Ova

How do I add YubiKey to authenticator?

Published in YubiKey Authenticator Setup 4 mins read

To add a new account to the Yubico Authenticator application using your YubiKey, you primarily use the desktop application to scan a QR code provided by the service you wish to secure. This process ensures your one-time password (OTP) credentials are securely stored directly on your YubiKey, not on your computer, enhancing security and portability.

What is Yubico Authenticator?

The Yubico Authenticator is a desktop application that works in conjunction with your YubiKey to securely store and generate Time-based One-Time Passwords (TOTP) and HMAC-based One-Time Passwords (HOTP). Instead of storing these sensitive credentials on your device, the Yubico Authenticator leverages the secure element within your YubiKey, making your 2FA codes highly resistant to malware and phishing attacks.

Why Use YubiKey with Authenticator?

Integrating your YubiKey with the Authenticator app offers significant advantages:

  • Enhanced Security: Your secrets for generating OTPs are cryptographically stored on the YubiKey's secure hardware, making them virtually impossible for attackers to extract from your computer.
  • Portability & Convenience: Your 2FA codes are accessible wherever you have your YubiKey and the Authenticator app, providing secure access across multiple devices without manual setup on each.
  • Malware Resistance: Since credentials are off-device, they are protected against software vulnerabilities, keyloggers, and other forms of malware.

Prerequisites

Before you begin, ensure you have the following:

  • A YubiKey 5 Series (or other YubiKey models compatible with the Authenticator app).
  • The Yubico Authenticator for Desktop application installed on your computer (available for Windows, macOS, and Linux). You can download it from the official Yubico website.

Step-by-Step Guide to Adding an Account

Adding a new account to the Yubico Authenticator with your YubiKey is a straightforward process, primarily using a QR code for setup.

  1. Launch the Application: Open the Yubico Authenticator for Desktop application on your computer.
  2. Insert YubiKey: Plug your YubiKey into an available USB port on your computer. The application should detect your YubiKey automatically.
  3. Initiate Account Addition: Click on the YubiKey icon located in the top-right corner of the Authenticator application window. A dropdown menu will appear; select Add account.
  4. Scan QR Code: A new window will prompt you to Scan QR code. At this point, navigate to the service (e.g., Google, Facebook, Microsoft) where you want to enable two-factor authentication. During their 2FA setup, they will provide a QR code. Position this QR code within the scanning frame of the Yubico Authenticator app. The application will automatically detect and parse the QR code, extracting the necessary credential information.
  5. Review and Adjust Settings: Before the credential is finalized and stored on your YubiKey, you will have the option to adjust several settings. These settings allow you to customize how the credential behaves for added security and convenience:
    • Account Name: Provide a descriptive name for the account (e.g., "Google Personal," "Work Email," "Facebook"). This helps you quickly identify the correct OTP code later.
    • Touch Requirement: Decide if a physical touch of your YubiKey is required each time you want to generate and view the OTP code. Enabling this feature significantly enhances security by ensuring physical presence for every access.
    • PIN Protection: For some YubiKeys, you may have the option to require a PIN before the credential can be used.
    • OTP Type and Period: These are usually automatically detected from the QR code (e.g., TOTP with a 30-second refresh period) but can be manually adjusted if needed (though typically not recommended unless you know what you're doing).
  6. Confirm Addition: Once you have reviewed and adjusted the settings to your preference, click the "Add" or "Save" button to securely store the new account credential onto your YubiKey.

The new account will now appear in your Yubico Authenticator list. Whenever you need an OTP code, simply open the application with your YubiKey plugged in, and the code will be displayed, ready for use.

Managing Your Authenticator Accounts

  • Viewing Codes: With your YubiKey plugged in and the Yubico Authenticator open, your generated OTP codes will be visible.
  • Copying Codes: Click on any displayed OTP code to automatically copy it to your clipboard, making it easy to paste into login fields.
  • Editing/Deleting Accounts: Right-click on an existing account in the list to access options for editing its name or deleting the credential from your YubiKey.

Where to Find QR Codes for Services

Most online services that support two-factor authentication will present a QR code during their 2FA setup process. Look for sections within your account settings related to "Security," "Two-Factor Authentication," "Authenticator App," or "OTP Setup." This QR code is what the Yubico Authenticator will scan to add the account.

← Previous Article
Which is Better: Charcoal or Briquettes?
Next Article →
How do you put a Ring doorbell outside?