Knowledgebase

MFA USB FIDO2 Key

Multi-Factor Authentication: Adding and Uninstalling the USB FIDO2 Key as a Verification Method

MFA - Using the USB FIDO2 Key as a Verification Method

FIDO USB keys are available to check out as an additional verification method through Media Services. Choose from a USB-A (standard USB port) or USB-C (micro USB port) for your laptop needs. 
 
Adding the FIDO Key as a Method:

To add a FIDO key to as a sign-in method, go to the top right of Microsoft Outlook to your settings (Circle with your initials) and click View Account.

Click Security Info on the left side of the page.

Image of Security Info screen

From the Security Settings in your Account, click Add Method:

Image of the Add a method dialog

Choose Security Key:

Image of choosing security key in Add a method dialog

Microsoft will request that you authenticate before continuing. Click Next.

Image of security key setup dialog

Image of multi-factor authentication dialog

Once authenticated, choose NFC from the key type list:

Image of security key device type dialog

Insert your FIDO key into the appropriate USB port on your laptop. If you do not have an available port, you can utilize the USB-C port in your Thunderbolt docking station or USB-A (standard USB port) keys are also available. Click next when computer has recognized the FIDO device.

Image of security key setup dialog

Follow the prompts as Microsoft completes the key setup. 
Click Okay to Microsoft’s acknowledgement of creating a record of the key. 

Image of security key setup dialog

Click Okay to set up the key under your Microsoft Sign ins and Next to continue setup.

Image of security key setup dialog

Create a PIN consisting of several digits for your key. Write your PIN down in a location that is always accessible with your laptop. You may need to enter this pin in addition to touching the key when using as an MFA verification method.  Your PIN is also required to reset your key upon returning it to Fort Lewis College. 

Image of security key pin setup dialog

Enter your PIN the fields and click Okay. Touch the gold circle on your key. 

Image of security key pin setup dialog

Name your Key Method in your Security Info and click Next. 

Image of security key name dialog

Your Key will now appear listed in your verification methods. Click Done.

Image of security key setup finish dialog

Managing you USB FIDO2 Key

Download the Yubikey Manager app to your laptop. This software is used should you ever need to change the PIN of your key, and is required to reset your key upon returning it to Fort Lewis College.
https://www.yubico.com/support/download/yubikey-manager/
 
What will using my FIDO key look like?
You can leave your FIDO key in your laptop port or docking station when not in use. When traveling be sure your key is in your possession and always available. Remember your PIN in case you need to authenticate in order to log in to your Microsoft account. 

You can change your default verification method at any time from your Security Info page. go to the top right of Microsoft Outlook to your settings (Circle with your initials) and click View Account. Click Security Info on the left side of the page. 

When prompted to authenticate before logging in to your Microsoft account, you can choose to use one of your other methods rather than your default method by clicking  “I can’t use my Authenticator App right now”.. This should provide you with the list of other devices you have set up as methods to choose how you would like to sign in. You should always have at least 2 devices configured. If you choose your FIDO key, you will be prompted to enter your PIN and touch the gold circle on your key to complete verification. 
Image of multi-factor authentication approved sign in request dialog
 
When you are ready to return your FIDO security key to Fort Lewis College, YOU MUST RESET YOUR KEY.
 
Keep your FIDO key through your employment with Fort Lewis College. Should you no longer wish to use the FIDO key as a verification method for MFA, or upon termination of employment from Fort Lewis College, your key must be reset from your registered laptop and returned to Media Services in Reed Library.
 
Open the YubiKey Manager on your desktop; right click the app icon and “Run as Administrator”. Ensure your FIDO key is inserted in your USB-C laptop port or your docking station. Go to the Applications Tab and click “Reset FIDO”.  You will be required to enter your PIN to complete the reset. You will receive confirmation when the device has been reset. 
Image of Yubico configuration software
Go to the top right of Microsoft Outlook to your settings (Circle with your initials) and click View Account. Click Security Info on the left side of the page. This will take you to My Sign-Ins. 
 
From the list of methods, find Security Key and click Delete.
Image of security methods dialog
 
Click Sign In and use your default sign-in method to authenticate your Microsoft account in order to complete the change. 
Image of delete security key dialog
 

Microsoft will confirm the method has been removed. It may appear in your list of methods until your next login. 

Return your FIDO key to Media Services located in the basement of Reed Library.

Attached Files
Updated on Mon, 14 Feb 2022 by Bodine, James