Skip to end of metadata
Go to start of metadata

User steps

  1. Open the YubiKey Personalization Tool and insert the YubiKey into a USB port on your computer
    Select OATH-HOTP Mode under the 'Personalize your YubiKey menu'
  2. Select the 'Quick' option
  3. Select 'Configuration Slot 1'
  4. Uncheck 'OATH Token Identifier' (we will be using the YubiKey serial number for this purpose)
  5. Select '8 Digits' for the HOTP Length parameter
  6. Click 'Regenerate' to generate a new secret
  7. Click 'Write Configuration'. If a 'Confirm: Overwrite configuration slot 1' box comes up, click Yes

    This will overwrite your existing configuration. See the notes in this document for details and workarounds.

  8. A box will prompt for where to save the log file. Save this file to a temporary location and note the name of the .csv file for later reference.

    This file contains the secret key that will need to be provisioned into Duo. Once provisioned, this file must be either saved in a safe place if this secret is to be used elsewhere or, if not, deleted immediately.

  9. Confirm that the YubiKey Personalization Tool states 'YubiKey has been successfully configured'
  10. You may now quit the personalization tool and remove the YubiKey from the USB port. Note the serial number in the tool for future reference.
  11. Head to the Identity.UW Add Token page: https://identity.uw.edu/2fa/addtoken and select the '8-digit OATH-HOTP' option.

  12. Enter the information from the YubiKey Configuration Tool into the corresponding fields on the Add Token page (note that the serial number is prefixed by "EX_" which is intended):
    The 'Serial number' field should correspond with the serial number of the YubiKey, found either on the device or in the YubiKey configuration tool.
    The 'Secret' field comes from the CSV log file, highlighted below:


  13. To generate the passcode for the Passcode field, click into text box and press the button on your Yubikey. The Yubikey will generate a code and type it into the text field.
  14. If you'd like to link this token to your UW NetID, select the 'Link this token to my UW NetID' option. If this token is being added by you but will be used by someone else you'll need to send them to the Identity.UW Link page here: https://identity.uw.edu/2fa/link?type=h8 after you select the 'Do not link' option. This will let the other person link the token to their UW NetID.
  15. Click 'Add token' to complete the process.
  16. Once you have imported the hardware token into Duo and have confirmed the YubiKey is working, delete the log file with the secret key if no longer needed. Otherwise, save in a safe place.