Very well explained. I've been looking for hours for the right info. You explained it better than anyone else. I nearly bought the bio version as I thought that's what I needed. Thanks so much, you saved me from buying the wrong key at twice the price. Subbed.
Hey @sim1969 - Thanks so much for your coment and kind words, glad you found it useful and it was easy to follow. I'm planning on doing an 'updated version' video soon, so lets hope I can make it as helpful and easy to follow as this version. Thanks so much for subscribing 👍❤️
Hi George, Thanks for the constructive feedback. I agree I should have mentioned this when I produced the video but didn't realise at the time. Thanks for picking up on this!
Thanks Esteban, appreciate your support and comment. I am presuming you need to setup a new Windows User Account in which case I find it easier to just perform a right mouse click on the Start Menu and select Run, when the Run box appears type in 'Control Panel' (without ' ') then press Enter, when window appears just select 'User Accounts' and then 'Manage another account' then select 'Add a new user in PC settings'. When the new window appears select 'Add Account' and select 'I don't have this persons sign-in information' then you can just create a new user by following the prompts or you can select 'Add a user without a Microsoft Account' if you only want to create a local user without a Microsoft online account. Hope this helps!
Thanks for this very clear video. Please can you tell me what happens when you remove your yubikey after log in? Is the session locked or not? And other question: if I lock my screen, and remove my key for lunch for instance, is it required to insert again the yubikey ? Thanks a lot.
Once you've logged in successfully you should then be fine to remove the Yubikey. With regard to the lock screen, to be honest I haven't tried it but I would certainly think that you would need to authenticate again with the Yubikey. Just give it a go as it would be interesting to know.
@@maxencemaillot Ok cool, that will be interesting to know, so look forward to your further reply. I would think that you would need the Key again to unlock your screen, surely that would be the case you would think!
@@MrTimTech2022 Just for your information : if I lock my screen and remove my yubikey, I need to push it again to unlock my session. it is exactly what I was looking for.
@@maxencemaillot Hey Max. Thanks so much for the info, very helpful and great to know. I agree that's how it should be you would expect, so good to hear that to unlock it you do need the Yubikey interaction again. Thanks again!
I set up my Yubikey for Windows 11 signins, but I can also still sign in usual normal means too, this is just added as yet another sign in option to my already existent hello pin. Any tips to restrict W11 login to strictly the Yubikey for my username credential?
The Yubikey is used as an additional level of security for logging in, in addition to your username & password entry, for example. So you would use the Yubikey in addition & in combination with your PIN.
Hey Tim, thanks for the tutorial! I was wondering do you reckon you'll be able to one day windows login via Yubikey with a microsoft account (not as a local account)?
Hey @Seabr0ok - Thanks, appreciate that and thanks for your comment. I would like to think so, seeing as a lot of companies are now applying various additional security measures to login credentials, so you would think and hope that Yubico and Microsoft would work together to enhance things so that you can login with a Microsoft account. I guess in the interim you could create an additional 'local user' account in addition to your Microsoft one and then copy and paste the profile (possibly - I haven't tried it) so that both user accounts have the same settings in windows. I will certainly keep my eyes open for any enhancements and then produce an updated video with a how to.
Your videos are great. However, I don't clearly understand the difference between the Challenge/Response Secret items. Could you explain it more clearly to me, please? Thank you very much.
Hi. It might be worthwhile you reading on the Yubikey website about what Challenge Response is all about as it's too much for me to really explain in a comment. I would do some research, however I've extracted this from the Yubikey website which might explain it briefly for you :- Challenge-response The other OTP application configurations (Yubico OTP, OATH HOTP, and static password) require the user to activate the configured slot (by touching the YubiKey or scanning it with an NFC reader) in order to generate and submit the password from the YubiKey to a host device. Challenge-response, on the other hand, begins with a “challenge” that a host sends to the YubiKey. The YubiKey receives the challenge (as a byte array) and “responds” by encrypting or digesting (hashing) the challenge with a stored secret key and sending it back to the host for authentication. Challenge-response is flexible. It can be used in single and multi-factor authentication for logging into applications or devices, and validation can take place on a host device itself or on a validation server on an internal or external network. The SDK supports all of these scenarios. Thanks for your comment and thank you for your kind appreciation of my videos and I hope the above helps!
Hey Doug, Thank you so much for your kind feedback. Glad you liked the vid, please do stay tuned for more videos soon which I hope you will also find helpful.
Check to see if you're running a windows 'local account' and not a 'microsoft online account'. You need a 'local account' to use a Yubikey to login to Windows.
Hello Tim thank you for this tutorial. But may you help me please? I got as far as the yubikey login part but then when i would put in my windows username and password it says no credential or some sort of it. what could have gone wrong? thanks
Hi Joseph, you're welcome. I've never come across that message before. Are you trying to use it with a Microsoft 'Online' account and not a local account ? it will only work with local accounts.
I saw that it is possible to use Yubikey to access Windows (offline user only). The question is: what about access to HD? In this case, with more advanced techniques, they would be able to obtain the data from the independent HD, right?
Hello friend. For my research (a normal user), i found that the best way to ppl dont acess your HD data is to use veracrypt correctly. So, best is use Yubikey to acess windows offline (or dont use windows and use linux for example) and veracrypt. Hugs from Brazil@@MrTimTech2022
I've installed Yubikey login for Windows 10 and I still login using regular Windows login/password (I'm selecing my username on login screen)... no need to insert key... what I'm missing ?
There must be something you are doing wrong as it would request the Yubikey for logging in, did you select your username correctly when setting it up ? You are using it with a 'Local' account aren't you ? It will not work with a Microsoft Online account!
I believe it should, maybe you've set up something incorrectly. I haven't come across this myself to be honest. Have you checked Yubikey website help section ?
I have done these steps until I installed the Yubikey program. The problem is the program asked to reboot, and I didn't set the YubiKey... Now i cant login onto the PC. Any idea what I can do? I know my username and password but as its a company pc, it says I need to be in domain network, is there anyway I can overcome this?
Oh gosh, have you tried other login methods on the login screen, I believe there's a recovery or alternative login option their ? I'm guessing you have, or maybe not. From memory I think there's an option whereby you can put in your Yubikey recovery keychain password which was generated when you set up the Yubikey and app, you should have noted down the recover/backup key ? As I haven't used this on a domain controller I wouldn't know but maybe IT support can assist ? Or on the Yubikey support website FAQ's or contact Yubikey support as a last resort ?
@@MrTimTech2022 i have tried so much, i had to take it to my company tech to help me out, and he had to login with the recovery code, and somehow at one point we managed to login and uninstall the yubikey. Headeache 🤣
Glad you managed to sort out the issue between yourself and your tech company. Yes I recall also previously in the past uninstalling the Yubikey connection however for some reason it still didn't remove the Yubikey login option, albeit a secondary login procedure and which lukily I had kept the previous recovery code. Just a thought, keep the recovery code just in case you have any issues and in case it might not have TOTALLY removed the 2nd login option.
Hello i have a quastion, i have already google accounts secured on my yubikey, am i still able to use them when i configure the yubikey to login into my pc or are those datas lost, because this would be a not good situation for me? Thanks
Hey @rogersmith4926 - Thanks for your comment/question. Most Yubikey's have 2 available programming slots on them (mine does anyway) so provided only 1 of those slots has been programmed with something else (in your case Google) then you should be able to use the other slot for Windows login. To check which slots on the Yubikey are not already in use, go to the Yubico website and click on Support and then download the 'YubiKey Personalization Tool'. Once you've downloaded that Tool and installed it, it should show you which slots on your Yubikey have already been programmed. Then you should know which slot you can use on your Yubikey for windows login. Hope this helps & Happy New Year to you.
Did you firstly install Yubico Login as the 'Windows Administrator' ? Right clicking on the Yubico Login and select install as 'Administrator'. You also have to make sure that you are using a 'local' user account and not an online user account linked to Microsoft, you should create a 'local user account' under Microsoft Windows. Try and check the above and see how you get on.
Hi @bigbear3166 - Thanks for your comment. Yes I can confirm from testing and experience that once your logged in using your Yubikey and you remove the Yubikey application when logged in with the same user account, that you will no longer be prompted to insert your Yubikey to login in future.
Have you made sure you are using a 'Local User' account and not a Microsoft Account ? The only thing I can think of is that you may well be entering a wrong username as normally it would just ask for a password before adding Yubikey options.
Have you made sure that your using a 'local' user account and that it's not a microsoft online user account ? Click on 'Start' and open up 'Settings' then in the top left corner you should see your username and underneath that it needs to say 'Local Account'. You should be able to make it local (if it's not already) by opening up Accounts from the Settings menu and then change the settings to make it a local account.
The cheek of it 😃Yes you can of course set it to what speed you like, however the video is done at a 'slow pace' so that it's easy to follow for novices as well !
You won't need the Yubikey but should just be able to use your Microsoft credentials to access One Drive remotely, or just use a web browser to go to One Drive through that.
Very well explained. I've been looking for hours for the right info. You explained it better than anyone else. I nearly bought the bio version as I thought that's what I needed. Thanks so much, you saved me from buying the wrong key at twice the price. Subbed.
Hey @sim1969 - Thanks so much for your coment and kind words, glad you found it useful and it was easy to follow. I'm planning on doing an 'updated version' video soon, so lets hope I can make it as helpful and easy to follow as this version. Thanks so much for subscribing 👍❤️
great explanation - you were able to explain it much more simply than anyone else ive seen. Thanks Mr Tim!
Thanks very much Nitrousoxide921 - You're feedback is very much appreciated
I was zoning out a little while watching the video. I see "Configuring User: Tim" and my heart skipped a beat. lol.
@TimboSlice083 - Ha ha, you see it was personalised for you 😉
It would have been good to note at the beginning that this only works with local accounts, not with Microsoft accounts.
Hi George,
Thanks for the constructive feedback. I agree I should have mentioned this when I produced the video but didn't realise at the time. Thanks for picking up on this!
Question for you... Do you know if it is possible to manage/do with on-prem AD?
@@thegreatcerebral I'm afraid I don't know the answer to that.
Nice work. will be great when personal/local accounts can sign in with just the YubiKey PIN like with Microsoft Entra ID.
Yes, definitely, I agree. I'm sure it will be available in the future on Windows.
You have to set up a local windows account to make it work fi
Yes, you can only use this with 'Local' user accounts.
Very helpful video, Tim. I have a question, though. How can I configure a user on my PC? When I click the NEXT button, the page is blank.
Thanks Esteban, appreciate your support and comment. I am presuming you need to setup a new Windows User Account in which case I find it easier to just perform a right mouse click on the Start Menu and select Run, when the Run box appears type in 'Control Panel' (without ' ') then press Enter, when window appears just select 'User Accounts' and then 'Manage another account' then select 'Add a new user in PC settings'.
When the new window appears select 'Add Account' and select 'I don't have this persons sign-in information' then you can just create a new user by following the prompts or you can select 'Add a user without a Microsoft Account' if you only want to create a local user without a Microsoft online account.
Hope this helps!
Thanks for this very clear video. Please can you tell me what happens when you remove your yubikey after log in? Is the session locked or not?
And other question: if I lock my screen, and remove my key for lunch for instance, is it required to insert again the yubikey ? Thanks a lot.
Once you've logged in successfully you should then be fine to remove the Yubikey. With regard to the lock screen, to be honest I haven't tried it but I would certainly think that you would need to authenticate again with the Yubikey. Just give it a go as it would be interesting to know.
I am going to try next week... thanks
@@maxencemaillot Ok cool, that will be interesting to know, so look forward to your further reply.
I would think that you would need the Key again to unlock your screen, surely that would be the case you would think!
@@MrTimTech2022 Just for your information : if I lock my screen and remove my yubikey, I need to push it again to unlock my session. it is exactly what I was looking for.
@@maxencemaillot Hey Max. Thanks so much for the info, very helpful and great to know. I agree that's how it should be you would expect, so good to hear that to unlock it you do need the Yubikey interaction again. Thanks again!
Thank you for the effort and information
My pleasure
I set up my Yubikey for Windows 11 signins, but I can also still sign in usual normal means too, this is just added as yet another sign in option to my already existent hello pin. Any tips to restrict W11 login to strictly the Yubikey for my username credential?
The Yubikey is used as an additional level of security for logging in, in addition to your username & password entry, for example. So you would use the Yubikey in addition & in combination with your PIN.
i ahve the same issue lol
Hey Tim, thanks for the tutorial! I was wondering do you reckon you'll be able to one day windows login via Yubikey with a microsoft account (not as a local account)?
Hey @Seabr0ok - Thanks, appreciate that and thanks for your comment. I would like to think so, seeing as a lot of companies are now applying various additional security measures to login credentials, so you would think and hope that Yubico and Microsoft would work together to enhance things so that you can login with a Microsoft account. I guess in the interim you could create an additional 'local user' account in addition to your Microsoft one and then copy and paste the profile (possibly - I haven't tried it) so that both user accounts have the same settings in windows. I will certainly keep my eyes open for any enhancements and then produce an updated video with a how to.
Your videos are great. However, I don't clearly understand the difference between the Challenge/Response Secret items. Could you explain it more clearly to me, please? Thank you very much.
Hi. It might be worthwhile you reading on the Yubikey website about what Challenge Response is all about as it's too much for me to really explain in a comment. I would do some research, however I've extracted this from the Yubikey website which might explain it briefly for you :-
Challenge-response
The other OTP application configurations (Yubico OTP, OATH HOTP, and static password) require the user to activate the configured slot (by touching the YubiKey or scanning it with an NFC reader) in order to generate and submit the password from the YubiKey to a host device. Challenge-response, on the other hand, begins with a “challenge” that a host sends to the YubiKey. The YubiKey receives the challenge (as a byte array) and “responds” by encrypting or digesting (hashing) the challenge with a stored secret key and sending it back to the host for authentication.
Challenge-response is flexible. It can be used in single and multi-factor authentication for logging into applications or devices, and validation can take place on a host device itself or on a validation server on an internal or external network. The SDK supports all of these scenarios.
Thanks for your comment and thank you for your kind appreciation of my videos and I hope the above helps!
@@MrTimTech2022 Thank you for your help 👍👍
You're welcome👍
Useful information, thanks!
Hey Doug,
Thank you so much for your kind feedback. Glad you liked the vid, please do stay tuned for more videos soon which I hope you will also find helpful.
Windows 11 now supports native security key login. Just an FYI to anyone reading. 👍
Thanks Ty, very useful and good to hear.
How do I do this? It just gives me a Reset and Change Pin option whenever I try in my Sign-In settings on windows 11
❤
Check to see if you're running a windows 'local account' and not a 'microsoft online account'. You need a 'local account' to use a Yubikey to login to Windows.
Thanks for the useful video
How do i use yubikey 5 in pc connected to domain? Do i need to install it on the server? Please help
Hello Tim thank you for this tutorial. But may you help me please? I got as far as the yubikey login part but then when i would put in my windows username and password it says no credential or some sort of it. what could have gone wrong? thanks
Hi Joseph, you're welcome. I've never come across that message before. Are you trying to use it with a Microsoft 'Online' account and not a local account ? it will only work with local accounts.
Useful information 👍 thanks!
@Slawomir Szymanski - Thanks so much, appreciate your kind feedback.
I saw that it is possible to use Yubikey to access Windows (offline user only).
The question is: what about access to HD? In this case, with more advanced techniques, they would be able to obtain the data from the independent HD, right?
Maybe/maybe not. I guess research will tell you, let us know what you're research finds, be great for our community to know
Hello friend. For my research (a normal user), i found that the best way to ppl dont acess your HD data is to use veracrypt correctly. So, best is use Yubikey to acess windows offline (or dont use windows and use linux for example) and veracrypt. Hugs from Brazil@@MrTimTech2022
Is it possible to connect to a local Windows session without entering any User or Password?? just using the Yubi key?
I believe not. As far as I know you have to use it in conjuction with a Username & Password.
I've installed Yubikey login for Windows 10 and I still login using regular Windows login/password (I'm selecing my username on login screen)... no need to insert key... what I'm missing ?
There must be something you are doing wrong as it would request the Yubikey for logging in, did you select your username correctly when setting it up ? You are using it with a 'Local' account aren't you ? It will not work with a Microsoft Online account!
Do you know any option where I only need the yubikey and the yubikey's pin? Without the need of username/password
I don't sorry, it's just a second line of security/authentication so the user and password is still required.
Can you use Yubikey for Authenticating an RDP session with a windows host?
Unfortunately not, it only works with local user/machine access and not RDP sessions.
Where are you supposed to plug in the key on desktop? (Not laptop)
You plug it in to a USB A socket on your desktop PC.
Without the Yubi it won't let you access the computer at all? Not even Guest account?
I believe it should, maybe you've set up something incorrectly. I haven't come across this myself to be honest. Have you checked Yubikey website help section ?
I have done these steps until I installed the Yubikey program. The problem is the program asked to reboot, and I didn't set the YubiKey... Now i cant login onto the PC. Any idea what I can do? I know my username and password but as its a company pc, it says I need to be in domain network, is there anyway I can overcome this?
Oh gosh, have you tried other login methods on the login screen, I believe there's a recovery or alternative login option their ? I'm guessing you have, or maybe not. From memory I think there's an option whereby you can put in your Yubikey recovery keychain password which was generated when you set up the Yubikey and app, you should have noted down the recover/backup key ?
As I haven't used this on a domain controller I wouldn't know but maybe IT support can assist ? Or on the Yubikey support website FAQ's or contact Yubikey support as a last resort ?
@@MrTimTech2022 i have tried so much, i had to take it to my company tech to help me out, and he had to login with the recovery code, and somehow at one point we managed to login and uninstall the yubikey. Headeache 🤣
Glad you managed to sort out the issue between yourself and your tech company. Yes I recall also previously in the past uninstalling the Yubikey connection however for some reason it still didn't remove the Yubikey login option, albeit a secondary login procedure and which lukily I had kept the previous recovery code. Just a thought, keep the recovery code just in case you have any issues and in case it might not have TOTALLY removed the 2nd login option.
Oh no, i have a same problem
Hello i have a quastion, i have already google accounts secured on my yubikey, am i still able to use them when i configure the yubikey to login into my pc or are those datas lost, because this would be a not good situation for me? Thanks
Hey @rogersmith4926 - Thanks for your comment/question. Most Yubikey's have 2 available programming slots on them (mine does anyway) so provided only 1 of those slots has been programmed with something else (in your case Google) then you should be able to use the other slot for Windows login. To check which slots on the Yubikey are not already in use, go to the Yubico website and click on Support and then download the 'YubiKey Personalization Tool'. Once you've downloaded that Tool and installed it, it should show you which slots on your Yubikey have already been programmed. Then you should know which slot you can use on your Yubikey for windows login.
Hope this helps & Happy New Year to you.
@@MrTimTech2022 Thanks, happy new year
Hi. After following your instructions on the next steps, which allows you to place my name, and instead of next, it says skip. Need help
Did you firstly install Yubico Login as the 'Windows Administrator' ? Right clicking on the Yubico Login and select install as 'Administrator'.
You also have to make sure that you are using a 'local' user account and not an online user account linked to Microsoft, you should create a 'local user account' under Microsoft Windows.
Try and check the above and see how you get on.
so if i uninstall the yubikey login program from my PC will that remove the need to login with my key plugged in?
Hi @bigbear3166 - Thanks for your comment. Yes I can confirm from testing and experience that once your logged in using your Yubikey and you remove the Yubikey application when logged in with the same user account, that you will no longer be prompted to insert your Yubikey to login in future.
When I enter my login information it says invalid credential. Why?
Have you made sure you are using a 'Local User' account and not a Microsoft Account ? The only thing I can think of is that you may well be entering a wrong username as normally it would just ask for a password before adding Yubikey options.
Hey why my yubico key doesn't detect my account on my pc. Please help
By any chance do you have a Microsoft 'Online' account ? You have to have a 'Local' account to be able to use this.
@11:23 - it did not ask for you to press or touch the YubiKey ?
You have to enable that option in the Yubikey application.
the only user that popsup is defaultuser, but that's not my username? Why could this be
Have you made sure that your using a 'local' user account and that it's not a microsoft online user account ?
Click on 'Start' and open up 'Settings' then in the top left corner you should see your username and underneath that it needs to say 'Local Account'.
You should be able to make it local (if it's not already) by opening up Accounts from the Settings menu and then change the settings to make it a local account.
To anyone new here, set the playback speed to 1.5
The cheek of it 😃Yes you can of course set it to what speed you like, however the video is done at a 'slow pace' so that it's easy to follow for novices as well !
is there any way to change the main login name? Yubico Login?
I think you would have to go through the steps again and just tick another name from the list and untick another in the Yubikey app.
Hi, greate video but this do not work with domain account :)
Thank you. Yes it only works with local user accounts, not Microsoft Online or Domain accounts.
WARNING: Fails with Remote Desktop.
Yes it's not really meant to be used with Remote Desktop services.
More bother than it is worth
That's your personal opinion which your quite entitled to. However it does seem to be a popular solution/video.
What happens if I need to log in from another computer to access One Drive?
You won't need the Yubikey but should just be able to use your Microsoft credentials to access One Drive remotely, or just use a web browser to go to One Drive through that.