Yubikey Hardware Device Instructions – MacOSX

Overview

This guide walks you through the setup, configuration and other methods of manipulating the Yubikey hardware token used in Multi-Factor Authentication on MacOSX computers.

Technical note: These instructions work for the Yubikeys supplied by the university for those who traded in their Duo token. If you purchase your own key, these instructions work with the newer Yubikey FIDO 2 keys, including the Security Key (C) (NFC), YubiKey 5(C) (NFC), and YubiKey 5(C) (NFC) FIPS. They may generally work for most FIDO 2 devices.

Please contact SalukiTech if you have any questions on purchasing your own Yubikey if you do not have a Duo token to exchange.

Downloading the Yubico Manager for MacOSX computers

If you are setting up a new Yubikey/FIDO2 Device for the first time on an Apple computer (iMac, Mac Book Air, Mac Book Pro) you must configure it with a security key PIN first. To do this you need to download the Yubikey Manager from Yubico.

1. Open a browser (Safari) and go to Yubico website: https://www.yubico.com/
2. On the ‘Support’ tab, Click on the ‘Downloads’ Link.

   

3. On the ‘End-user Tools’ page, click ‘Downloads’.

   

4. Scroll down on this page and click on the link ‘macOS Download’.

   

5. Your browser will ask ‘Do you want to allow download on www.yubico.com‘, click ‘Allow’.

   

6. After the Yubikey Manager download is complete it will be in your ‘Downloads’ folder, in the latest version of MacOSX it will pop-up on the lower left-hand side of the Dock. Double click the .pkg file to install the software.

   

7. The Yubikey Manager installer will launch, click ‘Continue’.

   

8. It will ask you to ‘Select a Destination’, select the main OS drive.

   

9. You will get a summary of what is being installed, click ‘Install’.

   

10. You will be prompted to input a password; this is the password you use for your computer, then click on ‘Install Software’.

    

11. Once the installation is complete, click on ‘Close’.

    

12. You will be asked if you want to keep the package that you downloaded, this option is up to you.

    

13. Now we need to launch the software, click on the Launchpad on the Dock and look for Yubikey Manager icon; click on that to launch the software.

Creating a PIN for Yubikey / FIDO2 Devices

Note: You MUST run this software as an administrator!

1. Once the Yubikey Manager software is open, insert the USB key in your computer, you will see some information about your key.

   

2. On the ‘Applications’ tab select the ‘FIDO2’ option.

   

3. Click on ‘Set PIN’.

1. Enter a secure PIN here. This is alphanumeric, meaning you can use letters or numbers and must be between 4 and 63 characters in length.
   SIU recommends a 6-character password for your Yubikey. This doesn’t have to be overly complex and should be something you can/will remember. Entering this wrong 8 or more times will reset the device.

   

2. A small pop-up at the bottom of the screen will confirm that your FIDO2 PIN is set.

   

Adding a Hardware Token to Your SIU / Microsoft Account

1. Login to office.siu.edu click your profile and go to ‘My Account’ then ‘Security Info’. Use the direct link here: https://mysignins.microsoft.com/security-info

   

2. Click ‘Add sign-in method’ select ‘Security Key’ and click ‘Add’.

   

3. Select USB (or NFC if you are operating your NFC-capable hardware token via a mobile device).

   

4. You will now be advised to have your Yubikey ready and click ‘Next’.

   

5. This will pop-up for 10 seconds while the site looks for attached security keys.

   

6. Select ‘Security Key’ from the next menu and click ‘Next’.

   

7. You will be prompted to insert your security key and touch it to start the pairing process.

   

8. Now you must enter your PIN for the security key then click ‘Continue’.

   

9. You will be prompted to touch your security key again.

   

10. Enter a name for this key. This is for your reference only and mostly used for those individuals who have multiple hardware tokens. Click ‘Next’ when done.

    

11. You should see this message once its added, now you can click ‘Done’. Your Yubikey is now setup!
    

    

    

Removing a Hardware Token from your SIU / Microsoft Account

1. Visit the Security Info Section of your office.siu.edu account or go directly to https://mysignins.microsoft.com/security-info

   

2. Click the ‘Delete’ button next to the device(s) you want to remove.
3. You may be prompted to Sign In to confirm deletion; if not, move on to Step 4.
   [Note: You should have another device setup already to complete this step. If not, please reach out to SalukiTech].

   

4. Click ‘OK’ to confirm deletion.

   

Changing a PIN on a Mac for Yubikey / FIDO2 Devices

You must have the Yubikey Manager installed to complete this action, installation instructions are at the top of this guide.

1. Click on ‘Launchpad’ on the Dock and look for Yubikey Manager icon, click on that to launch the software.
   NOTE: You MUST run this software as an administrator!
   

   

2. Once the Yubikey Manager software is open, insert the USB key in your computer, you will see some information about your key.

   

3. On the ‘Applications’ tab select the ‘FIDO2’ option.

   

4. Click on ‘Change PIN’. This is alphanumeric, meaning you can use letters or numbers and must be between 4 and 63 characters in length. SIU recommends a 6-character password for your Yubikey. This doesn’t have to be overly complex and should be something you can/will remember. Entering this wrong 8 or more times will reset the device.

   

5. You must input your Current PIN, then type the new PIN twice. Click ‘Change PIN’ to continue.
   

   

6. A small pop-up at the bottom of the screen will confirm that your PIN is reset.

   

Resetting a PIN on a Mac for Yubikey / FIDO2 Devices

You must have the Yubikey Manager installed to complete this action, installation instructions are at the top of this guide

1. Click on ‘Launchpad’ on the Dock and look for Yubikey Manager icon, click on that to launch the software.
   NOTE: You MUST run this software as an administrator!
   
   
2. Once the Yubikey Manager software is open insert the USB key in your computer, you will see some information about your key.

   

3. Click on the ‘Reset FIDO’.

   

4. You will be warned about the removal of FIDO credentials, Click ‘YES’.

   

5. You will be asked to remove and re-insert the Yubikey.

   

6. Next, you need to touch the Yubikey to complete the reset process.

   

7. A small pop-up at the bottom of the screen will confirm that your FIDO was reset.