Security Keys

If you do not have a cell phone, you will need to purchase your own YubiKey security key to complete a 2-Step. You may also want to take advantage of the ease and security of using a security key in addition to your cell phone or Duo app. YubiKeys function using USB-provided power without needing an internal battery.  Following the instructions below, you may self-register your key for use with CalNet 2-Step (Duo).

Employees and students may pick up a free Simple Hardware Token to use as a 2-Step device in addition to or instead of a cell phone.

YubiKeys

YubiKeys can be purchased at yubico.com/store/ and work with most web services on most devices. 

Enrolling Your Key  Using the Duo Device Management Portal

1. icon-computer Log In to CalNet

From the CAS login screen (ex: https://bpr.calnet.berkeley.edu/account-manager/login/auth), 

Log in to CalNet

2. icon-computer Access the Device Management Portal

  • A 2-Step prompt will appear after you enter your CalNet ID and passphrase. 

  • If you are automatically logged in and the 2-Step prompt is bypassed, try either clearing cache/cookies or using an incognito browser

  • At the bottom of the page, select Other Options

Access Device Management Panel - other options

  • Under your list of existing devices, select Manage Devices

Bottom option is Manage Devices

  • Complete a 2-Step verification.

Complete a 2-step

3. icon-computer Add Your Device

  • Once authenticated, you will land on the Duo Device Management Portal. Your existing devices will be listed. 

  • Select Add a New Device

Device Management Panel Add Device

  • Select Security Key

Add Security Key

  • Select Continue 

yubikey continue

  • When prompted, insert your Key into your computer and touch it

Plug hardware token into device and touch it

Enrollment Completed!

Congratulations! You’ve successfully enrolled your Key.  Now when you log in to campus systems, you will be prompted for a second-step verification. 

Yubikey successfully enrolled

Advanced Use Case -- YubiKey AES and OAUTH

Advanced users may wish to enroll a YubiKey using AES or as an OAUTH device.  These are not required to use CalNet 2-Step Verification, but advanced users may wish to leverage features of YubiKeys for specific departmental Duo integrations. Find out more at Advanced YubiKey Setup.