Using a Yubikey for two-factor authentication

Some users may have a Yubikey, which is a hardware token that supports a variety of cryptographic standards. The Office of Research Computing uses the TOTP protocol for generating passwords for user authentication, typically by means of a smartphone code generator. If you'd prefer to use a Yubikey, you can do so by following the following steps:

1. Obtain a Yubikey. They can be purchased directly from Yubico or ordered through Amazon. If you order from Yubico, you can get a 10% off coupon for being affiliated with an educational institution, though this is before shipping. If you have Prime, the choice between two day shipping and the 10% discount ends up being a wash (as of May 2019).
2. Install Yubico Authenticator. It's available for Windows, Mac, and Linux. There's also an Android app (iOS support is in progress).
3. Load the TOTP secret onto the Yubikey. Pull up the Yubico Authenticator application, and insert your Yubikey. Generate your two factor credentials as normal on this website, and then use Ctrl+O in the Yubico Authenticator application to take a screenshot and scan it for a QR code. If you'd prefer, you can use Ctrl+N to enter the secret manually. Other options are available under the File tab in the GUI. Follow the on screen instructions.
4. Provide a code back to the website. You should be able to plug your Yubikey into your PC or phone to generate TOTP codes via Yubico Authenticator. Provide one of these codes back to the website to confirm your enrollment. If there are any problems, repeat the steps to load the TOTP secret onto the key.
5. Print backup codes on the website. Put them in a wallet or another safe place.
6. Voila! You're done.

Further Reading:

• https://www.yubico.com/products/services-software/download/
• https://support.yubico.com/support/solutions/articles/15000006419-using-your-yubikey-with-authenticator-codes
• https://support.yubico.com/support/solutions/articles/15000010964-enabling-the-yubico-ppa-on-ubuntu