Check out our helpdesk center where there are tons of knowledge base articles to help arm you with the necessary info to better your online security.
Set up your YubiKey
Before we begin, please make sure you have your YubiKey accessible. You will be using it to enhance the security of your online accounts. Remember that in order to get the most out of your YubiKey, it is important to set it up with each of your accounts.
Are you setting up a new YubiKey Bio? Make sure to enroll your fingerprint before following the steps below. Please note, fingerprint enrollment is only applicable to the YubiKey Bio Series. If you are not sure which key you have, check here.
Fingerprint enrollment
Enrolling Fingerprints on your YubiKey Bio varies on whether you are running Windows, macOS, Linux, or Chrome OS. You can enroll up to five (5) fingerprint templates to your Key to ensure access and are also able to remove and re-enroll individual templates if an issue arises.
Windows 10 and Windows 11
Use Windows Sign-in options. Click the button below to open the settings.
macOS / Linux / Chrome OS
Use Chrome 90 or later. To enroll your first fingerprint click the button below. For additional fingerprints see the enrollment video.
Desktop Yubico Authenticator
Desktop Yubico Authenticator 5.1 and later enables you to enroll and manage fingerprints on all supported operating systems. Use the Yubico Authenticator for Desktop on your Windows, Mac, or Linux computers. Note that on Windows 10, the Yubico Authenticator must be run in Administrator mode. Click the button below to download Desktop Yubico Authenticator.
1. Choose a YubiKey-compatible service
First, choose an online service that supports YubiKeys. Think of it as the place you want your YubiKey to protect. Some common examples include Google, Dropbox, and Microsoft.
Keep in mind that it is up to each service on how they support YubiKeys. Please see our Works With YubiKey Catalog for more information on securing your services.
Services we recommend setting up first
Security keys are crucial tools for safeguarding your online presence, and knowing where to start is vital. Here’s a brief guide on which services should take top priority:
Your email account is often the gateway to all your other online services. Once someone gains access to your email, they can reset passwords and access a plethora of sensitive information. Start by enabling two-factor authentication (2FA) for your email account using your security key.
Password managers are used to store and manage all your login credentials securely. Protecting this tool is essential because it contains the keys to your digital kingdom. Ensure your password manager is locked behind your security key
Any accounts related to your finances, such as online banking, investment platforms, and payment apps, should be secured with your security key. Unauthorized access to financial accounts can lead to severe consequences.
If you use cloud storage services like Google Drive or Dropbox, add an extra layer of security by linking them to your security key. This protects your documents, photos, and other files from being accessed by unauthorized users.
Social media accounts often contain personal information and may be used for identity theft. Enable 2FA and link your security key to protect your social profiles
If you use online tools and platforms for work, secure them with your security key. This includes project management tools, communication platforms, and any other work-related services.
For e-commerce platforms where you make purchases, ensure your payment information is protected with your security key. Unauthorized access to your online shopping accounts can lead to fraudulent transactions.
If you’re involved in cryptocurrencies, your wallet should be fortified with the highest level of security. Many cryptocurrency wallets offer hardware wallet integration, which is an ideal match for your security key.
Medical records are highly sensitive, and unauthorized access can lead to privacy breaches and identity theft. Protect your healthcare portal with your security key.
Airline accounts, hotel bookings, and travel rewards programs should be secured. Unauthorized access can lead to inconveniences during your travels.
2. Check account security options
Now that you have chosen a service, you will want to check which security settings are offered. This can be accomplished by logging into your account and navigating to your security settings.
Once there, look for language like:
- Two-step verification
- Two-factor authentication
- Multi-factor authentication
Within the sections listed above (or on their own), identify one or more of the following security options:
- Security Key
- Authentication app (this may go by other names)
- Passkey
Once you have a good idea of what security options your account supports, follow the corresponding instructions in the next step.
Other names for “authentication app”
Names can vary, but will generally follow this type of naming convention:
- Two-factor authentication app
- 2FA app
- Authenticator app
- Security code generator
- Time-based one-time password (TOTP) app
- Multi-factor authentication (MFA) app
- Code generator app
- Token app
- Verification code app
- 2-step verification app
- Time-sensitive code app
- Security key app
- Authentication code app
- OTP app (One-Time Password)
- Secure login app
- Mobile authentication app
- Identity verification app
- Secure access app
- Login code app
- Code authentication app
Differences between security key MFA, authentication apps, and passkeys
Security Key MFA uses physical devices and offers a high level of protection against phishing. It’s considered one of the most secure forms of MFA.
Yubico Authenticator as MFA is a software-based solution that relies on generating one-time codes. While it provides good security, it may not be as resistant to phishing as physical security keys. Unlike other Authenticators that store codes on vulnerable devices, our Authenticator ensures maximum safety by securely storing authentication codes on the YubiKey itself. Trust in a solution that prioritizes your security, setting us apart as the superior choice for safeguarding your digital assets.
Passkeys work using public key cryptography and proof that you own the credential is only shown to your online account when you unlock your phone. To sign into a website or app on your phone, you just unlock your phone — your account won’t need a password anymore.
3. Adding your YubiKey
Begin by plugging your YubiKey into a USB port, or if using NFC, get it ready to tap. If this is your first time using your YubiKey and you plan to use NFC, you must plug the YubiKey into any powered USB outlet first, to activate the Key. You can find more details here.
Please note that the following steps are intended as a general guide and support will vary by service. Because each service has its own unique security settings, you might notice some differences in the setup process.
OUR PREFERENCE
Option 1: Security Key MFA
1. Log in to your chosen service and navigate to your account’s security settings.
2. Look for the option to add a “Security key.”
3. Follow the instructions given by your service to add a security key, including any instructions prompted by your browser.
Adding your YubiKey: Security Key MFA
WIDELY SUPPORTED
Option 2: Authentication app
1. Download the Yubico Authenticator app to a device that is compatible with your YubiKey.
2. Log in to your chosen service and navigate to your account’s security settings.
3. Look for options to add an “Authentication app.”
4. Scan the QR code or enter the key code generated by your service to pair to your Yubico Authenticator.
5. Enter the 6-8 digit code generated by the Yubico Authenticator into your service to finalize setup.
Adding your YubiKey: Authenticator App
NEW
Option 3: Passkey
1. Log in to your chosen service and navigate to your account’s security settings.
2. Look for options to add a “Passkey.”
3. Your browser will prompt you to create a passkey using a variety of methods. Make sure to select the option that is named or mentions “Security key.” If this is not chosen, you could accidentally create a passkey that is not protected by your YubiKey.
Follow the steps prompted by your browser once the passkey option is selected. Learn more about passkeys.
Note: Please note that certain services may prompt you to create a PIN or verify the PIN if one is already set. This is the FIDO2 PIN and it can most easily be viewed or set using the Yubico Authenticator.
Adding your YubiKey: Passkey
4. Spare keys
We always recommend having more than one YubiKey. This way one key can be used as a primary Key, and the other can be used as a spare Key, just as you would for your house or car. Having a spare Key gives you the assurance that if you lose your primary Key, you will not be without access to your accounts when needing them most.
You can set up your spare YubiKey by following the same steps listed above. It is encouraged to set up both your primary and spare Keys at the same time.
5. Important tips
Test it out
Now that you have set up your YubiKey, try logging in. You should be prompted for your YubiKey. If not, something may have gone wrong, or the service might be using “Trusted Devices.” Some services have a “Trusted Devices” feature that lets you skip verification codes and Security Key use on recognized devices.
Keep it Safe
Treat your YubiKey like you would your house keys. Keep it in a safe place and do not share it with anyone. It is your personal security hero!
Software
The YubiKey is ready to be used right out-of-the-box. Additional applications, like our Yubico Authenticator are generally not needed unless components like key configuration or authenticator codes are required.
Please note that, in many cases, it is not necessary to configure your key prior to using it with online services. It is recommended that you make a configuration change only if instructed to do so.
Yubico Authenticator
Store your unique credential on a hardware-backed Security Key and take it wherever you go, on either mobile or desktop. No more storing sensitive secrets on your mobile phone, leaving your accounts vulnerable to takeovers. With the Yubico Authenticator you hold security in your hands.
Advanced protection
Feel confident that your accounts are now more secure. If you use other online services, check if they support YubiKey too. The more places you use it, the safer your online life becomes.
Here is additional support for your YubiKey:
Computer Login tools
Use your YubiKey to secure your computer or laptop. Make it a requirement to have your YubiKey before being able to log into your Windows or Mac machine.
Developer resources
Interested in integrating YubiKeys with your software? Check out the different developer resources we offer!
Frequently asked questions
2FA is a method to confirm a user’s claimed online identity by using a combination of two different types of factors. Factors used for 2FA include something that you know (e.g. password or PIN), or something that you have (e.g. a security key or phone) or something that you are (e.g. facial recognition). For more detailed information, please visit our 2FA glossary page.
A single YubiKey has multiple functions for securing your login to email, online services, apps, computers, and even physical spaces. Use any YubiKey feature, or use them all. The versatility of the YubiKey requires no software installation or batteries and therefore is ready to use directly out of the package. Simply login to the service, add your YubiKey, and enjoy a more secure online experience.
We always recommend securing your accounts with an additional YubiKey. However, if you do not have a spare Key and lose your YubiKey, we encourage you to have another form of 2FA added to your accounts to prevent being locked out of your accounts. Please note that if you do end up being locked out of an account, you will need to contact the service for account recovery help.
Yes, we at Yubico always recommend having more than one YubiKey. This way one key can be used as a primary Key, and the other can be used as a Spare Key. The importance of having a spare Key is well established. We have them for our most valuable assets in life – our houses, our cars, and our PO and safety deposit boxes. Not surprisingly, we also need spare keys for our digital devices! Having a spare Key gives you the assurance that if you lose your primary Key, you will not be without access to critical accounts when needing them most. In other words, with a spare Key you have no need to fear being locked out of any accounts, and no need to go through a lengthy recovery and identity verification process to regain access to each account.
To protect your security during shipping, NFC is temporarily disabled on your YubiKey. Activating it is easy: plug your YubiKey into any USB power source, like a computer, for at least 3 seconds. Once powered, NFC will be activated and ready to use. You can find more details here.
After 3 unsuccessful attempts to authenticate using biometrics your YubiKey Bio will cease to prompt for the fingerprint and will fall back to PIN and regular touch, the primary authentication mechanism. The blocked biometrics state is indicated by a constant slow flashing of the amber LED, the one closer to the USB-contact.
To unblock biometrics, do the following:
- Enter the PIN for your security key.
- When the green LED flashes, touch the bezel ring on your key.
Note that if you are not in the biometrics blocked state, the browser will ask you to authenticate using biometrics.
Check out our helpdesk center where there are tons of knowledge base articles to help arm you with the necessary info to better your online security.
Are you still having trouble setting up your YubiKey? Contact support for personalized help.