Hardware security keys such as YubiKeys provide an additional way to sign in to Christopher Newport University's systems.  These security keys function a bit differently than the other methods used for signing in, and this article will cover what you need to know to use security keys to sign in.

Obtaining a Hardware Security Key

If your department needs to purchase a security key, put in a ticket at help.cnu.edu, and our Project Management Office will provide you further instructions.

You can also purchase a security key on your own.  While any FIDO2-compatible key should work with our systems, all ITS support and testing use the YubiKey 5 series keys. 

General Information

• Your security key allows sign-in to your account. DO NOT share your security key with anyone.
• Currently, security keys are not supported for mobile devices. You will need to set up an alternative form of authentication to sign in on mobile devices.
• As part of the setup process, you will add a PIN to your security key.  This will be needed any time you use the key, and ITS cannot retrieve this PIN.  Please make sure you remember the PIN.
• Please report lost/stolen security keys to ITS as soon as possible and remove them from your account.

Where you can Use your Key

You CAN use your key to sign in to any site that uses Entra single sign-on.  These are the ones that use the large image of Christopher Newport Hall on the sign-in page.  These include:

• Google e-mail, calendar and drive.
• Scholar
• DocuSign
• Watermark

You CANNOT use your key to sign into sites that use our older sign-on system with the blue border, or anything that uses your ID number instead of your e-mail to sign in:

• Computers
• CNU Live
• Directory
• Cardinal
• VPN

Setting up your Key

To set up a hardware security key, follow our MFA Setup instructions.

Signing in With a Hardware Security Key

The process to use a hardware security key is a bit different, as it cannot be set as the default 2FA method.  It also allows you to skip entering your password when signing in.

To sign in with a hardware security key, enter your University e-mail address when prompted.

When you get to the password prompt, click "Use your face, fingerprint, PIN, or security key instead".

On a Mac, you'll have to tell it that you want to use a security key.

Insert your security key when asked. You'll be prompted for your PIN.  This is the PIN you created for your security key.

Once you enter that, you'll be prompted to touch the button on your security key and will be signed in.

After you go through this process once, you'll be automatically taken to the security key sign-in unless you tell Microsoft otherwise with the instructions below.

Signing in Without your Security Key

If you set up security key sign-in and need to use your password instead, you'll need to take a few steps.  Log in with your e-mail as normal.  When you get the security key prompt, click Cancel.

Then, click "Other ways to sign in" on the error page.

On the following screen, choose "Use my password".

Sign in with your password and regular 2-factor authentication.  Once you do, you'll need to repeat the steps in Signing in with a Hardware Security Key above to switch back to using your security key.