How to register your YubiKey for two-factor authentication (2FA)
The instructions below are for UWaterloo employees who have requested and received a token from IST.
If you do not have a token for 2FA yet
UWaterloo employees with an active Workday record can request a token from IST via this form: https://uwaterloo.atlassian.net/servicedesk/customer/portal/2/group/413/create/1660
Students (undergrad and grad), co-op students, and contract staff, retirees and alumni can purchase a YubiKey/U2F (Universal 2nd Factor) on their own via Amazon or another vendor. Once the YubiKey/U2F token has been purchased, they can program it themselves: Duo two-factor authentication overview and instructions | Add a Security Key
Registering a YubiKey
Go to the DUO self-service enrolment page by clicking on the following link: https://2fa.uwaterloo.ca/duo/activate
You may be prompted to sign in with your 8-character UWaterloo username @uwaterloo.ca (e.g. myuserna@uwaterloo.ca) and password. After which, you will be redirected to the window below:
Plug your YubiKey into an available USB port, as instructed on the activation page
Click in the “Passcode” box, then press the button on your YubiKey to generate a passcode and
confirm that it is set up correctlyOnce you see the “your new token is now ready for use” message, you’re finished!
Mac Users: If the “Keyboard Setup Assistant” window appears when you plug in your new YubiKey, close the window.
Using your YubiKey
For most systems:
Navigate to the enterprise system login page.
When prompted, enter your 8-character username @uwaterloo.ca (e.g. joeblogs@uwaterloo.ca)
and password.A Duo Security 2FA prompt will pop up. Select Other options and select Yubikey passcode if you do not get the Enter your passcode screen
Touch the button on your YubiKey to authenticate.
VPN access
Enter your 8-character username and password.
For the Second Password field, press the button on your YubiKey.
Alternatives for the “Second Password”
“push” to use the Duo Mobile app on a phone,
“phone” for a voice call challenge, or
enter a passcode from the Duo Mobile app
Returning Tokens
When a faculty member/staff leaves, they need to return their token. Either return the token to one of the IST Service Desks in DC or DP, or mail it internally to Chao Yang at EC2 2108C.
Related Articles
Need help?
Contact the IST Service Desk online or 519-888-4567 ext. 44357.