Using a 2FA key to secure your online accounts is one of the best things you can do for your personal security. Thankfully, it’s not difficult to set up, and this Yubikey tutorial will walk you through everything you need to know.
Be sure to subscribe to the All Things Secured YouTube channel!
Before we dive into how to set up your 2FA key, let me share two very important things with you.
- Create Security Backups: As I’ve explained in my philosophy of security video, when you’re setting up any type of security, creating backup is critical. For me, this means I have two Yubikeys for myself and two for my wife. I keep one key with me at all times and I store the other key safely in another location.
- I Recommend Yubikey: The second thing I want to share is that I’m using the Yubikey 5 Series for this tutorial, which I highly recommend. I use the 5Ci and the 5 NFC so that I have the option to connect to USB, USB-C and Apple Lightning.
Of course, you can always just use a 2FA authenticator app, which is 100% free, but for the purpose of this tutorial, I’m assuming you’re buying a physical key.
Note: Some of the links in this article may be affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use one of the services listed. I only recommend what I personally have used, and I appreciate your support!
How to Set Up Your New Yubikey 2FA Key
So let’s say you’ve just received your Yubikey and you’ve opened the package. (and if you need help, here’s a chart to help you choose which Yubikey to buy)
Don’t worry about downloading any apps or configuring the key in any way. The cool thing is that it’s basically ready to use right out of the box.
Whether you want to set up Google, Facebook, Charles Schwab or any other online account that allows for 2 factor authentication, you’re going to be looking for your security and login settings.
Within those settings, you’ll look for either “2 Step Verification” or “2 Factor Authentication”. They usually offer different options, including SMS text, authenticator app and/or security key. For this, you’ll want to choose the key.
You’ll be asked to plug the key into your device and press either the sides or the button.
You’ll have to go through this process for each 2FA key individually, which means that if you purchased a backup key, you’ll also have to set that up separately. The keys can’t be linked in any way.
Logging in with the New 2FA Key
Once this setup is completed, in addition to logging in with your username and password, you’ll also be prompted to plug in your 2FA key. This usually means you’re both plugging it in and either tapping the button or squeezing gold bars depending on which key you’re using.
Once you do this, you shouldn’t need to click any buttons, just wait for the key to let you in. Of course, if you’re using the NFC version of the Yubikey 5 and you have a newer phone or tablet, you can just tap the key on the top back portion of the device instead of plugging it in.
Normally, this is only required when you’re setting up a new device, whether that’s your phone, your tablet or your laptop computer. Once you’ve allowed a device as trusted, you shouldn’t end up using your 2FA key every single day to log in.
Using Your Yubikey as a 2FA Authenticator
But what if a specific website or service doesn’t support 2FA keys? And believe me, there are plenty of them.
For example, I invest using a service called Wealthfront, and unfortunately at this point they only support 2 factor authentication via SMS text and authenticator app.
To do this with your Yubikey 2FA key, you’ll need to:
- Download the Yubikey Authenticator App: The app is available on all major platforms, so you simply open up your app store and search for “Yubikey”.
- Plug In/Tap Your Yubikey: Once you open the program, plug in your Yubikey or tap it on your device. This will allow you to access the 2FA codes stored on the device.
- Setup Any New Codes: To setup new codes, simply log into the online account you want to secure, find the security settings and locate the 2FA menu. When you find “Add authenticator app”, they will give you both a QR code and a manual code. The Yubikey Authenticator app can accept both to set up the key.
Now, you want to log into your secured account on a new device, it will ask you for a two-factor authentication code. With the Yubikey plugged into your computer, the Yubikey Authenticator app shows you the code, which you can copy and paste it in.
I only use this authenticator app option if the 2FA key is not available.
It’s also worth reiterating that the Yubikey authenticator gets programed on a per-key basis, which means that if you want to have a backup of these codes on your backup key, you’ll have to go through a separate process of setting them up for each key individually. It’s not automatic and honestly, it’s a bit tedious.
Lock Your Computer with a 2FA Key
There’s one more advanced use case for the Yubikey that you might find interesting.
For most of us, we either use a password or our fingerprint to unlock our laptop or desktop computers. Now don’t get me wrong – there’s nothing wrong at all with this kind of security. It’s what I use for my work computer.
However, if, for some reason, you want to really lock down your computer – perhaps there’s a particular computer that you use for all your cryptocurrency or that stores other extremely sensitive data – you can actually make your Yubikey a requirement to log into that computer.
I warn you to proceed with caution here. The last thing you want to do is get yourself locked out of your own computer, and that’s entirely possible if you’re not careful.
The first thing you need to do is download the Yubikey Manager App and then follow the instructions that Yubikey provides. Since their help page is a better place to learn about this, I recommend you click through there and follow instead of me trying to replicate it here.
Congratulations! You’re All Set Up
You’re now set up with your new 2FA security key! Congratulations!
Remember this: if 2FA is an available option, then use it!