This article demonstrates how to activate and use YubiKey and Feitian OTP hardware tokens.
Add a Feitian OTP c100
A Feitian Hardware Token is a small, battery-powered device, often on a keychain, that displays a numeric code. This code changes automatically every 30-60 seconds. You must read the code from the token's screen and type it into the 2FA prompt to log in.
Note: These steps are only for the Feitian c100 token. No other Feitian tokens, including the c200, are approved as compatible with UA systems.
____________________
Instructions
-
- Navigate to the 2FA Portal.
- Select Manage Your Account and log in with your NetID and password.
- Scroll down and select the Hardware Token drop-down panel.
- Select Add an HOTP Token.
_______________
The HOTP Secret & Serial Number
Enter the Serial Number that is found on the back of the Feitian hardware token.
Follow the instructions that match where you got your token for the HOTP Secret.
-
- If you purchased your token from the UA Bookstore:
- Leave the HOTP Secret field blank.
- If you purchased your device from the Feitian website, you must enter the HOTP Secret from the.txt file attachment you received in an email from Feitian.
- Open the attachment. You will see two long values separated by a space.
- Copy the second value and paste it into the HOTP Secret field.
- Click Continue.
Use a Feitian OTP c100
Follow the steps below to log in with your Feitian c100 OTP hardware token.
Note: These steps are only for the Feitian c100 token. No other Feitian tokens, including the c200, are compatible with UA systems.
_______________
Instructions
-
- Log in to a UA service with your NetID and password as usual. You will be directed to the 2FA authentication page.
- The 2FA page may default to your last-used login method (e.g., a Duo Push). If your hardware token is not the default, select Other Options and then select your Feitian token.
- When prompted for a passcode:
- Press the refresh button on your Feitian token (it looks like a power button) to generate a new six-digit passcode.
- Type this passcode into the field on your screen.
- Select Verify.
- The prompt "Is this your device?" refers to remembering you for future logins.
- Select "Yes, this is my device" ONLY if you are on a private, secure computer.
- Select "No, other people use this device" if you are on a shared or public computer (e.g., in a library, lab, or classroom).
- If you see the prompt in the screenshot below, click the checkbox to Trust this browser for 30 days.
Note: Check this box only if you are on a private, secure computer. Never use this option on a shared or public computer (e.g., in a library, lab, or classroom). Please be aware that some high-security services may still require 2FA, even after you have trusted the browser.
- Select Continue to application.
Add a Yubikey 5 NFC
A YubiKey Hardware Token is a physical device that you connect to your computer or phone (via USB). When prompted, you will simply touch the sensor on the key to securely verify your presence. This key does not generate a code that you have to type; it sends a secure, unique signature to complete 2FA.
Note: Any Yubikey model except the FIDO U2F Security Key will work with 2FA, however these instructions are for the Yubikey 5 NFC.
______________________
This process is broken out into three parts:
-
- Start the process in the 2FA Portal.
- Configure your YubiKey in a separate app.
- Finish by copying the key details back into the 2FA Portal.
______________________
Part 1: Add a Device in the 2FA Portal
Instructions
-
- Navigate to the 2FA Portal.
- Select Manage Your Account and log in with your NetID and password.
- Scroll down and select Hardware Token.
- Select Add a Yubikey Token.
- A new window will open. Keep this 2FA Portal window open, as you will need it for both Part 2 and Part 3.
______________________
Part 2: Configure the YubiKey Manager App
Instructions
-
- You can retrieve the Yubikey Manager installer for Mac OS X, Windows and Linux.
- Install and open the Yubikey Manager app.
- Insert your Yubikey device into a USB port on your computer.
- In the Yubikey Manager app, select Applications > OTP.
- Under Slot 1, click the Configure button.
- For Credential Type, select Yubico OTP and click Next.
- Check the Use serial box.
- Select the Generate button for both the Private ID and Secret Key.
You will use the three codes you generated in Part 3.
______________________
Part 3: Add Your Key to the 2FA Portal
Instructions
-
- In the YubiKey Manager app, find and copy the three values you just generated.
- Return to the 2FA window you left open in Part 1 and paste the values into the matching fields:
| Copy From the App | Paste Into the Portal |
|---|
| Secret Key | Secret Key |
| Private ID | Private Identity |
| Public ID | Serial Number |
- In the YubiKey Manager app, select Finish and quit the app.
- In the 2FA Portal window, click Continue.
- A success message appears on your computer.
- Select Close to finish.
Use a Yubikey 5 NFC
Follow the steps below to log in with your Yubikey hardware token.
Note: Any Yubikey model except the FIDO U2F Security Key will work with 2FA, however these instructions are for the Yubikey 5 NFC.
____________________
Instructions
-
- Log in to a UA service with your NetID and password as usual. You will be directed to the 2FA authentication page.
- The 2FA page may default to your last-used login method (e.g., a Duo Push). If your hardware token is not the default, select Other Options and then select your Yubikey token.
- When prompted for a passcode, insert the Yubikey into a USB port on the computer..
- With the cursor in the Passcode field, press the touch-sensitive circle (some models may have a button) on the Yubikey to 'type' a one-time password (OTP) into the field.
Note: If your USB port is old or dirty, you may get this error: "This passcode has already been used, try again with a new passcode."
- The prompt "Is this your device?" refers to remembering you for future logins.
- Select "Yes, this is my device" ONLY if you are on a private, secure computer.
- Select "No, other people use this device" if you are on a shared or public computer (e.g., in a library, lab, or classroom).
- If you see the prompt in the screenshot below, click the checkbox to Trust this browser for 30 days.
Note: Check this box only if you are on a private, secure computer. Never use this option on a shared or public computer (e.g., in a library, lab, or classroom). Please be aware that some high-security services may still require 2FA, even after you have trusted the browser.
- Select Continue to application.