This guide will show you how to enable a YubiKey to protect your Windows Login. To do so, you will need the following:
Windows 7 or 8 (32-bit or 64-bit)
YubiKey Hardware with firmware 2.2 or later
The YubiKey needs to be configured with our Personalization Tools for HMAC-SHA1 challenge-response with variable input in slot 2.
For optimal user experience, we recommend to not have “button press” configured for challenge-response. If button press is configured, please note you will have to press the YubiKey twice when logging in.
It is highly recommended to configure a second, back-up YubiKey at the same time in the event the primary YubiKey is unavaliable
How to enable YubiKey Windows Login
Please note: You need to have administrator privileges to be able to install and you need to reboot your computer after the installation
For Windows 8 PCs, the YubiKey Windows Login Tool only works with local accounts – Cloud\Online accounts will not be protected.
For Step-by-Step instructions, including how to configure your YubiKey in HMAC-SHA1 mode, please download the Yubico Windows Login Guide [PDF].
The installation is the same for both Windows 7 & Windows 8 32 bit and 64 bit editions.
2. Open the installation file and click “Install”
Please note: What needs to be downloaded will be marked.
3. Press “Yes” in the User Account Control window
4. Follow the setup wizard
5. Launch the YubiKey Logon Administration, that can be accessed from the start menu
You will find it under the folder Yubico → YubiKey Logon → YubiKey Logon Administration.
6. Press “Yes” in the User Account Control window
7. Press “Yes” to enable YubiKey logon for your computer
8. Choose to reboot now or after associating the YubiKey with a user
9. Select user to configure in the drop down menu in the YubiKey Logon Administration window
10. If not already done so, please insert your YubiKey in the computer via a USB port.
11. Press configure
12. Press “Yes” to enable the YubiKey Logon for the chosen user
13. Optional: click test to do a test with the YubiKey
14. If not already done so, reboot your computer
15. Log on to Windows with the YubiKey inserted in a free USB port
Please note: Enter your ordinary password and not an OTP from the YubiKey in the password field. The YubiKey challenge-response will take place without any user interaction.