| Security Keys are supported and compatible with BYU-I DUO accounts |
Overview
BYU-Idaho has enabled and supports the use of security keys, also known as passkeys or hardware tokens, for use with DUO/2FA. But, these devices must meet the WebAuthn/FIDO2 security protocol (please see DUO's security requirements documentation for more information). Devices that do not meet this protocol are not supported and cannot be used with DUO.
These security keys are a safe, reliable option for 2-factor authentication. However, we strongly advise users to be familiar with the setup, configuration, and daily operation of these devices, before making the decision to purchase them. Since there are a wide variety of different brands and models, we cannot make specific device or brand recommendations. Due to the wide variety of brands, models, and specifications BYU-I support personnel cannot troubleshoot or resolve issues arising while using or operating these devices. We highly recommend contacting the manufacturer since they can offer the specific support required for the correct make and model.
Requirements
The following criteria must be met to use security keys with a BYU-I DUO account:
|
Hardware Requirements
|
Software Requirements
|
- USB-A or USB-C
- WebAuthn/FIDO2
|
- Chrome
- Firefox
- Safari
- Edge
|
For more requirements, please visit DUO's security requirements documentation.
What are security keys?
To put it simply, a security key is a physical device that can be used as another form of 2-factor authentication. Security keys are a promising trend in cyber security which seeks to add more security and resistance to phishing attacks. And for a tech-savvy user, security keys can also add a layer of convenience, since it offers the speed of taping on a USB device already plugged into your computer. By design, security keys are physical devices that are plugged into a USB port on your computer. The small USB device then acts as your 2nd form of authentication with just a tap on the device when prompted by DUO. In a lot of cases, this might be a better solution for users wishing to have fewer required apps on their smartphones and/or for international users that may not have access to a smartphone. In most cases, users should opt for free, more user-friendly options, such as using DUO mobile push notifications.
DUO makes security keys an option for organizations and BYU-Idaho has elected to allow users to add security keys to their accounts. As with all authentication services, such as usernames and passwords, these security keys should be kept safe, protected, and out of reach of those with unauthorized access. Please keep these devices in a safe location. If you lose your security key, remove it from your DUO account as soon as possible, so the security of your BYUI account remains uncompromised.
Please note: if you are someone easily frustrated by technology, security keys may not be a good option. Security keys are not always a cheap option; prices can range from $19 to $100+. Replacing lost security keys requires purchasing a new key, removing the old device from your DUO account, and adding the replacement. If you DO choose to use a security key, we highly recommend buying at least two (with one as a backup) and having another authentication method enabled on your account (such as DUO Mobile, SMS, etc.). Doing so will prevent you from inadvertently being locked out of your account in the unfortunate situation of a lost key.
Here are just a few examples of available security keys:
|
Yubico
|
Feitian
|
 |
 |
How to configure with DUO
You must have the device in hand and ready to be plugged into your computer. Adding the security key is quick and easy. Follow these steps:
- First, you must attempt logging into any BYUI webpage or system (such as I-Learn or myBYUI).
- Once you sign in with your username and password, you'll be brought to the DUO authentication prompt
- Verify your identity in DUO and click "Add a device"
Important: security keys can only be added by the user. Due to the inherent nature of these devices, namely all security keys are physical hardware devices and must be plugged into the user's device to be configured, the IT Service Desk is limited in how they can help. If you chose to use such a device, please note that you assume all responsibility and the required self-service.
For information on how to add and use security keys on your DUO account, please visit the DUO help guide DUO Universal Prompt guide for step-by-step instructions.
How to use security keys
Using a security key for DUO is fairly simple. Once you've configured your account to use the security key(s), you'll see "Security key" as an option on your screen whenever you're prompted to use Duo. When you select "Security key" simply follow the on-screen prompts—it's easy. If you find yourself still having issues though, feel free to check out Duo's articles at guide.duo.com
Support Information
If you have questions, please call us at (208) 496-9009 or start a Live Chat with us.
Hours of Operation: Mon - Fri 7:30 AM - 8:00 PM, Sat 10:00 AM - 4:00 PM Mountain Time
(excluding weekly devotional, forum hour, and University Recognized holidays)