Body
Summary
This article provides instructions for setting up Multi-Factor Authentication (MFA) for your USNH Microsoft (M365) account via a YubiKey security key. YubiKey is a physical security key which enables strong multi-factor authentication into a variety of systems. Enterprise Technology & Services recommends YubiKeys in situations where phone (either phone call or text message) or authenticator app is not an option.
We recommend that you consult the YubiKey Facts & Purchasing Guide for information where to buy a YubiKey. Additionally, YubiKey offers an online quiz for selecting the right YubiKey for your needs at: https://www.yubico.com/quiz/
Product Quick Facts:
- YubiKeys are small USB devices that are inserted into a desktop or laptop computer USB port / Lighting connector
- Pressing the top or side button on the YubiKey generates and automatically enters a passcode on MFA prompts
- YubiKey 5 series meet Microsoft’s Modern Authentication hardware requirements
IMPORTANT: Before beginning the steps below, you must
complete the initial set up of your YubiKey per the manufacturer's instructions at: https://www.yubico.com/setup/
Choose the option you prefer:
Note: These instructions were created using a Yubikey 5C NFC (both FIPS and non FIPS) and while other current Yubikey models should work, they may have a slightly different registration process.
How-To
Task: To set up Multi-factor Authentication (MFA) for your USNH Microsoft account using a Yubikey (security key) without other MFA methods - requires calling the Help Desk first
IMPORTANT: ET&S strongly recommends that you set up one or more backup MFA methods to use if your Yubikey is lost or stolen.
The YubiKey MFA registration process requires that you first validate who you are via a confirmation code. If you plan to add multiple MFA methods, we recommend you add those other methods first. Once you have another sign-in method(s), such as a phone and/or the Microsoft authenticator app, you can go ahead and self-register your Yubikey without needing to call the Help Desk.
If you do not have any other MFA methods available, proceed with these instructions to set up your YubiKey with the assistance of the Help Desk.
Instructions
Note: These instructions assume you are using a computer and have your YubiKey ready. They also assume that you have completed the initial set up of your Yubikey per the manufacturer's instructions.
Step 1 - Call the Technology Help Desk to obtain a Temporary Access Pass, also known as a One Time Passcode (OTP).
- KSC: (603) 358-2532
- PSU: (603) 535-2929
- UNH/USNH: (603) 862-4242
Step 2 - After the One Time Passcode (OTP) has been issued to you, on your computer, go to: myaccount.microsoft.com
Step 3 - Click on UPDATE INFO in the Security info tile.
Step 4 - You should see Temporary access pass (One Time Passcode) listed in your Security info profile. Click Add sign-in method.
Step 5 - Click the Choose a method drop down and select Security key
Step 6 - Click Add then Next
Step 7 - Under Verify your identity, click Use Temporary Access Pass
Step 8 - Enter the Temporary Access Pass (OTP) that you received from the Help Desk in Step 1 and click Next
Step 9 - Under Security key, select USB device for Yubikey 5C NFC (both FIPS and non FIPS).
Step 10 - Have your YubiKey ready. Click Next.
Step 11 - When prompted, plug your YubiKey into the USB port, then touch the button or sensor on your YubiKey.
Step 12 - A browser pop-up should appear where you must create a YubiKey PIN. Type the PIN you want in the blank and click Next..
Note: This is a PIN that you create. Keep it safe and do not share it with anyone. If you lose or forget your YubiKey PIN, you will have to work with the YubiKey YubiKey Manager application to reset your PIN, or work with the YubiKey manufacturer directly. ET&S has no access to assist with lost YubiKey PINs. This is why ET&S strongly recommends you have a alternate method(s) set up for MFA.
Step 13 - When prompted, touch your YubiKey again to complete the request.
Step 14 - Click Allow to allow this site to see your security key.
Step 15 - Name your Security key, then click Next.
Step 16 - Success - you're all set! Click Done.
Outcome
The Security info tab should now display Security key as a sign-in method. You can now use your YubiKey for MFA for M365 when required.
Back to top
Task: YubiKey Self-registration - To set up Multi-factor Authentication (MFA) for your USNH Microsoft account using a Yubikey (security key) in addition to other MFA methods - requires having at least one additional MFA sign-in method such as phone and/or authenticator app
IMPORTANT: Associating your YubiKey with your USNH Microsoft account requires that you first set up a phone number or the Microsoft Authenticator app as the primary method of MFA. This is because the YubiKey MFA registration process must first validate who you are by sending a confirmation code to initiate the set up.
Once the Yubikey is set up, you may choose to remove the phone or authenticator app from your sign-in methods. However, ET&S strongly recommends that you keep one or more backup MFA methods to use if your Yubikey is lost or stolen.
If you do not have any other MFA methods available, see the instructions above to set up MFA using a Yubikey (security key) without other MFA methods - requires calling the Help Desk first.
Instructions
Note: These instructions assume you are using a computer and have your YubiKey ready. They also assume that you have completed the initial set up of your Yubikey per the manufacturer's instructions.
Step 1 - On your computer, go to: myaccount.microsoft.com
Step 2 - Click on UPDATE INFO in the Security info tile
Step 3 - Click Add sign-in method
Step 4 - Click the Choose a method drop down and select Security key
Step 5 - Click Add then Next
Step 6 - You will be prompted to sign into your USNH M365 account. Use your existing MFA method to approve the sign in when asked.
Step 7 - Continue from Step 9 in the instructions above to complete the YubiKey registration process.
Outcome
The Security info tab should now display Security key as a sign-in method. You can now use your YubiKey for MFA for M365 when required.
Back to top
Further Readings
MFA: Setting up Multi-Factor Authentication (MFA) for M365
MFA: Adding Backup Multi-Factor Authentication (MFA) Methods
MFA: YubiKey Facts & Purchasing Guide
YubiKey Selection Quiz
Need additional help?
Visit the Technology Help Desk Support page to locate your local campus contact information or to submit an online technology support request. For password issues you must call or visit the Help Desk in person.