How is my Yubico security key more secure than an emailed code for MFA?
Why YubiKey?
How does the YubiKey secure my accounts?
What if I lose my YubiKey device?
Should I also configure a backup authentication method besides my security key?
If I set up YubiKey for my ECU account, then change my ECU password, do I need to update the YubiKey with the new password?
How can I purchase a Yubikey?
How is my Yubikey more secure than an emailed code, phone call or text message for MFA?
Emailed codes, SMS texts and phone calls are easily compromised through interception, spoofing, social engineering and more.
Security keys use public-key cryptography (a form of encryption) and only work with the website or service with which they are registered. Therefore, attackers cannot use a fake site to intercept your encrypted data. Using a security key is currently the most secure form of account verification. ECU has standardized to the Yubikey brand.
Why Yubikey?
Yubico, the company that developed the YubiKey series, has been highly involved in creating the FIDO2 standard on which security keys work. YubiKey's proven reputation as a reliable device and the company's higher education program helped us choose this brand and series.
Also, we have vetted the Yubikey and know it is compatible with our supported operating systems and our supported platforms like Microsoft 365, etc.
How does the YubiKey secure my accounts?
A security key is a physical device that 1) stores your account username and password so that it's no longer on the account servers, and 2) replaces your mobile device for the 2nd factor in the authentication process. There are two types: USB that plugs in to your device, and NFC that works like Bluetooth (although it is not Bluetooth). Both are encrypted and store your account information. After key registration, log in to your account, then verify with a finger touch or tap. Easy!
What if I lose my YubiKey device?
It is recommended that when you configure your security key, you ALSO set up a second key at the same time and keep it in a secure location or configure the Microsoft Authenticator app for your mobile device. Faculty and staff who use a Windows 11 ECU-managed computer also have Windows Hello for Business (WHfB) as authentication for that computer and their SSO apps.
Should I also configure a backup authentication method besides my security key?
You have three passwordless methods of authentication: Yubikey security key, Microsoft Authenticator app for mobile phone and Windows Hello for Business (WHfB) for authenticating your account when you log in to your Windows 11 computer and access SSO resources.
If I set up YubiKey for my ECU account, then change my ECU password, do I need to update the YubiKey with the new password?
No, you don’t need to update the YubiKey with the new password. The YubiKey itself doesn’t store your account passwords. Instead, it acts as the second factor for authentication, providing a one-time password (OTP) or a cryptographic signature to verify your identity. When you change your account password, the YubiKey continues to function as usual without needing any updates.
How can I purchase a Yubikey?
Departments can purchase through the PORT Office Depot punch-out catalog using a ProCard. Item No. 8960729.
Barnes and Noble has Yubikeys available for purchase as well. You can also purchase a Yubikey security key from other retail vendors, but it must be a Yubico brand security key.
