We now support people purchasing and setting up the Yubikey 5 NFC security key for use with their St. Thomas account. This enables people without cell phones to use MFA. Currently, only the physical key paired with the Yubico Authenticator App (found in the Microsoft App Store) will work with our accounts. The key can be purchased through Yubico and Amazon.
PLEASE NOTE: You should confirm the type of USB port on your device before ordering - both USB A and USB C keys are also available using the links above and the directions below will work for either.
Decisions to cover the cost of this device are up to the individual department. Please check with your supervisor for any questions related to purchasing.
These instructions are specific to computers with the most current version of the Windows Operating System. If you have a St. Thomas Windows laptop, you may need to upgrade to the most current operating system using the Software Center.
Getting familiar with your Yubikey
The Yubikey 5 NFC is a FIDO2 security token that you can use to secure both your St. Thomas digital accounts and your personal accounts. You can read more about FIDO2 here. The Yubikey functions in a couple of different ways, however currently we support the COMBINATION of the key itself and the Yubico Authenticator App (which unlike other apps can be installed on your computer as well as a mobile device).
When you first open your Yubikey, you'll notice there isn't much to it. And once we get the app installed, it is pretty easy to use. So let's get started:
As mentioned earlier in this article, depending on the USB ports on your computer, you will have either a USB A (shown here) or a USB C connector. You will also notice a gold circle on the body of the key - this is a touch pad or sensor. In the most secure mode, you are required to physically touch the key to authenticate (we recommend this). Insert the Yubikey into a USB port on your machine. You may be prompted to configure the key and add a PIN. You can do that if you wish, however it will not be necessary for our multifactor authentication.
You are now ready to download and install the Yubico App.
Installing the Yubico Authenticator App
Find the Microsoft Store on your computer. The easiest way to do this is the type the word "Store" in the search bar on the lower left side of your primary screen. Once you are in the Store, you can search for "Yubico" or "Yubikey". In the search results, you should see something like this:
Click on this to get more details, as well as the option to Install. Go ahead and install it, following any prompts.
Linking Yubikey with your St. Thomas Account
Here's where things could get a little tricky. The set up requires you to keep two windows open and perform tasks in both the Yubikey Authenticator App and your St. Thomas Account Security Info. Don't worry though - just proceed carefully through the steps below and make sure you read any prompt you see thoroughly.
First, go to https://myaccount.microsoft.com/ and authenticate when prompted. Find this tile:
Click on the blue UPDATE INFO > text. You should see a list of sign in methods for your account. We are going to add one. Note the + Add sign-in method in the image below. Go ahead and click on the + sign for your own account.
Now we have some choices to make. Right now we don't support the Security Key option for our accounts, so you may not see that. You should, however, see the Authenticator app option as shown below. Select that to continue.
At first, you will be prompted to get the Microsoft Authenticator App. Although we support that method, THAT WILL NOT WORK WITH YOUR YUBIKEY. Instead, you will want to click on the blue highlighted text stating you want to use a DIFFERENT authenticator.
After you make your selection, you will be instructed to set up your account in your app. This means it is time to make sure your Yubico App is open.
Once in your Yubico App, you will want to start setting up your account. You will need to keep both windows open as you will need to sync some information between the two screens. In your Yubico App, select Add Account as shown below:
You will then get another dialog box asking for information you don't know yet - the Account Name and Secret key. That's OK - we are going to get that now. Switch back to your St. Thomas Account Info and click the Next button on the "Set up your account" dialog box. You should see the image below (without the useful red arrow).
You have probably figured out at this point that you can't easily scan this image on your computer with your computer. So click the Can't Scan Image box to get the information you need to enter into your Yubico app.
You should have an Account Name and Secret Key now, with Copy to Clipboard icons next to each. Copy each into your Yubico App in the correct fields and put a name that you recognize and associate with your St. Thomas account into the Issuer field. UST works well, but you can call it anything you'd like.
Syncing your account and key
Go back to your Microsoft account window and click Next. You should get prompted for a security code or token. The combination of your app and your key will generate this. Make sure your key is still in your USB drive and go back to your Yubico App. You should see something like this:
If you see six asterisks, you are using the key in a secure way. Give yourself a pat on the back! Now DOUBLE CLICK the account. You will see a prompt to TOUCH your Yubikey. Press your finger on the gold circle of your Yubikey while it is still docked in the USB port. After a second you should see a 6 digit code displayed, along with a copy to clipboard icon. Copy and paste this back in your Microsoft Account window where you were prompted for a code and enter it.
And that's it! You can now use your Yubikey to generate a code whenever you are prompted for multifactor authentication by following this final step!
Thank you for helping keep St.Thomas data secure!
To report a problem or receive additional troubleshooting, please contact the
Tech Desk.