In today’s digital landscape, bolstering your online security is paramount. For organizations utilizing Duo’s robust two-factor authentication, security keys, often conveniently in the form of a Duo Key Fob, offer a powerful and user-friendly method to fortify login approvals. These key fobs provide a formidable defense against phishing attempts, coupled with the seamless, one-touch convenience users appreciate with Duo Push.
Understanding Duo Key Fobs
A duo key fob, in essence, is a compact security device that plugs into your computer’s USB port. Upon a simple tap or button press, it transmits an encrypted signature back to Duo, verifying your login attempt. Duo leverages the established WebAuthn authentication standards to communicate with these security keys. WebAuthn is frequently also referred to as “FIDO2” in technical discussions.
Essential Requirements for Duo Key Fob Usage
To effectively utilize a duo key fob with Duo, ensure the following prerequisites are met:
- Browser Compatibility: A compatible web browser is crucial. This includes recent versions such as Chrome 70, Firefox 60, Safari 13 or later, and Microsoft Edge 79 or subsequent versions. It’s important to note that security key authentication is primarily supported within web applications that display Duo’s embedded browser prompt.
- User Verification (PIN/Biometric): If your organization mandates user verification for your duo key fob, such as a PIN or biometric authentication, it’s imperative to use the most up-to-date version of your browser to ensure compatibility and optimal functionality.
- Supported Security Key Hardware: You will need a USB security key that supports WebAuthn/FIDO2 standards. Reputable brands like Yubico and Feitian offer excellent and reliable options. Please be aware that Duo does not support older U2F-only security keys, such as the Yubikey NEO-n.
- FIDO2 Support for Enhanced Verification: For organizations requiring user verification via PIN or biometrics, your chosen duo key fob must specifically support the FIDO2 protocol to enable these advanced security features.
Before proceeding, it’s also essential to confirm with your IT administrator or organization’s support team that the use of security keys, including duo key fobs, is enabled within your Duo environment. This step will prevent any potential enrollment or authentication issues.
Enrolling Your Duo Key Fob
Enrolling your duo key fob is a straightforward process. You can initiate enrollment during your initial Duo setup, or, if you are already a Duo user with another enrolled device (like your smartphone), you can easily add your duo key fob as an additional authentication method through the user-friendly device management portal.
Step-by-Step Initial Enrollment of a Duo Key Fob
(Chrome browser experience illustrated below unless otherwise specified.)
Begin by accessing the Duo enrollment page. This is typically accessed via a link provided by your administrator or when you log in to a Duo-protected resource for the first time. From the device options presented, select Security Key, recognizing this as your duo key fob, and then click Continue to proceed.
Alt text: Duo Prompt screen showing “Security Key” option highlighted for device enrollment selection.
Ensure that pop-up windows are enabled for the enrollment website in your browser settings before moving forward.
For users on Safari 14.1 or later, click the Initiate enrollment button to explicitly start the enrollment process. This step is not required for other browsers like Chrome, Firefox, or Edge.
Alt text: Safari browser prompt displaying “Initiate enrollment” button for security key setup.
The system will automatically begin searching for your connected duo key fob to initiate the approval sequence.
Depending on the specific model of your duo key fob, you will be prompted to tap, insert, or press a button on the device to confirm your enrollment.
Alt text: Close-up photo showing a finger about to tap a security key device, indicating user interaction for authentication.
During the enrollment phase, you may be asked to tap your duo key fob multiple times to ensure successful registration.
If your organization enforces user verification and you haven’t yet set up a PIN or biometric for your duo key fob, you will be guided through this setup process now. If you have previously configured a PIN or biometric, you will be prompted to enter your PIN or scan your biometric to finalize the setup.
Alt text: Browser window displaying a prompt to create a PIN for the security key as part of the enrollment process.
Follow the on-screen browser prompts to complete the enrollment of your duo key fob, granting Duo the necessary permissions to access information about your security key during the setup.
A confirmation message will indicate whether the duo key fob identification and enrollment were successful.
Congratulations! Your duo key fob is now successfully enrolled and ready to use for secure authentication.
Alt text: Confirmation screen showing “Security Key Added” message, indicating successful security key enrollment.
Adding a Duo Key Fob via the Duo Prompt
(Chrome browser experience illustrated below unless otherwise specified.)
If you have already enrolled other devices with Duo, adding a new duo key fob as an additional authentication method is simple, provided your administrator has enabled Duo’s self-service portal.
Navigate to any service protected by Duo and initiate the login process. At the Duo Prompt, you will find an Add a new device link on the left-hand side. Click this link and approve the Duo login request using one of your already enrolled devices, such as your smartphone or another existing authentication method.
Then, proceed with the duo key fob enrollment steps as outlined above in the “Initial Enrollment with a Security Key” section.
Alt text: Duo Prompt screen showing “Security Key” option highlighted again within the “Add a new device” flow.
Your new duo key fob, in this example, a YubiKey, is now successfully added to your Duo account and listed alongside your other enrolled devices.
Authenticating with Your Duo Key Fob
(Chrome browser experience illustrated below unless otherwise specified.)
The next time you log in to a Duo-protected application or service, select your duo key fob from the dropdown menu of your authentication devices at the Duo Prompt.
Alt text: Duo Prompt dropdown menu showing “Security Key” or “YubiKey” selected as the authentication method.
After selecting your duo key fob from the list, click Use Security Key to initiate the authentication process.
For Safari 14.1 or later users, click the Initiate authentication button to explicitly begin the process. This extra step is not needed for other browsers.
Alt text: Safari browser showing “Initiate authentication” button for security key login.
Insert your duo key fob into your USB port if it’s not already connected. When prompted, tap or press the button on your duo key fob to authenticate. Some key fob models will flash to indicate that they are awaiting your touch for authentication.
If your organization requires user verification, you will also be prompted to enter your PIN or scan your biometric as an additional security measure.
Alt text: Security key authentication prompt in Chrome browser, showing a request for PIN user verification for the security key.
