Yubico has created a small utility that can secure access to a Windows computer when used in conjunction with a YubiKey. When properly configured, both the user’s password and YubiKey are required to gain access to the account. When using this tool it is highly recommended to configure a second, back-up YubiKey at the same time in the event access to the primary YubiKey is lost.
This guide will show you how to enable a YubiKey to protect your Windows Login. To do so, you will need the following:
- A local (non-cloud or domain) account on Windows 7 or 8 (32-bit or 64-bit)
- YubiKey Hardware with firmware 2.2 or later. Should you wish to make a back-up YubiKey (highly recommended), please have another YubiKey available.
- The YubiKey needs to be configured with our Personalization Tools for HMAC-SHA1 challenge-response with variable input in slot 2.
- For optimal user experience, we recommend to not have “button press” configured for challenge-response. If button press is configured, please note you will have to press the YubiKey twice when logging in.
How to enable YubiKey Windows Login
Please note: You need to have administrator privileges to be able to install and you need to reboot your computer after the installation.
For Step-by-Step instructions, including how to configure your YubiKey in HMAC-SHA1 mode, please download the Yubico Windows Login Guide [PDF].
The installation is the same for both Windows 7 & Windows 8 32 bit and 64 bit editions.
2. Open the installation file and click “Install”.
Please note: What needs to be downloaded will be marked.
3. Press “Yes” in the User Account Control window.
4. Follow the setup wizard.
5. Launch the YubiKey Logon Administration, that can be accessed from the start menu.
You will find it under the folder Yubico → YubiKey Logon → YubiKey Logon Administration.
6. Press “Yes” in the User Account Control window.
7. Press “Yes” to enable YubiKey logon for your computer.
8. Choose to reboot now or after associating the YubiKey with a user.
9. Select user to configure in the drop down menu in the YubiKey Logon Administration window.
10. If not already done so, please insert your YubiKey in the computer via a USB port.
11. Press configure.
12. Press “Yes” to enable the YubiKey Logon for the chosen user.
13. Optional: click test to do a test with the YubiKey.
14. If not already done so, reboot your computer.
15. Log on to Windows with the YubiKey inserted in a free USB port.
Please note: Enter your ordinary password and not an OTP from the YubiKey in the password field. The YubiKey challenge-response will take place without any user interaction.
Provide your feedback!
We want every Yubico Product to reflect our dedication to ease-of-use and reliability. We welcome any user feedback regarding issues, improvements or general comments. Please add your suggestions, feedback and questions at our forum.