Securely Login to Local Accounts with YubiKey Security Key in Windows  

    Securely Login to Local Accounts with YubiKey Security Key in Windows

    Securely Login to Local Accounts with YubiKey Security Key in Windows

    How to Securely Login to Local Accounts with YubiKey Security Key in Windows 7, Windows 8, and Windows 10
    Published by Category: User Accounts
    08 Jun 2020
    Designer Media Ltd
     

    How to Securely Login to Local Accounts with YubiKey Security Key in Windows 7, Windows 8, and Windows 10


    Yubico Login for Windows application provides a simple and secure way for YubiKey users to securely access their local accounts on Windows computers.

    The primary benefits of Yubico Login for Windows include:

    • Highly secure and easy-to-use multi-factor authentication (MFA) for login using local accounts to Windows workstations
    • Simple configuration for up to 10 individual users
    • Fast enrollment for backup YubiKeys
    • Easy recovery mechanisms for lost YubiKeys

    Yubico Login for Windows is designed to provide strong MFA for logging into local accounts on Windows 7, Windows 8.1 or Windows 10 computers. It is not suited for logging into any of the following accounts: Azure Active Directory (AAD), Active Directory (AD), Microsoft accounts.

    See also: Yubico Login for Windows Configuration Guide | Yubico support

    Once you have Yubico Login setup and configured for a local account on the computer, the user will be required to connect the YubiKey security Key before typing their user name and password credentials to log in to Windows.

    This tutorial will show you how to set up Yubico Login to login to a local account with a YubiKey security key in Windows 7, Windows 8, and Windows 10.

    Local accounts can be accessed remotely via methods such as remote desktop software, SSH, or authentication via the Microsoft Server Message Block (SMB) protocol. Yubico Login for Windows does not secure those non-local forms of login to local accounts.


    You must be signed in as an administrator to install and configure Yubico Login for Windows for any local accounts (standard user or administrator) on the computer.

    Uninstalling Yubico Login for Windows will undo and remove the YubiKey security key requirements for all local accounts on the Windows computer.


    EXAMPLE: Yubico Login for Windows



    Securely Login to Local Accounts with YubiKey Security Key in Windows-yubikey_sign-1.jpg Securely Login to Local Accounts with YubiKey Security Key in Windows-yubikey_sign-2.jpg Securely Login to Local Accounts with YubiKey Security Key in Windows-yubikey_sign-3.jpg



    Here's How:

    1 Download and install the same 32-bit or 64-bit version of Yubico Login for Windows as is your 32-bit or 64-bit Windows. (see screenshot below)

    You will be required to restart the computer after installing Yubico Login for Windows.

    Securely Login to Local Accounts with YubiKey Security Key in Windows-download_yubico_login.png

    2 Open the Yubico Login Configuration app. (see screenshot below)

    Securely Login to Local Accounts with YubiKey Security Key in Windows-yubico_login_configuration.png

    3 Click/tap on Next. (see screenshot below)

    Securely Login to Local Accounts with YubiKey Security Key in Windows-yubico_login-1.png

    4 Make any changes you want to the settings, and click/tap on Next. (see screenshot below)

    Slots: Select the slot where the challenge-response secret will be stored. All YubiKeys that have not been customized come pre-loaded with a credential in slot 1, so if you are using Yubico Login for Windows to configure YubiKeys that are already being used for logging into other accounts, do not overwrite slot 1.

    Challenge/Response Secret: This item enables you to specify how the secret will be configured and where it will be stored. The options are:

    Use existing secret if configured - generate if not configured: The key’s existing secret will be used in the specified slot. If the device has no existing secret, the provisioning process will generate a new secret.
    Generate new, random secret, even if a secret is currently configured: A new secret will be generated and programmed to the slot, overwriting any previously configured secret.
    Manually input secret: For advanced users: During the provisioning process, the application will prompt you to input manually an HMAC-SHA1 secret (20 bytes - 40 characters hex-encoded).

    Generate Recovery Code: For each user provisioned, a new recovery code will be generated. This recovery code enables the end-user to log in to the system if they have lost their YubiKey. For more information, refer to the description of the Recovery Code above.

    Note: If you select to save a recovery code while provisioning a user for a second key, any previous recovery code becomes invalid, and only the new recovery code will work.

    Create Backup Device for Each User: Use this option to have the provisioning process register two keys for each user, a primary YubiKey and a backup YubiKey. If you do not want to provide recovery codes to your users, it is good practice to give each user a backup YubiKey. For more information, refer to the Primary and Backup Keys section above.

    Securely Login to Local Accounts with YubiKey Security Key in Windows-yubico_login-2.png

    5 Select (check) the local account for the user you want to configure, and click/tap on Next. (see screenshot below)

    Local accounts that currently have YubiKeys registered and are enabled for Yubico Login for Windows have an asterisk (*) next to the respective usernames. You can add additional YubiKeys for users already configured by selecting the users here.

    Securely Login to Local Accounts with YubiKey Security Key in Windows-yubico_login-3.png

    6 When prompted, insert (connect) a YubiKey security key to the computer to configure it for this user account. (see screenshot below)[INDENT]
    Securely Login to Local Accounts with YubiKey Security Key in Windows-yubico_login-4.png[/INDENT

    7 Click/tap on Next. (see screenshot below)

    The Programming Device page displays the progress of programming each YubiKey. The Device Confirmation page shown below displays the details of the YubiKey detected by the provisioning process, including the device serial number (if available) and the configuration status of each One-Time Password (OTP ) slot. If there are conflicts between what you have set as defaults and what is possible with the detected YubiKey, a warning symbol is displayed. If everything is good to go, a check mark will be shown. If the status line shows an error icon, the error is described and instructions for fixing it are displayed on the screen.

    Securely Login to Local Accounts with YubiKey Security Key in Windows-yubico_login-5.png

    8 When programming the YubiKey has finished for the user account, you will be prompted to remove (disconnect) the Yubikey from the computer.

    Securely Login to Local Accounts with YubiKey Security Key in Windows-yubico_login-6.png

    9 Click/tap on Finish. (see screenshot below)

    The selected local account can no longer be accessed without this corresponding YubiKey connected while logging in to Windows.

    Securely Login to Local Accounts with YubiKey Security Key in Windows-yubico_login-7.png


    That's it,
    Shawn



  1. Golden's Avatar
    Posts : 1,639
    Windows 10 Pro x64
       #1

    Nice @Brink , very nice
      My Computers


 

Tutorial Categories

Securely Login to Local Accounts with YubiKey Security Key in Windows Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:12.
Find Us




Windows 10 Forums