Multifactor Authentication: Adding and Uninstalling the USB FIDO2 Key as a Verification Method
MFA - Using the USB FIDO2 Key as a Verification Method
FIDO USB keys are available to check out as an additional verification method through Media Services. Choose from a USB-A (standard USB port) or USB-C (micro USB port) for your laptop needs.
Adding the FIDO Key as a Method
To add a FIDO key to as a sign-in method, go to the top right of Microsoft Outlook to your settings (Circle with your initials) and click View Account.
Click Security Info on the left side of the page.
From the Security Settings in your Account, click Add Method:
Choose Security Key:
Microsoft will request that you authenticate before continuing. Click Next.
Once authenticated, choose NFC from the key type list:
Insert your FIDO key into the appropriate USB port on your laptop. If you do not have an available port, you can utilize the USB-C port in your Thunderbolt docking station or USB-A (standard USB port) keys are also available. Click next when computer has recognized the FIDO device.
Follow the prompts as Microsoft completes the key setup.
Click Okay to Microsoft’s acknowledgement of creating a record of the key.
Click Okay to set up the key under your Microsoft Sign ins and Next to continue setup.
Create a PIN consisting of several digits for your key. Write your PIN down in a location that is always accessible with your laptop. You may need to enter this pin in addition to touching the key when using as an MFA verification method. Your PIN is also required to reset your key upon returning it to Fort Lewis College.
Enter your PIN the fields and click Okay. Touch the gold circle on your key.
Name your Key Method in your Security Info and click Next.
Your Key will now appear listed in your verification methods. Click Done.
Managing you USB FIDO2 Key
What will using my FIDO key look like?
You can leave your FIDO key in your laptop port or docking station when not in use. When traveling be sure your key is in your possession and always available. Remember your PIN in case you need to authenticate in order to log in to your Microsoft account.
You can change your default verification method at any time from your Security Info page. go to the top right of Microsoft Outlook to your settings (Circle with your initials) and click View Account. Click Security Info on the left side of the page.
When prompted to authenticate before logging in to your Microsoft account, you can choose to use one of your other methods rather than your default method by clicking “I can’t use my Authenticator App right now”.. This should provide you with the list of other devices you have set up as methods to choose how you would like to sign in. You should always have at least 2 devices configured. If you choose your FIDO key, you will be prompted to enter your PIN and touch the gold circle on your key to complete verification.
When you are ready to return your FIDO security key to Fort Lewis College, YOU MUST RESET YOUR KEY.
Keep your FIDO key through your employment with Fort Lewis College. Should you no longer wish to use the FIDO key as a verification method for MFA, or upon termination of employment from Fort Lewis College, your key must be reset from your registered laptop and returned to Media Services in Reed Library.
Open the YubiKey Manager on your desktop; right click the app icon and “Run as Administrator”. Ensure your FIDO key is inserted in your USB-C laptop port or your docking station. Go to the Applications Tab and click “Reset FIDO”. You will be required to enter your PIN to complete the reset. You will receive confirmation when the device has been reset.
Go to the top right of Microsoft Outlook to your settings (Circle with your initials) and click View Account. Click Security Info on the left side of the page. This will take you to My Sign-Ins.
From the list of methods, find Security Key and click Delete.
Click Sign In and use your default sign-in method to authenticate your Microsoft account in order to complete the change.
Microsoft will confirm the method has been removed. It may appear in your list of methods until your next login.
Return your FIDO key to Media Services located in the basement of Reed Library.