These instructions show you how to set up your YubiKey so that you can use two-factor authentication to sign in to any account that requires authenticator codes. Example sites where you can use codes to authenticate include Amazon, Dropbox (if you aren’t using U2F), Evernote, Facebook, and many others.

To use a code at one of these sites, you use an application, such as Google Authenticator, to generate the codes. The codes generated are OATH-TOTP codes, a type of one-time password, that are usually six-digits. You can generate the codes needed to authenticate with these accounts on both your computer and Android phone, depending on the type of YubiKey you have.

You can also use Yubico Authenticator, which is similar to Google Authenticator. We have created both a desktop and mobile version of this app for you to use — so you can use it on a Microsoft Windows, Mac (OS X or macOS), or Linux  operating system; or an Android phone.

Instructions

Software tools referenced in these instructions can be found on our Downloads page. Need help Identifying Your YubiKey?


Setting Up Your YubiKey in Yubico Authenticator for Desktop

Requirements:

  • YubiKey 4, YubiKey 4 Nano, YubiKey NEO, YubiKey NEO-n, YubiKey Edge, YubiKey Edge-n, YubiKey Standard, or YubiKey Nano
  • Yubico Authenticator for Desktop application for Microsoft Windows, Mac (OS X or macOS), or Linux
  • If you are using an older version of the YubiKey NEO, may also need to use the YubiKey NEO Manager to change the connection mode and add CCID support to your YubiKey NEO or YubiKEY NEO-n (CCID mode has been enabled, by default, on all YubiKeys shipped since November 16, 2015)

Instructions to Enable CCID Mode

  1. If you have an YubiKey NEO or YubiKey NEO-n, verify that the device has CCID enabled. To do this, open YubiKey NEO Manager.
  2. Click Change connection mode [OTP + U2F].
  3. Select the checkbox for CCID and click OK.
  4. Continue with the following instructions for all other YubiKeys.

Instructions

  1. Enable two-factor authentication for your service. Usually, you will do this by selecting Settings or Security, and then selecting the option to Enable two-factor authentication.
    TIP: Some services call this “two-step verification.”
  2. Select the option to use a mobile app, or Google Authenticator.
  3. Open Yubico Authenticator for Desktop.
  4. Select File > Add.
  5. Click Scan a QR Code.
  6. If desired, change the name of the credential. The default credential name includes the name of the service and your user name. Once you have saved the credential, you cannot change the name.
  7. Do the following:
    • For all keys except for YubiKey Edge, YubiKey Edge-n, YubiKey Standard, and YubiKey Nano, accept the default settings, and click OK.
    • For YubiKey Edge, YubiKey Edge-n, YubiKey Standard, and YubiKey Nano, select the slot you want to use, and click OK. The default slot will be Slot 2, which is usually available if you have not programmed your key. Then select File > Settings and be sure the Read from slot option matches the slot you want to use.
  8. When prompted, click OK to overwrite the credential in the slot. You are prompted whether you are using a new YubiKey or whether you have previously programmed this slot. You have successfully configured your YubiKey for authenticator codes!
  9. To view the authenticator code credential, click the Refresh button. The code displayed is the code you need to enter when you want to authenticate using two-factor authentication.

Setting Up Your YubiKey NEO with Yubico Authenticator for Android App

Requirements:

TIP: You may find it easier to set up your YubiKey NEO to work with Dropbox using the Yubico Authenticator for Desktop application. Once you have set up your YubiKey with the desktop version of the application, you can then use that YubiKey with the Yubico Authenticator for Android App.

Instructions:

  1. If you have not already done so, install the Yubico Authenticator for Android app. This app is available from the Google Play store.
  2. Enable two-factor authentication for your service. Usually, you will do this by selecting Settings or Security, and then selecting the option to Enable two-factor authentication.
    TIP: Some services call this “two-step verification.”
  3. Select the option to use a mobile app, or Google Authenticator.
  4. You will need to copy the text string as well as scan the QR code.Click enter your secret key manually and copy the text of the code and paste it into a text file now.
    • Be sure to save a copy of the secret key. You can use this to create a backup copy of your YubiKey configured to use authenticator codes. It is always best security practices to ensure you have a backup YubiKey.
    • Note that you can also configure Dropbox to use SMS text to access your account for two-factor authentication if you cannot use TOTP codes, for additional backup access.
  5. Open the Yubico Authenticator app.
  6. Tap the control icon to open the menu.
  7. Select Scan account QR-code, and then scan the Dropbox QR code from the web page.
    • To manually add the secret key, select Add account manually, then enter the credential name (Dropbox), and type the secret key that you previously saved as a backup.
  8. On the web page, click Next. You have successfully configured your YubiKey for authenticator codes!
  9. To view the credential, tap your YubiKey on the back of your phone, where the NFC antenna is located. Yubico Authenticator displays the six digit code associated with this credential. This is the code you need to enter to authenticate when using two-factor authentication.

Logging on to Your Account

Note: Once you have configured your for two-factor authentication, you must log on to that service using a code generated by Yubico Authenticator (using either the Desktop or Android version of the app).

  1. Open YubiKey Authenticator.
  2. Log on to your account with your user name and password as usual.
  3. Find the authenticator code you need:
    • Launch Yubico Authenticator for Desktop, and insert your YubiKey. The code is shown next to the service’s credential.
    • Launch Yubico Authenticator for Android, and tap your YubiKey NEO against the NFC tag on the back of your phone. The code is shown next to the service’s credential.
  4. Enter the code and click Sign In. If prompted, touch your YubiKey.
    TIP: In Yubico Authenticator for Desktop, you can double-click the code, and then paste it into the field for the authenticator code.

More Ways to Use Your YubiKey

Do you use Gmail, LastPass, or WordPress? Check out these and many other uses for your YubiKey.

in How To