/
Using a Hardware Security Key (YubiKey) for Authentication

Using a Hardware Security Key (YubiKey) for Authentication

Hardware security keys such as YubiKeys provide an additional way to sign in to Christopher Newport University's systems.  These security keys function a bit differently than the other methods used for signing in, and this article will cover what you need to know to use security keys to sign in.

Obtaining a Hardware Security Key

If your department needs to purchase a security key, put in a ticket at help.cnu.edu, and our Project Management Office will provide you further instructions.

You can also purchase a security key on your own.  While any FIDO2-compatible key should work with our systems, all ITS support and testing use the YubiKey 5 series keys. 

General Information

  • Your security key allows sign-in to your account. DO NOT share your security key with anyone.

  • As part of the setup process, you will add a six-digit PIN to your security key.  This will be needed any time you use the key, and ITS cannot retrieve this PIN.  Please make sure you remember the PIN.

  • Please report lost/stolen security keys to ITS as soon as possible and remove them from your account.

Where you can Use your Key

You CAN use your key to sign in to any site that uses Entra single sign-on.  These are the ones that use the large image of Christopher Newport Hall on the sign-in page.  These include:

  • Google e-mail, calendar and drive.

  • Scholar

  • DocuSign

  • Watermark

You CANNOT use your key to sign into sites, apps or devices that use a different sign-in process:

  • Computers

  • VPN

You can use your security key with Cardinal, but the setup steps are a bit different.

Setting up your Key

To set up a hardware security key, follow our MFA Setup instructions.

Signing in With a Hardware Security Key

The process to use a hardware security key is a bit different, as it will automatically be set as the default 2FA method if you’ve set it up.  It also allows you to skip entering your password when signing in.

To sign in with a hardware security key, enter your University e-mail address when prompted.

email prompt
email prompt

Usually, you’ll be immediately instructed to insert your security key. If instead, you get to the password prompt, click "Use your face, fingerprint, PIN, or security key instead".

use face, fingerprint, PIN, or security key instead
use face, fingerprint, PIN, or security key instead

On a Mac, you'll have to tell it that you want to use a security key.

Insert your security key when asked. You'll be prompted for your PIN.  This is the PIN you created for your security key.

Once you enter that, you'll be prompted to touch the button on your security key and will be signed in.

 

Signing in Without your Security Key

If you set up security key sign-in and need to use your password instead, you'll need to take a few steps.  Log in with your e-mail as normal.  When you get the security key prompt, click Cancel.

Cancel
Cancel

Then, click "Other ways to sign in" on the error page.

On the following screen, choose "Use my password".

Use my password
Use my password

Sign in with your password and regular 2-factor authentication.  Once you do, you'll need to repeat the steps in Signing in with a Hardware Security Key above to switch back to using your security key.