...
- YubiKey 4 or newer (needs to mention PIV or smartcard)
- Security keys will not work. These are generally FIDO only keys.
- Yubico Security Keys (blue)
- GitHub-branded security keys
- Security keys will not work. These are generally FIDO only keys.
- Latest version of OS
- YubiKey Manager
- Download direct from Yubico: YubiKey-Manager
- Windows
Expand title SCCM Software Center (Preferred Method) - YubiKey-Manager - Windows x64 latest
- Mac
- Linux
Requesting a YubiKey
- Fill out the following Google form
https://go.rit.edu/yubikey
Considerations
- These docs are not the only way to accomplish the goal nor are YubiKeys the only way to accomplish password-less authentication however the further you deviate from these docs the less knowledge ITS has to assist you.
- The OS requires a lock on the YubiKey. If using multiple computers, even if a computer is virtual, multiple devices will be needed – one device per instance of the OS.
- A YubiKey can be passed through RDP session(s) (Windows only)
- Each device will have a different certificate. A certificate can, however, be used for access to both Linux and Windows servers.
- Expert mode: While a YubiKey (i.e. a Yubico device) is not required, the docs and process are assuming a YubiKey is being used. Any device that can securely generate and store keys in a way that can be cryptographically verified will work.
...