The instructions below are for UWaterloo employees who have requested and received a token from IST.

Registering a YubiKey

1. Go to the DUO self-service enrolment page by clicking on the following link: https://2fa.uwaterloo.ca/duo/activate

2. You may be prompted to sign in with your 8-character UWaterloo username @uwaterloo.ca (e.g. myuserna@uwaterloo.ca) and password. After which, you will be redirected to the window below:
   
   

   Open

   

3. Plug your YubiKey into an available USB port, as instructed on the activation page

4. Click in the “Passcode” box, then press the button on your YubiKey to generate a passcode and
   confirm that it is set up correctly

5. Once you see the “your new token is now ready for use” message, you’re finished!

Using your YubiKey

For most systems:

1. Navigate to the enterprise system login page.

2. When prompted, enter your 8-character username @uwaterloo.ca (e.g. joeblogs@uwaterloo.ca)
   and password.

3. A Duo Security 2FA prompt will pop up. Select Other options and select Yubikey passcode if you do not get the Enter your passcode screen

   Open

   

4. Touch the button on your YubiKey to authenticate.

VPN access

1. Enter your 8-character username and password.

2. For the Second Password field, press the button on your YubiKey.

   1. Alternatives for the “Second Password”

      1. “push” to use the Duo Mobile app on a phone,

      2. “phone” for a voice call challenge, or

      3. enter a passcode from the Duo Mobile app

Returning Tokens

When a faculty member/staff leaves, they need to return their token. Either return the token to one of the IST Service Desks in DC or DP, or mail it internally to Chao Yang at EC2 2108C.

Related Articles

• 2FA Frequently asked questions

• Duo two-factor authentication (2FA) and the VPN

• Removing a device or replacing a lost or stolen token

• Duo two-factor authentication overview and instructions

• 500 Internal Server Error / 502 Bad Gateway Error