How to register your YubiKey for two-factor authentication (2FA)

The instructions below are for UWaterloo employees who have requested and received a token from IST.

If you do not have a token for 2FA yet

UWaterloo employees with an active Workday record can request a token from IST via this form: https://uwaterloo.atlassian.net/servicedesk/customer/portal/2/group/413/create/1660

Students (undergrad and grad), co-op students, and contract staff, retirees and alumni can purchase a YubiKey/U2F (Universal 2nd Factor) on their own via Amazon or another vendor. Once the YubiKey/U2F token has been purchased, they can program it themselves:

Registering a YubiKey

  1. Go to the DUO self-service enrolment page by clicking on the following link: https://2fa.uwaterloo.ca/duo/activate

  2. You may be prompted to sign in with your 8-character UWaterloo username @uwaterloo.ca (e.g. myuserna@uwaterloo.ca) and password. After which, you will be redirected to the window below:

    image-20240819-144732.png

  3. Plug your YubiKey into an available USB port, as instructed on the activation page

  4. Click in the “Passcode” box, then press the button on your YubiKey to generate a passcode and
    confirm that it is set up correctly

  5. Once you see the “your new token is now ready for use” message, you’re finished!

Mac Users: If the “Keyboard Setup Assistant” window appears when you plug in your new YubiKey, close the window.

Using your YubiKey

For most systems:

  1. Navigate to the enterprise system login page.

  2. When prompted, enter your 8-character username @uwaterloo.ca (e.g. joeblogs@uwaterloo.ca)
    and password.

  3. A Duo Security 2FA prompt will pop up. Select Other options and select Yubikey passcode if you do not get the Enter your passcode screen

    image-20240819-152219.png
  4. Touch the button on your YubiKey to authenticate.

VPN access

  1. Enter your 8-character username and password.

  2. For the Second Password field, press the button on your YubiKey.

    1. Alternatives for the “Second Password”

      1. “push” to use the Duo Mobile app on a phone,

      2. “phone” for a voice call challenge, or

      3. enter a passcode from the Duo Mobile app

Returning Tokens

When a faculty member/staff leaves, they need to return their token. Either return the token to one of the IST Service Desks in DC or DP, or mail it internally to Chao Yang at EC2 2108C.

Related Articles

Need help?

Contact the IST Service Desk online or 519-888-4567 ext. 44357.