedication to ease-of-use and reliability. We welcome any user feedback regarding issues, improvements or general comments. Please add your suggestions, feedback and questions at our forum.