| Security Keys are supported and compatible with BYU-I DUO accounts |
Overview
BYU-Idaho supports security keys (also known as passkeys or hardware tokens) for DUO/2FA, provided they meet the WebAuthn/FIDO2 security protocol. (please see DUO's security requirements documentation for more information). Unsupported devices cannot be used.
Security keys enhance 2FA security and convenience, but users should understand their setup and operation before purchasing. Since there are a wide variety of different brands and models, we cannot make specific device or brand recommendations. In addition, we cannot troubleshoot or resolve issues arising while using or operating these devices. Users should contact manufacturers for assistance.
Requirements
The following criteria must be met to use security keys with a BYU-I DUO account:
|
Hardware Requirements
|
Software Requirements
|
- USB-A or USB-C
- WebAuthn/FIDO2
|
- Chrome
- Firefox
- Safari
- Edge
|
For more requirements, please visit DUO's security requirements documentation.
What are security keys?
To put it simply, a security key is a physical device that can be used as another form of 2-factor authentication. They protect against phishing attacks, and are convenient for tech-savvy users. Security keys are physical devices that are plugged into a USB port on your computer. The small USB device then acts as your 2nd form of authentication with just a tap on the device when prompted by DUO.
As with all authentication services, such as usernames and passwords, these security keys should be kept safe, protected, and out of reach of those with unauthorized access. Please keep these devices in a safe location. If you lose your security key, remove it from your DUO account as soon as possible, so the security of your BYUI account remains uncompromised.
Please note: If you are someone easily frustrated by technology, security keys may not be a good option. Security keys are not always a cheap option; prices can range from $19 to $100+. Replacing lost security keys requires purchasing a new key, removing the old device from your DUO account, and adding the replacement. If you DO choose to use a security key, we highly recommend buying at least two (with one as a backup) and having another authentication method enabled on your account (such as DUO Mobile, SMS, etc.). Doing so will prevent you from inadvertently being locked out of your account in the unfortunate situation of a lost key.
Examples of security keys include:
|
Yubico
|
Feitian
|
 |
 |
How to configure with DUO
NOTE: You must have the device in hand and ready to be plugged into your computer.
Follow these steps to set up your security key:
- Attempt logging into any BYUI webpage or system (such as I-Learn or myBYUI).
- Once you sign in with your username and password, you'll be brought to the DUO authentication prompt
- Click "need help" in the bottom left
- Verify your identity with DUO
- Click "Add a device"
Important: Only users can add security keys due to their physical nature. IT Service Desk support is limited.
For step-by-step configuration, refer to the DUO Universal Prompt guide
How to use security keys
Once you've configured your account, you'll see "Security key" as an option on your screen whenever you're prompted to use Duo. When you select "Security key" simply follow the on-screen prompts. For further help, feel free to check out Duo's articles at guide.duo.com
Contact Us
If you have questions, please call us at (208) 496-9009 or start a Live Chat with us.
Hours of Operation: Mon - Fri 7:30 AM - 8:00 PM, Sat 10:00 AM - 4:00 PM Mountain Time
(excluding weekly devotional, forum hour, and University Recognized holidays)