Setting up MFA hardware token (Yubikey)

*As of now, Texas A&M NetID and Texas A&M System UIN logins will still use Duo, so it is important that you not delete the Duo app from your phone if you need access to those portals. Additionally, the VPN and server logins will continue to use Duo for the MFA push until we have finished moving everyone in the agency to Microsoft Authenticator. Please do not delete the Duo app from your phone after completing your new MFA registration. NIS will make an official announcement when Duo is no longer needed.

Sign in to your work or school account and then go to your My Account portal or visit https://aka.ms/mfasetup and click "Update Info" under the Security Info section:

Then, select Add method in the Security info pane.
Security info page with highlighted Add method option

Before setting up your YubiKey your account must first have at minimum one other authentication method besides the key. This other method serves as a recovery or alternate verification method in case you lose or do not have your key with you. If you are not using Microsoft Authenticator, you can have Microsoft either text or call you instead.

On the Add a Method page, select Phone from the list, and then select Add.

On the Phone page, type the phone number of either your office or mobile phone, choose either Call me or Text me a code, and then select Next. You will then receive a phone call with instructions to verify your phone number or it will ask you to type a code that it sent to you via text message.

After you have verified your phone number you can setup your YubiKey.

On the Add a Method page, select Security Key from the list, and then select Add.

You will be asked to sign in again before registering your new security key.

A screenshot of a computer screenDescription automatically generated

After signing in again, you will be shown prompts to help walk through adding the security key. You will select USB device for the type of security key you have. Please read the instructions carefully and select next when ready.

A screenshot of a computerDescription automatically generated A screenshot of a computer error messageDescription automatically generated

You will now need to plug in your security key before proceeding. Again, you will need to select Security key and click next.

A screenshot of a computer security systemDescription automatically generated

You will be shown prompts detailing what account will be added to the security key, and the details what is being stored on the key. Click OK to proceed.

A screenshot of a computerDescription automatically generated A screenshot of a computer security systemDescription automatically generated

You will be prompted to create a PIN for the security key. This is a manadatory feature that cannot be skipped. Please create a memorable PIN of at least 6 characters (both letters and numbers).

A screenshot of a computer security systemDescription automatically generated

After creating the PIN, you will be asked to activate your security key by touching it. There is a gold sensor with a green LED light that should be blinking, simply touch the blinking light to proceed.

*This is how you will activate your key to log in*

A screenshot of a computer security systemDescription automatically generated

You have now successfully added your security key to your TTI account. Next you'll be asked to name your security key before finishing.

A screenshot of a computerDescription automatically generated A screenshot of a computer errorDescription automatically generated

You should now see the security key listed under your devices

If you have any questions or need assistance managing your security key or other multifactor authentication methods, please contact NIS.