Overview
A security key is a physical device that you can use to sign in to your accounts instead of a username and password. You can use a security key with your computer, phone, or other devices. Security keys function using USB-provided power without needing an internal battery.
Employees and affiliates
We recommend moving to the Duo Mobile app - it’s the easiest way to do the CalNet 2-Step. If you do not have a smartphone (to use the Duo Mobile App), you may request a free YubiKey NFC Security Key to comply with security enhancements. To request a key, email calnet2-stephelp@berkeley.edu
If you lose your campus-provided security key or prefer to purchase your own, any key labeled as “FIDO2 compatible” should work with CalNet 2-Step. When placing your order, make sure you get one that will fit in your computer port, either a USB-A or USB-C.
Keys we recommend:
Students
We recommend moving to the Duo Mobile app - it’s the easiest way to do the CalNet 2-Step. If you do not have a smartphone (to use the Duo Mobile App), you may request a free HOTP Simple Hardware Token to use as an MFA (CalNet 2-Step) device. If you wish to purchase your own security key, we recommend upgrading to one of the FIDO2-compatible keys recommended above.
Enrolling Your Security Key
You must already have enrolled at least one device — smartphone, tablet or basic cell phone —in order to register a security key.
- Log in to mycalnet.berkeley.edu using your CalNet ID and passphrase, and, if prompted, complete a 2-Step verification
- Click on Manage 2-Step Verification
- Click on Duo Device Manager
- Log in again using your CalNet ID and passphrase
- Complete a 2-Step verification
- Once authenticated, you will be directed to the Duo Device Management Portal. Your existing devices will be listed.
- To register your key, select Add a Device
- Select Security key from the Select an option screen:
- Select Continue
- When prompted, insert your key into your computer and touch it. Ignore the screen that pops up prompting you to scan a QR code. Touching the security key is what will add the key to your Duo account.
- When complete, click the Complete button.
Enrollment Completed!
Congratulations! You have successfully enrolled your security key.
Advanced Use Case -- YubiKey AES and OAUTH
Advanced users may wish to enroll a YubiKey using AES or as an OAUTH device. These are not required to use CalNet 2-Step Verification, but advanced users may wish to leverage features of YubiKeys for specific departmental Duo integrations. Find out more at Advanced YubiKey Setup.