Windows 10: Securely Login to Local Accounts with YubiKey Security Key in Windows

Discus and support Securely Login to Local Accounts with YubiKey Security Key in Windows in Windows 10 Tutorials to solve the problem; How to: Securely Login to Local Accounts with YubiKey Security Key in Windows How to Securely Login to Local Accounts with YubiKey Security Key in... Discussion in 'Windows 10 Tutorials' started by Brink, Jul 28, 2018.

  1. Brink Win User

    Securely Login to Local Accounts with YubiKey Security Key in Windows


    How to: Securely Login to Local Accounts with YubiKey Security Key in Windows

    How to Securely Login to Local Accounts with YubiKey Security Key in Windows 7, Windows 8, and Windows 10


    Yubico Login for Windows application provides a simple and secure way for YubiKey users to securely access their local accounts on Windows computers.

    The primary benefits of Yubico Login for Windows include:

    • Highly secure and easy-to-use multi-factor authentication (MFA) for login using local accounts to Windows workstations
    • Simple configuration for up to 10 individual users
    • Fast enrollment for backup YubiKeys
    • Easy recovery mechanisms for lost YubiKeys
    Yubico Login for Windows is designed to provide strong MFA for logging into local accounts on Windows 7, Windows 8.1 or Windows 10 computers. It is not suited for logging into any of the following accounts: Azure Active Directory (AAD), Active Directory (AD), Microsoft accounts.

    See also: Yubico Login for Windows Configuration Guide | Yubico support

    Once you have Yubico Login setup and configured for a local account on the computer, the user will be required to connect the YubiKey security Key before typing their user name and password credentials to log in to Windows.

    This tutorial will show you how to set up Yubico Login to login to a local account with a YubiKey security key in Windows 7, Windows 8, and Windows 10.

    Local accounts can be accessed remotely via methods such as remote desktop software, SSH, or authentication via the Microsoft Server Message Block (SMB) protocol. Yubico Login for Windows does not secure those non-local forms of login to local accounts.


    You must be signed in as an administrator to install and configure Yubico Login for Windows for any local accounts (standard user or administrator) on the computer.

    Uninstalling Yubico Login for Windows will undo and remove the YubiKey security key requirements for all local accounts on the Windows computer.


    EXAMPLE: Yubico Login for Windows




    Securely Login to Local Accounts with YubiKey Security Key in Windows [​IMG]

    Securely Login to Local Accounts with YubiKey Security Key in Windows [​IMG]

    Securely Login to Local Accounts with YubiKey Security Key in Windows [​IMG]




    Here's How:

    1 Download and install the same 32-bit or 64-bit version of 32-bit or 64-bit Windows. (see screenshot below)

    You will be required to restart the computer after installing Yubico Login for Windows.


    Securely Login to Local Accounts with YubiKey Security Key in Windows [​IMG]

    2 Open the Yubico Login Configuration app. (see screenshot below)

    Securely Login to Local Accounts with YubiKey Security Key in Windows [​IMG]

    3 Click/tap on Next. (see screenshot below)

    Securely Login to Local Accounts with YubiKey Security Key in Windows [​IMG]

    4 Make any changes you want to the settings, and click/tap on Next. (see screenshot below)

    Slots: Select the slot where the challenge-response secret will be stored. All YubiKeys that have not been customized come pre-loaded with a credential in slot 1, so if you are using Yubico Login for Windows to configure YubiKeys that are already being used for logging into other accounts, do not overwrite slot 1.

    Challenge/Response Secret: This item enables you to specify how the secret will be configured and where it will be stored. The options are:

    Use existing secret if configured - generate if not configured: The key’s existing secret will be used in the specified slot. If the device has no existing secret, the provisioning process will generate a new secret.
    Generate new, random secret, even if a secret is currently configured: A new secret will be generated and programmed to the slot, overwriting any previously configured secret.
    Manually input secret: For advanced users: During the provisioning process, the application will prompt you to input manually an HMAC-SHA1 secret (20 bytes - 40 characters hex-encoded).

    Generate Recovery Code: For each user provisioned, a new recovery code will be generated. This recovery code enables the end-user to log in to the system if they have lost their YubiKey. For more information, refer to the description of the Recovery Code above.

    Note: If you select to save a recovery code while provisioning a user for a second key, any previous recovery code becomes invalid, and only the new recovery code will work.

    Create Backup Device for Each User: Use this option to have the provisioning process register two keys for each user, a primary YubiKey and a backup YubiKey. If you do not want to provide recovery codes to your users, it is good practice to give each user a backup YubiKey. For more information, refer to the Primary and Backup Keys section above.


    Securely Login to Local Accounts with YubiKey Security Key in Windows [​IMG]

    5 Select (check) the local account for the user you want to configure, and click/tap on Next. (see screenshot below)

    Local accounts that currently have YubiKeys registered and are enabled for Yubico Login for Windows have an asterisk (*) next to the respective usernames. You can add additional YubiKeys for users already configured by selecting the users here.


    Securely Login to Local Accounts with YubiKey Security Key in Windows [​IMG]

    6 When prompted, insert (connect) a YubiKey security key to the computer to configure it for this user account. (see screenshot below)


    Securely Login to Local Accounts with YubiKey Security Key in Windows [​IMG]
    [/INDENT

    7 Click/tap on Next. (see screenshot below)

    The Programming Device page displays the progress of programming each YubiKey. The Device Confirmation page shown below displays the details of the YubiKey detected by the provisioning process, including the device serial number (if available) and the configuration status of each One-Time Password (OTP ) slot. If there are conflicts between what you have set as defaults and what is possible with the detected YubiKey, a warning symbol is displayed. If everything is good to go, a check mark will be shown. If the status line shows an error icon, the error is described and instructions for fixing it are displayed on the screen.


    Securely Login to Local Accounts with YubiKey Security Key in Windows [​IMG]

    8 When programming the YubiKey has finished for the user account, you will be prompted to remove (disconnect) the Yubikey from the computer.

    Securely Login to Local Accounts with YubiKey Security Key in Windows [​IMG]

    9 Click/tap on Finish. (see screenshot below)

    The selected local account can no longer be accessed without this corresponding YubiKey connected while logging in to Windows.


    Securely Login to Local Accounts with YubiKey Security Key in Windows [​IMG]


    That's it,
    Shawn


    Related Tutorials

    :)
     
    Brink, Jul 28, 2018
    #1
  2. Brink Win User
    Brink, Oct 27, 2019
    #2
  3. Windows Security pop up for YubiKey authentication on local webserver

    I've been making a website that allows you authenticate your account using a yubikey. Before the 1903 feature update, I would login into the local website and insert the security key with no problem. Now when I do it, I get this "Windows Security Making
    sure it's you. Please authenticate for https://192.168.1.200.. Please insert the correct security key" pop up. I'll attach an image to get a better picture.

    I've looked at several posts about what to do such as this one with no luck adding the ip address in the local intranet or Trusted sites tab under internet options. Disable "These files might be harmful to your computer" warning?


    Securely Login to Local Accounts with YubiKey Security Key in Windows b16a586d-27d2-455a-96aa-08b70b7ed86e?upload=true.png


    I'd like to either disable Windows Security or somehow make some sort of exception for this website that's on my local network on my windows 10 device.
     
    shanecallaghan1, Oct 27, 2019
    #3
  4. Brink Win User

    Securely Login to Local Accounts with YubiKey Security Key in Windows

    Yubico Login for Windows Now Generally Available

    Source: Yubico Login for Windows Now Generally Available | Yubico

    How to Set Up Security Key to Log into Apps in Windows 10

    How to Set Up Security Key to Sign in to Microsoft Account in Microsoft Edge




     
    Brink, Oct 27, 2019
    #4
  5. mikart143 Win User
    Security Key Blocked

    I have a problem with setting up security key with windows and microsoft account. During adding a key to microsoft account it asked me for pin. I entered PIN (for just testing I am using default pin for my yubikey). After couple tries it blocked. I do
    not know what to do. Yubikey Manager works fine and logins for other sites to.
     
    mikart143, Oct 27, 2019
    #5
  6. Try3 Win User
    Security Key

    Some tentative suggestions -
    1 Perhaps you mean the 'Security key' for a WiFi network?
    2 Perhaps you mean the 'Security key' for your router's Admin functions that is controlling your WiFi network?
    3 Perhaps you mean your Windows user account login 'password' or a 'PIN' that you have set it up to accept instead?

    Denis
     
Thema:

Securely Login to Local Accounts with YubiKey Security Key in Windows

Loading...
  1. Securely Login to Local Accounts with YubiKey Security Key in Windows - Similar Threads - Securely Login Local

  2. Security Feature for Secure Login

    in Windows 10 Ask Insider
    Security Feature for Secure Login: I am looking for a way to log in to a secure account (that has limited access for files and folders on HDD) when a specific password has been entered for the same account. I am wondering if anyone knows a way to do this? submitted by /u/Ehsaaan [link] [comments]...
  3. Local Security

    in AntiVirus, Firewalls and System Security
    Local Security: Recent upgrade forced a login to Microsoft in order to login to my laptop. Can I prevent this from happening again? https://answers.microsoft.com/en-us/windows/forum/all/local-security/14a8e9e5-95a9-42fb-a153-7806466370a7"
  4. Windows Security pop up for YubiKey authentication on local webserver

    in AntiVirus, Firewalls and System Security
    Windows Security pop up for YubiKey authentication on local webserver: I've been making a website that allows you authenticate your account using a yubikey. Before the 1903 feature update, I would login into the local website and insert the security key with no problem. Now when I do it, I get this "Windows Security Making sure it's you. Please...
  5. Security of local account on a stolen computer

    in AntiVirus, Firewalls and System Security
    Security of local account on a stolen computer: Hi all sorry trouble you had my laptop stolen about 3 weeks was using a windows local account password windows 10 not sure witch version of windows i had it was the one with the password hint just looking for some advice are they really easy to get past the password for the...
  6. Login Security

    in AntiVirus, Firewalls and System Security
    Login Security: How can I access who has previously logged into my computer with dates and times? https://answers.microsoft.com/en-us/windows/forum/all/login-security/28489b47-9ea0-4c02-868f-a76f461c53fb"
  7. Security Key

    in AntiVirus, Firewalls and System Security
    Security Key: Yubico said I can add more than one security key but I was only able to add one. I added like 4 on my Google so I am not sure why I can't add more than one on Microsoft. Thanks....
  8. Yubikey security [[one]] with several [[three or more]] microsoft accounts

    in AntiVirus, Firewalls and System Security
    Yubikey security [[one]] with several [[three or more]] microsoft accounts: if you have three computers and plan to use YUBIKEY, will Microsoft still use the passwords on public computers? https://answers.microsoft.com/en-us/windows/forum/windows_10-security/yubikey-security-one-with-several-three-or-more/0d181d73-60d5-4de7-b157-0dddf7fc6076"
  9. Local security policy

    in Windows 10 Customization
    Local security policy: I am having trouble accessing my Local security policy settings, I am logged in as the administrator the secpol.msc command does not work and cannot be found by the OS. Is this feature disabled on windows 10 home? and if so why?...
  10. login security

    in User Accounts and Family Safety
    login security: I just finished a system restore on my Lenovo G850 idea pad running windows 10. I have two security issues. 1. on startup Windows no longer asks for a password but opens immediately. That, of course, is dangerous. How to I force Windows to ask for a password? 2. I...