Setting up Two-Factor Authentication - YubiKey
YubiKey is a physical key made by Yubico, that ensures secure and strong user authentication. You can set up two-factor authentication with YubiKey in Password Manager Pro by following the steps detailed in this document.
You will learn the following topics in this document:
- YubiKeys compatible with Password Manager Pro
- Legacy YubiKeys compatible with Password Manager Pro
- Configuring and enforcing two-factor authentication using YubiKey
- Connecting to Password Manager Pro web interface after Yubikey TFA is enabled
1. YubiKeys Compatible with Password Manager Pro
- YubiKey 5 NFC
- YubiKey 5C
- YubiKey 5 Nano
- YubiKey 5C Nano
- YubiKey 4
- YubiKey 4 Nano
- YubiKey 4C
- YubiKey 4C Nano
- YubiKey NEO
- YubiKey Edge
- YubiKey Edge-n
- YubiKey NEO-n
3. Configuring and Enforcing Two-Factor Authentication using YubiKey
3.1 Configuring Two-Factor Authentication using YubiKey
- Navigate to Admin >> Authentication >> Two-factor Authentication.
- In the window that opens, select YubiKey and click Save.
- Click Confirm to enable YubiKey two-factor authentication.
3.2 Enforcing YubiKey Two-Factor Authentication
- Once you confirm YubiKey two-factor authentication in the previous step, a new window will prompt you to select the users for whom two-factor authentication should be enforced.
- Select the required users from TFA Disabled tab, move them to TFA Enabled tab and save changes.
- You can also select the users later by navigating to Users >> More Actions >> Two-factor Authentication.
- In the pop-up window, select the users for whom you want to enforce YubiKey two-factor authentication and click Save.
4. Connecting to Password Manager Pro's web-interface after YubiKey TFA is Enabled
While logging into Password Manager Pro, the users for whom two-factor authentication is enabled will have to authenticate twice successively. The first level of authentication will be through the usual authentication method i.e., through Password Manager Pro's local authentication or AD/LDAP authentication, whichever is enabled for the user.
- Launch Password Manager Pro's web interface, enter the Username and Password (local authentication or AD/LDAP), and click Login.
- Once the first level of authentication succeeds, Password Manager Pro will prompt you to enter your YubiKey one-time password.
- Insert the YubiKey into the USB port of your laptop or computer.
- Before generating a one-time password, you need to decide which slot of the YubiKey (slot 1 or slot 2) you're going to use for authentication throughout.
- Slot 1: If you tap the YubiKey once, it generates a 44-character security key whose first 12 characters are unique to this slot. For every subsequent login through this slot, the first 12 characters remain the same and the rest of the 32 characters are randomized.
- Slot 2: If you tap and hold the YubiKey for 2-5 seconds, it generates a 44-character security key whose first 12 characters are unique to this slot. For every subsequent login through this slot, the first 12 characters will remain the same and the rest of the 32 characters will be randomized.
- Here's a sample output from a YubiKey where the button has been pressed three times.
- Password Manager Pro matches the 12-character key against your account in its database and verifies the same for the second level of authentication during future login attempts.
- After submitting the YubiKey one-time password, click Register and Login.
Note : By default, YubiKey generates slot 1 passcode for NFC configured mobile devices. You can set slot 2 passcode as default by changing the setting from slot 1 to slot 2 using the Yubikey Personalization tool.