Using a Security Key with NetIDplus (Duo)
The Duo two-factor authentication platform supports security keys, offering secure login approvals resistant to phishing attacks combined with the one-tap convenience you’re already used to with Duo Push.
What are Security Keys?
A security key plugs into your USB port and when tapped or when the button is pressed it sends a signed response back to Duo to validate your login. Duo uses the U2F and WebAuthn authentication standards to interact with your security keys. You may also see WebAuthn referred to as “FIDO2”.
Security Key Requirements
In order to use a security key with Duo, make sure you have the following:
- A supported browser (Chrome 70 or later, Firefox 60 or later, or Opera 40 or later).
- An available USB port. A supported security key. WebAuthn/FIDO2 security keys from Yubico or Feitian are good options.
- U2F-only security keys (like the Yubikey NEO-n) can’t be used with Firefox.
Enrolling a Security Key for Duo Mobile Authentication
Please note that UT Dallas does not provide security keys.
- Access the NetIDplus enrollment page and select Add a new device. You will be asked to authenticate before continuing.
- Note: Make sure that you’re not blocking pop-up windows for the enrollment site before continuing.
- Select Security Key as your device and select Continue.
- A pop-up window will prompt you to tap your security key. When enrolling your security key, you’ll be prompted to tap to enroll your security key (possibly more than once). You may also be asked to input a PIN if your security key required on upon its initial setup.
- You may also be asked if you want to allow Duo to access information about your security key (select Allow or Proceed as applicable).
- You have now enrolled your security key. To ensure that your security key has been added to your DUO devices, sign into the NetID Plus Enrollment Page and select My Settings and Devices, and after authenticating your security key should appear along with your mobile device (if you have one registered).
Authenticating with a Security Key
The next time you log on using Duo, you can simply tap or insert your security key to log in. Some types of keys flash as a prompt for you to authenticate. You do not need to explicitly select the security key from the drop-down list of available devices to use it for authentication in Chrome if you also enrolled it in Chrome.
- In other browsers, you may need to select your security key from the drop-down list of your authentication devices. Once you select your security key from the list, select Use Security Key and tap your security key when prompted.
Existing U2F Users: Security Key Update
If you’re a user who enrolled a U2F token for Duo authentication before the security key update, you’ll be prompted to update your security key registration for that device the next time you log in with Chrome using that U2F authenticator. Simply select Continue and tap the security key. Once the security key registration is updated via Chrome, you can use that security key in both Chrome and Firefox.
Security and Access > Access and Authorization Management
Article 828 | Last Reviewed 9/15/2020 2:12 PM