Associating a YubiKey with a Microsoft Windows account is straightforward for both enterprise users connected to a domain and individuals running a single computer.


For enterprise users, the YubiKey 4, YubiKey 4 Nano, and YubiKey NEO act as a smart card, by linking to a Windows Certificate Authority, and work with any supported Microsoft Windows client operating system. This configuration enables RSA or ECC sign/decrypt operations. These keys support NIST’s SP 800-73 Personal Identity Verification Card (PIV) interface. There are two ways to set up these YubiKeys for use with enterprise Windows login:

Free Windows Login for Enterprise

YubiKey PIV Manager tools are available in user interface or command line versions.

Active Directory

Authlite from Collective Software integrates with Microsoft’s Active Directory to support two-factor authentication. Visit Authlite for details.


Individual users with a local account on their Windows computer can install a small utility from Yubico that works in conjunction with a YubiKey to secure access. This feature works without an Internet connection. It does not work with Microsoft Cloud Accounts.

Free Windows Login

Yubico offers a free application which enables two-factor authentication in a Windows environment with a YubiKey in challenge-response mode. Designed for individual users to work with Windows 7, 8, and 10.

How to enable Windows Login using Yubico’s Windows Logon Tool

Active Directory

For YubiKey Windows login with Active Directory, Yubico partners with AuthLite offering an enterprise class software.

Authlite (Windows Active Directory)