Security Key Lifecycle Management

Overview

Some things to consider when managing security keys, to include removal of security keys from a user account, changing the PIN, or resetting the key are documented below.

 

Important
The steps, and practices detailed below relate specifically to Yubico brand security keys. If you've elected to use another brand of security key, please look-up the relevant directions from the manufacturer's website.

 

In this article:

 

What Materials do I Need?

YubiKey's can be managed via the following tools:

  • Windows 10 Security Key Settings
  • macOS Google Chrome Security Key Settings
    • Supported on macOS 10.14 or later
    • Recommend Google Chrome 85 or later
  • YubiKey Manager by Yubico
    • Supported on Microsoft Windows 10, and macOS 10.14 or later
    • Recommend version 3.1 or later

 

How do I use this technology?

Change YubiKey PIN

 

Using Native Windows 10 Tools

  1. Login to the Windows 10 machine.
  2. Navigate to Sign-in options.
  3. Click Security Key. Once expanded, click Manage.
  4. When prompted, touch the YubiKey and enter in the PIN.
  5. Select Change to change the PIN on the YubiKey.
  6. In the Change your security key PIN window, enter the current PIN, the new PIN, and confirm the new PIN again. Click Ok.
  7. The PIN has now been changed.

 

Using Google Chrome (macOS Only)

  1. Open Google Chrome.
  2. Navigate to chrome://settings/securityKeys in the address bar, or use the menu as follows:
    1. Click the Settings menu.
    2. From the left menu, select Privacy and security. Under the Privacy and security menu, click Security.
    3. Under Advancedclick Manage security keys.
  3. Click Create a PIN.
  4. When prompted, insert the YubiKey and tap it.
  5. At the Change a PIN screen, enter in the current PIN, the new PIN, and confirm the new PIN. Once completed, click Save.
  6. If successful, Chrome will indicate the PIN was created.

 

Using YubiKey Manager

  1. Launch YubiKey Manager and insert the YubiKey.
    • Note on Windows 10, YubiKey Manager will need to be run as an administrator.
  2. Navigate to Applications -> FIDO2.
  3. Click Change PIN.
  4. At the Change FIDO2 PINenter in the current PIN, the new PIN, and confirm the new PIN. Once completed, click Change PIN.
  5. YubiKey Manager will display Changed FIDO2 PIN when successful.

 

Reset a YubiKey

Warning
If you reset your YubiKey, it will no longer be associated with any of your accounts, and will need to be re-registered.

 

Using Native Windows 10 Tools

Microsoft Windows allows individuals to reset their security key if they have forgotten their PIN, or need to delete the previously registered FIDO2 credentials.

  1. Navigate to Sign-in options.
  2. Click Security Key. Once expanded, click Manage.
  3. When prompted, touch the YubiKey and enter in the PIN.
  4. Select Reset to reset the security key.
  5. Click Proceed to reset the Security Key.
  6. When prompted, touch the YubiKey. The YubiKey is now reset.

 

Using Google Chrome (macOS Only)

  1. Open Google Chrome.
  2. Navigate to chrome://settings/securityKeys in the address bar, or use the menu as follows:
    1. Click the Settings menu.
    2. From the left menu, select Privacy and security. Under the Privacy and security menu, click Security.
    3. Under Advancedclick Manage security keys.
  3. Click Reset your security key.
  4. When prompted, remove the YubiKey from the device, reinsert the YubiKey and touch it.
  5. Touch the YubiKey again to confirm reset.
  6. Chrome will display Your security key has been reset when completed.

 

Using YubiKey Manager

  1. Launch YubiKey Manager and insert the YubiKey.
    • Note: on Windows 10, YubiKey Manager will need to be run as an administrator.
  2. Navigate to Applications -> FIDO2.
  3. Select Reset FIDO.
  4. When prompted to confirm, read the warning and click Yes.
    • Note: This will delete all FIDO2 credentials.
  5. Remove and re-insert the YubiKey.
  6. When prompted, touch the YubiKey.

 

Removing a YubiKey as a Security Method

Microsoft Azure

  1. Open a supported web browser window.
  2. Signout of all other Microsoft accounts and close all other browser windows.
  3. Navigate to https://myprofile.microsoft.com.
  4. Enter your UA Email address, click Next.
  5. Enter your password, and conduct your MFA steps if prompted.
  6. Click Security Info in the left navigation, or click Update Info in the Security Info tile.
  7. You may have to select your account, and authenticate again to proceed to update the security information for your account.
  8. Identify the Security Key you would like to remove, and click Delete.
  9. When prompted to confirm deletion, click Ok.
  10. The YubiKey is now de-registered from your account.

 

Need additional help or have issues

For additional assistance contact the IT Services Technical Support Center via phone at (907) 786-4646, toll-free at (877) 633-3888, email us at uaa.techsupport@alaska.edu.