YubiKey Security Key for MFA Authentication

The YubiKey security key is an alternative MFA method for those who are unable to use the Authenticator app or other phone options for multi-factor authentication. After registration, your YubiKey can be used with multiple devices to log into university services. 

Those without a smartphone or the ability to receive text messages should create a ticket by clicking the Request Multifactor Service button on the right to avoid being locked out of their UARK account while waiting to receive the YubiKey. 

Supported YubiKey models

The university standard for security keys is the YubiKey provided by Yubico. The following YubiKey models are supported by IT Services:  

The C NFC model will be available to users for access to general university portals and systems, email, VPN, payroll and financial systems, research databases, and other sensitive data.	The 5C NFC model will be distributed to server administrators.

YubiKey registration

NOTE: Registration process might time out. If this happens, restart the registration process at “click +Add sign-in method”. Some steps may be skipped if you had already completed them before the time-out.

1. Insert the YubiKey into your device.
2. Go to account.uark.edu.
   You will be prompted to authenticate using the Authenticator app or a different method that has been set up on your account to register the YubiKey as a new MFA method.
3. In the Security Info pane, click Update Info.
4. On the Security Info page, click +Add sign-in method.
   
   
    
5. Add a sign-in method by selecting the Security key or passkey option from the list.
   
   
    
6. From the next dialog box, click “Set up passkey using another device”. Do NOT click Next; do not set up Windows Hello.
   
   
    
7. Select Security Key when asked to choose where to save your passkey.
   
   
    
8. When prompted by the Insert your security key into the USB port screen, plug the YubiKey into the device. If the YubiKey is already plugged in when prompted, remove and reinsert.
   
   
    
9. Create a PIN for the YubiKey. Type the PIN in the New Security Key PIN field and again in the Confirm Security Key PIN field.
   A YubiKey PIN can be 4-63 characters and may include letters, numbers, and special characters.
   
   
    
10. You will be prompted to touch your security key. Tap the circle on your YubiKey. You will prompted to touch the security key again.
    
     
     
11. You will be prompted to name your security key and click Next.
    You may name your key anything you like. The name is to differentiate this key from any other security keys that you might have registered.
    
     
     
12. A window showing that the passkey was create will be displayed. Click Done.
    
    

Your YubiKey is now registered and ready to be used as your primary MFA method.

Using the YubiKey

Sign-in prompt windows might be different or in a different order than shown here. The prompts that you are given could vary depending on service being logged into. Please document any differences that you experience.

When multifactor authentication is required for a login, the YubiKey must be plugged into the device.

1. Select Sign-in options.
   
   
    
2. Select Face, fingerprint, PIN, or security key.
   
   
    
3. You will be prompted to Choose a passkey. Select Security Key.
   
   
    
4. You will be prompted enter your security key PIN. Enter the PIN that you created during YubiKey registration in the Security Key PIN field, and click OK.
   
   
    
5. When prompted to Touch your security key, tap the YubiKey that is plugged into your device.
   
   

After touching the YubiKey, you will be authenticated and logged into the system.

For assistance setting up multi-factor authentication, click the Request Multifactor Service button on the right.