[{"data":1,"prerenderedAt":3026},["ShallowReactive",2],{"blog-all-en":3,"i-heroicons:building-office-2":2992,"i-heroicons:computer-desktop":2996,"i-heroicons:cloud":2998,"i-heroicons:server":3000,"i-heroicons:folder":3002,"i-heroicons:chart-bar":3004,"i-heroicons:lock-closed":3006,"i-heroicons:rectangle-stack":3008,"i-heroicons:scale":3010,"i-heroicons:key":3012,"i-heroicons:finger-print":3014,"i-heroicons:cpu-chip":3016,"i-heroicons:document-text":3018,"i-heroicons:shield-exclamation":3020,"i-heroicons:shield-check":3022,"i-heroicons:x-mark":3024},{"data":4,"meta":2988},[5,93,171,237,302,350,406,462,495,561,618,677,740,752,809,865,921,977,1033,1094,1158,1211,1267,1323,1384,1439,1495,1556,1607,1658,1720,1796,1845,1903,1959,1995,2038,2088,2141,2194,2236,2286,2338,2373,2402,2451,2487,2522,2574,2625,2660,2688,2721,2769,2822,2874,2914,2967],{"id":6,"documentId":7,"title":8,"content":9,"slug":10,"published":11,"createdAt":12,"updatedAt":12,"publishedAt":13,"locale":14,"authorManual":15,"cover":16,"tags":66},69,"iiyzpuqo0c39n0swj4tt7kju","Preventing the Spread of Ransomware: Why YubiOn Is Effective for Securing Device Logins","\u003Cp>Updated: Jan 27\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_prevent_ransomware_spread_with_yubion_1_80a91c8eb4.png\" alt=\"サムウェアの被害拡大を防ぐYubiOnｎお\">\u003C\u002Fp>\n\u003Cp>In recent years, \u003Cstrong>ransomware\u003C\u002Fstrong> attacks have occurred frequently across companies of all sizes. Major attacks reported in the news are \u003Cem>not\u003C\u002Fem> someone else’s problem. In fact, attacks targeting small and medium-sized businesses with weaker security measures, as well as attacks aimed at large companies’ supply chains, are increasing.\u003C\u002Fp>\n\u003Cp>One major factor behind this trend is \u003Cstrong>the rapid advancement of generative AI\u003C\u002Fstrong>. In the past, it was relatively easy to detect attack emails from overseas due to their “unnatural Japanese.” However, with the evolution of AI, attackers can now generate extremely natural and sophisticated Japanese text. As a result, detecting attacks based on “linguistic awkwardness” has become much more difficult, and the number of cases in which Japanese companies are targeted has risen sharply.\u003C\u002Fp>\n\u003Cp>As companies are required to implement immediate security measures, we recommend the adoption of \u003Cstrong>YubiOn\u003C\u002Fstrong> as one such solution.\u003C\u002Fp>\n\u003Cp>This article explains \u003Cstrong>why YubiOn is effective as a countermeasure against ransomware\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ Ransomware Attack Vectors and Conventional Countermeasures\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The most common ransomware entry points include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Email attacks:\u003C\u002Fstrong> Opening attachments or URLs in emails disguised as business communications\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Websites:\u003C\u002Fstrong> Being directed to tampered websites or phishing sites\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Vulnerabilities in VPN devices:\u003C\u002Fstrong> Exploiting security holes in remote-work environments\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The “\u003Cstrong>YubiOn\u003C\u002Fstrong>” series we provide strengthens security through multi-factor authentication (2FA) for PC logon and web service login.\u003C\u002Fp>\n\u003Cp>At first glance, it may seem strange: \u003Cstrong>&quot;If YubiOn doesn&#39;t prevent virus infection, how can it help with ransomware?&quot;\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The answer lies in the \u003Cstrong>multiple phases\u003C\u002Fstrong> of ransomware attacks.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ What Are the “Phases” of a Ransomware Attack?\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Ransomware damage does \u003Cem>not\u003C\u002Fem> occur the moment a virus enters a PC. To achieve their final goals (encrypting or stealing data), attackers move through several phases inside the network.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>1. Initial Access\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>They break into a single employee’s PC via phishing emails or similar methods.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>2. Credential Access\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>They attempt to steal stored IDs and passwords from the infiltrated PC.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>3. Lateral Movement\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This is the most critical phase. Using the stolen credentials, attackers try to \u003Cstrong>log in to other PCs and servers across the network, spreading the infection\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>4. Privilege Escalation &amp; Impact\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>They obtain admin privileges and then encrypt organization-wide servers, destroy backups, or exfiltrate confidential data.\u003C\u002Fp>\n\u003Cp>In other words, whether severe damage occurs depends on whether the attacker can move \u003Cstrong>from the “first compromised PC”\u003C\u002Fstrong> \u003Cstrong>to &quot;more important systems such as servers&quot;\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ How YubiOn Helps\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>This is where YubiOn’s \u003Cstrong>strengthened device logon control\u003C\u002Fstrong> becomes effective. By requiring 2FA—such as a password plus a physical YubiKey—for PC and server logon, YubiOn disrupts the attack sequence.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>1.\u003C\u002Fstrong> \u003Cstrong>Prevents Unauthorized Logons After Initial Infection\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Even if attackers successfully steal passwords, they \u003Cstrong>cannot log in\u003C\u002Fstrong> without the physical YubiKey.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>2.\u003C\u002Fstrong> \u003Cstrong>Blocks Lateral Movement Within the Network\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Attempts to access servers or other PCs fail due to YubiOn’s 2FA. Since \u003Cstrong>attackers cannot &quot;move to the next PC,&quot;\u003C\u002Fstrong> the damage can be contained to the \u003Cem>initial\u003C\u002Fem> device.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>3.\u003C\u002Fstrong> \u003Cstrong>Protects Critical Servers\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>By reinforcing logon security for the organization’s core servers, YubiOn prevents catastrophic outcomes such as “full-company data encryption” or “backup destruction.”\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ Summary\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>YubiOn does \u003Cstrong>not\u003C\u002Fstrong> prevent the initial intrusion via email. However, even if a breach happens, YubiOn \u003Cstrong>prevents the attacker from freely moving and logging into other systems, blocking organization-wide damage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>In today’s environment, where \u003Cstrong>“assume the breach”\u003C\u002Fstrong> is the norm, moving beyond ID\u002Fpassword-only authentication is essential. YubiOn \u003Cstrong>is easy to deploy\u003C\u002Fstrong> in existing environments and \u003Cstrong>can be used immediately\u003C\u002Fstrong>. With minimal cost and effort, it provides highly effective protection against the worst security risks.\u003C\u002Fp>\n\u003Cp>For detailed information about YubiOn products, implementation consultation, or document requests, please contact us through the inquiry form.\u003C\u002Fp>\n\u003Cp>Thank you for reading.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ Related Links\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cstrong>[\u003Cstrong>\u003Cstrong>Security Key Sales\u003C\u002Fstrong>\u003C\u002Fstrong>]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">YubiKeyShop Official Distributor\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">Amazon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Smart Logon with Passkeys\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[YubiOn FIDO Logon]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">https:\u002F\u002Fwww.yubion.com\u002Ffidologon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Security for Both Windows and Mac\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[YubiOn Portal]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion-portal\">https:\u002F\u002Fwww.yubion.com\u002Fyubion-portal\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Turn Everyday Authentication into Passkeys\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[YubiOn FIDO2 Server Service]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffss.yubion.com\u002F\">https:\u002F\u002Ffss.yubion.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[\u003Cstrong>\u003Cstrong>Product Inquiries\u003C\u002Fstrong>\u003C\u002Fstrong>]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Finquiry.yubion.com\u002F\">Inquiry Form\u003C\u002Fa>\u003C\u002Fp>\n","prevent-ransomware-spread-with-yubion","2025-12-04","2026-04-28T06:50:19.097Z","2026-04-28T06:50:22.242Z","en","Matsuda",{"id":17,"documentId":18,"name":19,"alternativeText":20,"caption":20,"focalPoint":20,"width":21,"height":22,"formats":23,"hash":61,"ext":25,"mime":29,"size":62,"url":63,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":65,"updatedAt":65,"publishedAt":65},666,"amg3i7bhvj493zbstyahwrwh","blog-prevent-ransomware-spread-with-yubion-1.png",null,1536,1024,{"large":24,"small":35,"medium":44,"thumbnail":52},{"ext":25,"url":26,"etag":27,"hash":28,"mime":29,"name":30,"path":20,"size":31,"width":32,"height":33,"sizeInBytes":34},".png","https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_prevent_ransomware_spread_with_yubion_1_80a91c8eb4.png","c0944e98fc2a6d111b299ffce7575881","large_blog_prevent_ransomware_spread_with_yubion_1_80a91c8eb4","image\u002Fpng","large_blog-prevent-ransomware-spread-with-yubion-1.png",725.49,1000,667,725489,{"ext":25,"url":36,"etag":37,"hash":38,"mime":29,"name":39,"path":20,"size":40,"width":41,"height":42,"sizeInBytes":43},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_prevent_ransomware_spread_with_yubion_1_80a91c8eb4.png","717fd1be8054be4095d27df40588c7ea","small_blog_prevent_ransomware_spread_with_yubion_1_80a91c8eb4","small_blog-prevent-ransomware-spread-with-yubion-1.png",194.48,500,333,194479,{"ext":25,"url":45,"etag":46,"hash":47,"mime":29,"name":48,"path":20,"size":49,"width":50,"height":41,"sizeInBytes":51},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_prevent_ransomware_spread_with_yubion_1_80a91c8eb4.png","d54ee0d798e26235fd280489372ec7c3","medium_blog_prevent_ransomware_spread_with_yubion_1_80a91c8eb4","medium_blog-prevent-ransomware-spread-with-yubion-1.png",414.85,750,414850,{"ext":25,"url":53,"etag":54,"hash":55,"mime":29,"name":56,"path":20,"size":57,"width":58,"height":59,"sizeInBytes":60},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_prevent_ransomware_spread_with_yubion_1_80a91c8eb4.png","acbbe94243d6463452d0a26343a1d57c","thumbnail_blog_prevent_ransomware_spread_with_yubion_1_80a91c8eb4","thumbnail_blog-prevent-ransomware-spread-with-yubion-1.png",53.15,234,156,53151,"blog_prevent_ransomware_spread_with_yubion_1_80a91c8eb4",527.72,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_prevent_ransomware_spread_with_yubion_1_80a91c8eb4.png","aws-s3","2026-04-28T06:50:03.216Z",[67,73,79,85],{"id":68,"documentId":69,"name":70,"slug":20,"createdAt":71,"updatedAt":71,"publishedAt":72},14,"cayvzwteev09nngcidjgi3lb","YubiOn FIDO Logon","2026-04-28T01:49:14.235Z","2026-04-28T01:49:16.082Z",{"id":74,"documentId":75,"name":76,"slug":20,"createdAt":77,"updatedAt":77,"publishedAt":78},24,"p59b5ecziayc0578eir6ussk","YubiOn Portal","2026-04-28T05:13:45.133Z","2026-04-28T05:13:46.979Z",{"id":80,"documentId":81,"name":82,"slug":20,"createdAt":83,"updatedAt":83,"publishedAt":84},106,"x5j8ev41ktjdr2ihyxxpzsdj","Cyberattack","2026-04-28T06:50:12.637Z","2026-04-28T06:50:14.473Z",{"id":86,"documentId":87,"name":88,"slug":89,"createdAt":90,"updatedAt":91,"publishedAt":92},152,"vol3kfjwwo4rpsu9sp76xz1h","YubiOn WindowsLogon Standalone","yubion-windowslogon-standalone","2026-04-28T05:36:24.367Z","2026-06-02T05:08:16.961Z","2026-06-02T05:08:20.183Z",{"id":94,"documentId":95,"title":96,"content":97,"slug":98,"published":99,"createdAt":100,"updatedAt":100,"publishedAt":101,"locale":14,"authorManual":102,"cover":103,"tags":146},87,"m5b0po97uu2x67d2vca93275","Trying Out the Fastest Way to Implement FIDO Authentication: “YubiOn FIDO2 Server Service”","\u003Cp>Recently, YubiOn released a new service called \u003Cstrong>“YubiOn FIDO2 Server Service.”\u003C\u002Fstrong> This service is primarily intended for developers and development vendors, enabling them to easily integrate FIDO (passkey) authentication into the services they provide. Normally, in order to properly validate FIDO authentication, developers must implement a variety of verification processes according to specifications such as WebAuthn. However, by offering these processes as a service, this solution makes it effortless to introduce passkey authentication.\u003C\u002Fp>\n\u003Cp>Previously, Soft Giken offered a certified FIDO2 Server product called \u003Cstrong>“YubiOn FIDO2 Server,”\u003C\u002Fstrong> which had been approved by the FIDO Alliance. However, it was not provided as a service; instead, we delivered the necessary environment individually in response to customer requests. With the release of the \u003Cstrong>YubiOn FIDO2 Server Service\u003C\u002Fstrong>, this solution has now been fully service‑based, allowing customers to introduce it more easily and more quickly.\u003C\u002Fp>\n\u003Cp>This time, we will use the sample application prepared by our company to show how simple it becomes to implement passkey authentication by introducing the YubiOn FIDO2 Server Service.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>■Flow of Implementation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you would like to understand the system architecture or authentication mechanism, please refer to the \u003Ca href=\"https:\u002F\u002Ffss.yubion.com\u002Fguide\u002Fen\u002Foverview\u002Findex.html\">service overview\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Although the implementation flow is also described in the \u003Ca href=\"https:\u002F\u002Ffss.yubion.com\u002Fguide\u002Fen\u002Fsetup\u002Findex.html\">manual\u003C\u002Fa>, the general steps are as follows:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Customer Registration\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>↓\u003C\u002Fp>\n\u003Cp>２． RP Registration\u003C\u002Fp>\n\u003Cp>↓\u003C\u002Fp>\n\u003Cp>３． API Key Registration\u003C\u002Fp>\n\u003Cp>↓\u003C\u002Fp>\n\u003Cp>４． SDK Integration\u003C\u002Fp>\n\u003Cp>↓\u003C\u002Fp>\n\u003Cp>５． Operational Testing\u003C\u002Fp>\n\u003Cp>Normally, in step 4 (SDK Integration), after obtaining the SDK, you would need to implement logic within your service that calls the YubiOn FIDO2 Server Service API. However, for this walkthrough, we will use a sample that already has this logic implemented, so you can experience the process more easily.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>■ Trying Out the Sample\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Environment Used\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>OS: Windows 11\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Browser: Chrome\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Passkey: Windows Hello (Fingerprint Authentication)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Source Code Editor: Visual Studio Code\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Prerequisites:\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fnodejs.org\u002Fen\u002Fdownload\u002F\">Node.js\u003C\u002Fa> and npm must be installed.\u003C\u002Fp>\n\u003Cp>I used Node.js (v22) and npm (v10).\u003C\u002Fp>\n\u003Cp>(Installing Node.js typically installs npm as well.)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Service Registration &amp; Preparation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cp>Register a Customer (Free Registration)\u003C\u002Fp>\n\u003Cp>●Steps\u003C\u002Fp>\n\u003Cp>Open the &quot;\u003Ca href=\"https:\u002F\u002Ffss.yubion.com\u002Fja\">YubiOn FIDO2 Server Service\u003C\u002Fa>&quot; page and click \u003Cstrong>“New Registration”\u003C\u002Fstrong> in the top right corner.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_1_2d955afb83.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>By agreeing to the handling of personal information, you will proceed to the customer registration screen.\u003C\u002Fp>\n\u003Cp>Enter the required customer information and agree to the Terms of Service, then click the \u003Cstrong>“Register”\u003C\u002Fstrong> button.\u003C\u002Fp>\n\u003Cp>　・\u003Cstrong>Admin name\u003C\u002Fstrong>\u003Cstrong>:\u003C\u002Fstrong> YubiOn (any name)\u003C\u002Fp>\n\u003Cp>　・\u003Cstrong>Admin email address\u003C\u002Fstrong>\u003Cstrong>:\u003C\u002Fstrong> An email will be sent after registration to activate the account.\u003C\u002Fp>\n\u003Cp>　・\u003Cstrong>Customer name:\u003C\u002Fstrong> Test Customer (any name)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_2_69770a840c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After the customer registration is completed, a customer registration approval email will be sent to the administrator&#39;s email address.\u003C\u002Fp>\n\u003Cp>Click the URL link in the email body to open the customer activation screen.\u003C\u002Fp>\n\u003Cp>Once you register a passkey to log in to the &quot;YubiOn FIDO2 Server Service&quot; management website, the activation will be complete.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_3_02bc4cb015.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A passkey registration modal will appear, so follow the instructions to register your passkey.\u003C\u002Fp>\n\u003Cp>In this example, we will use Windows Hello and register with a fingerprint.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_4_c0bfbf7802.png\" alt=\"\">\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Registering an RP\u003C\u002Fp>\n\u003Cp>\u003Cstrong>RP\u003C\u002Fstrong> (Relying Party) is a FIDO term that refers to the service or web application that implements FIDO authentication.\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>RP ID\u003C\u002Fstrong> is an identifier used to distinguish that service, and it is usually the domain name. In the case of the \u003Cstrong>“YubiOn FIDO2 Server Service”\u003C\u002Fstrong>, to prevent unauthorized third parties from registering services, ownership of the domain is normally verified when registering an RP. However, to make it easier to verify operation in development environments, RP IDs ending with .localhost can be used without ownership verification. In this walkthrough, we will use that mechanism to proceed.\u003C\u002Fp>\n\u003Cp>●Steps\u003C\u002Fp>\n\u003Cp>Log in to the “YubiOn FIDO2 Server Service” management website and open the \u003Cstrong>RP\u003C\u002Fstrong> screen.\u003C\u002Fp>\n\u003Cp>Click the \u003Cstrong>“Register RP”\u003C\u002Fstrong> button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_5_d4e28eabf7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A modal window for RP registration will open. Enter the required information and complete the registration.\u003C\u002Fp>\n\u003Cp>　・RP ID: test-app**.localhost** (any name + \u003Cstrong>.localhost\u003C\u002Fstrong>\u003Cstrong>)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>　・RP name: Test App (any name)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_6_b617438d0b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Normally, the RP would become “Verified” after confirming ownership. However, since we are using the development‑only “.localhost” as the RP ID this time, you can see that it is already marked as “Verified” at the time of RP registration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_7_ce97d28f20.png\" alt=\"\">\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Register an API Key\u003C\u002Fp>\n\u003Cp>Create a key that will be required when accessing the \u003Cstrong>YubiOn FIDO2 Server Service\u003C\u002Fstrong> API from the RP you registered. You will register it using \u003Cstrong>Nonce Signature Authentication\u003C\u002Fstrong>, and you must make a note of the \u003Cstrong>API Authentication ID\u003C\u002Fstrong> and \u003Cstrong>Secret Key\u003C\u002Fstrong> that are displayed after registration.\u003C\u002Fp>\n\u003Cp>●Steps\u003C\u002Fp>\n\u003Cp>Open the \u003Cstrong>API Key\u003C\u002Fstrong> screen from the RP details. (You can open the RP details by clicking the RP you registered on the RP screen.)\u003C\u002Fp>\n\u003Cp>Click the \u003Cstrong>“Register API key”\u003C\u002Fstrong> button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_8_16d512202a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A modal window for API key registration will open. Enter the required information and complete the registration.\u003C\u002Fp>\n\u003Cp>　・API auth name: Test API key (any name)\u003C\u002Fp>\n\u003Cp>　・API auth type: \u003Cstrong>Nonce sign auth\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>※For this example, we are selecting Nonce Signature Authentication because of the implementation used in the sample application.\u003C\u002Fp>\n\u003Cp>　　　　　　　　　　For actual production use, please select the appropriate \u003Ca href=\"https:\u002F\u002Ffss.yubion.com\u002Fguide\u002Fen\u002Fdeveloper\u002Fapi-reference\u002Fapi_common_info\u002Findex.html\">authentication type\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_9_3cdd7df693.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After registering the API key, make sure to record the \u003Cstrong>API authentication ID\u003C\u002Fstrong> and \u003Cstrong>secret key\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_10_b0c2d648f9.png\" alt=\"\">\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Preparing the Sample Application\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You will use Visual Studio Code (VS Code) to run a web server on your PC.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cp>Obtain the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FYubiOn-Dev-Team\u002Fyubion-fido2-server-sdk-js\u002F\">SDK\u003C\u002Fa> Sample Application\u003C\u002Fp>\n\u003Cp>The Node.js SDK source code includes a simple sample application that allows you to test FIDO registration and authentication features. You can access this sample by cloning the SDK source code from GitHub or by downloading the ZIP file and using the sample directory contained within it. Detailed setup instructions can be found in the README.md or README.ja.md file located directly under the sample directory.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Set Environment Variables\u003C\u002Fp>\n\u003Cp>Copy the sample\u002Fserver\u002F.env.sample file and create a new .env file in the same location.\u003C\u002Fp>\n\u003Cp>Open the .env file in VS Code and edit the following values:\u003C\u002Fp>\n\u003Cp>　・FSS_RP_ID: test-app.localhost (the RP ID you registered)\u003C\u002Fp>\n\u003Cp>　・FSS_API_KEY_ID: (API authentication ID you recorded when registering the API key)\u003C\u002Fp>\n\u003Cp>　・FSS_API_SECRET: (Secret key you recorded when registering the API key)\u003C\u002Fp>\n\u003Cp>　・SESSION_SECRET: (A long, random string used to protect user sessions)\u003C\u002Fp>\n\u003Cp>　・CLIENT_ORIGIN_URL: \u003Ca href=\"http:\u002F\u002Ftest-app.localhost:5173\">http:\u002F\u002Ftest-app.localhost:5173\u003C\u002Fa> (URL of the client application)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_11_d261d3ddf8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Because of the structure of the application, the backend and frontend run on separate servers, so you will need to start both of them.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>３． Start the Backend\u003C\u002Fp>\n\u003Cp>Open the terminal in VS Code and execute the following commands:\u003C\u002Fp>\n\u003Cpre>\u003Ccode># Move to the sample\u002Fserver directory\ncd sample\u002Fserver\n\n# Install dependencies\nnpm ci\n\n# Start the development server\nnpm run dev\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>If the server starts successfully, it should be running at: \u003Ca href=\"http:\u002F\u002Flocalhost:3000\">http:\u002F\u002Flocalhost:3000\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>４． Start the Frontend\u003C\u002Fp>\n\u003Cp>Open a new terminal in VS Code and execute the following commands:\u003C\u002Fp>\n\u003Cpre>\u003Ccode># Move to the sample\u002Fclient directory\ncd sample\u002Fclient\n\n# Install dependencies\nnpm ci\n\n# Start the development server\nnpm run dev\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The client development server will start on a port such as: \u003Ca href=\"http:\u002F\u002Flocalhost:5173\">http:\u002F\u002Flocalhost:5173\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Verify Sample Operation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once both the server and client are running, you can test passkey registration and authentication from your browser.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cp>Access the Sample Application\u003C\u002Fp>\n\u003Cp>Open your browser and access: \u003Ca href=\"http:\u002F\u002Ftest-app.localhost:5173\u002F\">http:\u002F\u002Ftest-app.localhost:5173\u002F\u003C\u002Fa> (or http:\u002F\u002F\u003Cem>\u003Cthe RPID you set>\u003C\u002Fem>:5173\u002F). If everything is configured correctly, the login screen of the sample application will appear.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_12_c51c2a0709.png\" alt=\"\">\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Register a User and Passkey\u003C\u002Fp>\n\u003Cp>Click the \u003Cstrong>&quot;Create a new account&quot;\u003C\u002Fstrong> link to open the user registration page.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_13_59ef540bd9.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After entering any user information, click the \u003Cstrong>&quot;Register and Add Passkey&quot;\u003C\u002Fstrong> button.\u003C\u002Fp>\n\u003Cp>A passkey registration modal will appear. Follow the instructions to complete the passkey registration.\u003C\u002Fp>\n\u003Cp>In this example, we will register using a fingerprint—just as we did with the \u003Cstrong>YubiOn FIDO2 Server Service\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_14_9e13d93d3c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Since the SDK is integrated, the passkey registration completes successfully.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Log in\u003C\u002Fp>\n\u003Cp>Click the \u003Cstrong>&quot;Login with Passkey&quot;\u003C\u002Fstrong> button to log in using your passkey.\u003C\u002Fp>\n\u003Cp>The user list is now displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_15_5f8aa9535e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Passkey authentication was successful!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Verify Operation\u003C\u002Fp>\n\u003Cp>To verify that everything is working correctly, open the management website for the \u003Cstrong>YubiOn FIDO2 Server Service\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>On the RP details page, open the \u003Cstrong>“API Logs”\u003C\u002Fstrong> screen. You should see the relevant information reflected there, confirming that passkey registration and authentication were processed successfully.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_16_a07342ce04.png\" alt=\"\">\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>How was it? Although this was only a sample, we incorporated the SDK into the application and actually tested passkey registration and authentication. In a real project, you would need to implement your own service logic and then integrate the SDK. However, you may have seen how easily FIDO authentication can be introduced simply by adding the SDK.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>■Summary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The \u003Cstrong>YubiOn FIDO2 Server Service\u003C\u002Fstrong> is a powerful solution for companies considering the adoption of FIDO authentication. It significantly reduces both development cost and implementation time. By using this service, you can quickly and efficiently integrate FIDO authentication—which enhances security while improving the user experience—into your own services.\u003C\u002Fp>\n\u003Cp>You can register for free, so feel free to try it out.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>■Related Links\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>[YubiOn FIDO2 Server Service]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffss.yubion.com\u002Fja\">https:\u002F\u002Ffss.yubion.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[YubiOn FIDO2 Server Service Manual]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffss.yubion.com\u002Fguide\u002Fen\u002F\">https:\u002F\u002Ffss.yubion.com\u002Fguide\u002Fen\u002F\u003C\u002Fa>\u003C\u002Fp>\n","yubion-fido2-server-service-fast-passkey-auth","2025-09-24","2026-04-28T07:06:08.807Z","2026-04-28T07:06:11.794Z","Asa",{"id":104,"documentId":105,"name":106,"alternativeText":20,"caption":20,"focalPoint":20,"width":107,"height":108,"formats":109,"hash":142,"ext":25,"mime":29,"size":143,"url":144,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":145,"updatedAt":145,"publishedAt":145},802,"o1kpsrnamynobm7wtseigedc","blog-yubion-fido2-server-service-fast-passkey-auth-1.png",1825,894,{"large":110,"small":118,"medium":126,"thumbnail":134},{"ext":25,"url":111,"etag":112,"hash":113,"mime":29,"name":114,"path":20,"size":115,"width":32,"height":116,"sizeInBytes":117},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_yubion_fido2_server_service_fast_passkey_auth_1_2d955afb83.png","c4afdcc3570d56b394a85f24dde51273","large_blog_yubion_fido2_server_service_fast_passkey_auth_1_2d955afb83","large_blog-yubion-fido2-server-service-fast-passkey-auth-1.png",430.19,490,430187,{"ext":25,"url":119,"etag":120,"hash":121,"mime":29,"name":122,"path":20,"size":123,"width":41,"height":124,"sizeInBytes":125},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubion_fido2_server_service_fast_passkey_auth_1_2d955afb83.png","a14bc1312d5e16077ca92f410156a68c","small_blog_yubion_fido2_server_service_fast_passkey_auth_1_2d955afb83","small_blog-yubion-fido2-server-service-fast-passkey-auth-1.png",115.73,245,115728,{"ext":25,"url":127,"etag":128,"hash":129,"mime":29,"name":130,"path":20,"size":131,"width":50,"height":132,"sizeInBytes":133},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_yubion_fido2_server_service_fast_passkey_auth_1_2d955afb83.png","196faf55176cd2ef3e06e0c0c030b64b","medium_blog_yubion_fido2_server_service_fast_passkey_auth_1_2d955afb83","medium_blog-yubion-fido2-server-service-fast-passkey-auth-1.png",239.51,367,239513,{"ext":25,"url":135,"etag":136,"hash":137,"mime":29,"name":138,"path":20,"size":139,"width":124,"height":140,"sizeInBytes":141},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubion_fido2_server_service_fast_passkey_auth_1_2d955afb83.png","816ce4f1ff50077f29db870155a2c0b1","thumbnail_blog_yubion_fido2_server_service_fast_passkey_auth_1_2d955afb83","thumbnail_blog-yubion-fido2-server-service-fast-passkey-auth-1.png",38.48,120,38478,"blog_yubion_fido2_server_service_fast_passkey_auth_1_2d955afb83",241.05,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido2_server_service_fast_passkey_auth_1_2d955afb83.png","2026-04-28T07:04:47.026Z",[147,153,159,165],{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},44,"ndyi3ro2mlncggjsp6vy47ue","Passkeys","2026-04-28T05:22:55.540Z","2026-04-28T05:22:57.559Z",{"id":154,"documentId":155,"name":156,"slug":20,"createdAt":157,"updatedAt":157,"publishedAt":158},54,"aik3it1d9trj8u1rr5wbmw2d","FIDO2","2026-04-28T05:24:47.451Z","2026-04-28T05:24:49.300Z",{"id":160,"documentId":161,"name":162,"slug":20,"createdAt":163,"updatedAt":163,"publishedAt":164},56,"o72uon3nd8d31kuwuly0jame","YubiOn FIDO2 Server Service","2026-04-28T05:24:54.868Z","2026-04-28T05:24:56.719Z",{"id":166,"documentId":167,"name":168,"slug":20,"createdAt":169,"updatedAt":169,"publishedAt":170},110,"hspry4hzfp94ulih8tjfmu34","YubiOn FIDO2 Server","2026-04-28T07:06:03.949Z","2026-04-28T07:06:05.797Z",{"id":172,"documentId":173,"title":174,"content":175,"slug":176,"published":177,"createdAt":178,"updatedAt":178,"publishedAt":179,"locale":14,"authorManual":15,"cover":180,"tags":223},111,"y6lssqvm5rbeqof00ber3lmp","What is Phishing Fraud? Increasingly Sophisticated Tactics and Countermeasures","\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_phishing_fraud_tactics_countermeasures_1_8bcb985dbb.png\" alt=\"フィッシング詐欺とは\">\u003C\u002Fp>\n\u003Cp>In recent years, phishing scams have increasingly threatened our digital lives, and the number of victims continues to rise, showing no sign of decreasing. The tactics are becoming more sophisticated, and anyone can fall prey. In this article, we will explain everything from the basics—\u003Cstrong>“What is phishing?”\u003C\u002Fstrong>—to specific techniques, and most importantly, the latest information on　\u003Cstrong>“how to protect yourself from phishing.”\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ Why Are Countermeasures Necessary? The Spread of Phishing Scams\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>In recent years, the need for phishing countermeasures has been strongly emphasized. Why is that?\u003C\u002Fp>\n\u003Cp>It’s because of the growing number of phishing incidents and the severity of their impact, which we will discuss later.\u003C\u002Fp>\n\u003Cp>According to the \u003Cstrong>“Top 10 Information Security Threats”\u003C\u002Fstrong> published by the Information-technology Promotion Agency (IPA), phishing scams have \u003Cstrong>ranked among the top threats for six consecutive years\u003C\u002Fstrong> since 2019, making this a serious issue that requires urgent action across society.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Rederence:\u003C\u002Fstrong> IPA Top 10 Information Security Threts 2024 \u003Ca href=\"https:\u002F\u002Fwww.ipa.go.jp\u002Fsecurity\u002F10threats\u002F10threats2024.html\">https:\u002F\u002Fwww.ipa.go.jp\u002Fsecurity\u002F10threats\u002F10threats2024.html\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Even the number of reported phishing site URLs continues to rise year after year, showing that new threats are constantly emerging around us.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ What Is Phishing?\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cstrong>Phishing\u003C\u002Fstrong> is a type of cybercrime in which attackers impersonate legitimate companies or organizations by sending fake emails or SMS messages, or by directing victims to fraudulent websites. The goal is to illegally obtain sensitive personal information such as account credentials (ID and password), credit card details, names, addresses, and phone numbers. Stolen information is then used to steal money or commit further crimes.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_phishing_fraud_tactics_countermeasures_2_09d131cc7b.png\" alt=\"偽のメールで偽サイトに誘導する\">\u003C\u002Fp>\n\u003Cp>Figure 1: Example of sending a fake email to lure users to a fraudulent site and prompting them to enter their ID and password.\u003C\u002Fp>\n\u003Cp>While there are various theories about its origin, according to the \u003Ca href=\"https:\u002F\u002Fwww.soumu.go.jp\u002Fmain_sosiki\u002Fcybersecurity\u002Fkokumin\u002Fbasic\u002Frisk\u002F04\u002F\">Ministry of Internal Affairs and Communication website\u003C\u002Fa>, \u003Cstrong>&quot;phishing&quot;\u003C\u002Fstrong> is a coined term derived from “fishing” and “sophisticated.”\u003C\u002Fp>\n\u003Cp>The specific damage caused by phishing scams is serious and includes the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ch3>\u003Cstrong>Financial Losses\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Unauthorized transfers via internet banking, fraudulent use of credit cards leading to large bills, unauthorized purchases of goods or subscriptions to paid services on online platforms—all of these result in direct monetary losses.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ch3>\u003Cstrong>Misuse of Personal Information and Secondary Damage\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Stolen personal information such as names, addresses, phone numbers, email addresses, and passwords can be sold on the dark web or used for other scams (identity theft, fake billing, etc.). If you reuse the same password across multiple services, the risk of cascading damage increases significantly.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ch3>\u003Cstrong>Account Hijacking and Loss of Trust\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Social media accounts, email accounts, and online service accounts can be hijacked, allowing attackers to impersonate you and send scam messages to friends or post inappropriate content, potentially damaging your social credibility.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Once you fall victim to a phishing scam, it’s not just financial loss—you may also suffer emotional distress from misuse of personal information and spend significant time and effort restoring accounts and handling various procedures.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ Sophisticated Phishing Techniques That Are Hard to Avoid\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Phishing scams are becoming increasingly sophisticated and malicious with technological advances. Overconfidence, like “I’m careful, so I’m safe,” is dangerous. Attackers exploit psychological vulnerabilities, making it hard to completely avoid phishing even if you’re cautious.\u003C\u002Fp>\n\u003Cp>Here are some common techniques:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ch3>\u003Cstrong>Fake Emails\u002FSMS That Are Hard to Distinguish from Real Ones (Imitation of Appearance and Content)\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Phishing emails and SMS are \u003Cstrong>cleverly disguised to look authentic\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Sender addresses, display names, and SMS sender names often mimic legitimate companies or services, sometimes using parts of official domains. Logos and signatures are often copied perfectly, making it \u003Cstrong>easy to mistake them for genuine messages\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ch3>\u003Cstrong>Social Engineering Exploits Human Psychology (Psychological Manipulation)\u003C\u002Fstrong>\u003C\u002Fh3>\nPhishing scams manipulate psychological weaknesses and emotions, not just appearances.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>They \u003Cstrong>exploit obedience to authority\u003C\u002Fstrong> (&quot;Notice from your bank&quot;), \u003Cstrong>urgency\u003C\u002Fstrong> (&quot;Act now or face serious consequences&quot;), \u003Cstrong>curiosity\u003C\u002Fstrong> (&quot;You&#39;ve won a prize&quot;), and even \u003Cstrong>kindness\u003C\u002Fstrong> (&quot;Please help us update your information&quot;) to \u003Cstrong>trick recipients into lowering their guard\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ch3>\u003Cstrong>Highly Convincing Fake Websites\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Fake websites are increasingly sophisticated, \u003Cstrong>replicating official sites\u003C\u002Fstrong>’ design, layout, logos, and button placement \u003Cstrong>almost perfectly\u003C\u002Fstrong>. While older scams often had unnatural Japanese text that gave them away, recent cases are much harder to detect. Even if you suspect an email, you might still trust the linked site and enter sensitive information like IDs, passwords, or credit card details.\u003C\u002Fp>\n\u003Cp>URLs are also cleverly disguised, using similar strings (e.g., \u003Ca href=\"http:\u002F\u002Fmicrosft.com\">microsft.com\u003C\u002Fa> vs\u003Ca href=\"http:\u002F\u002Fmicrosoft.com\">microsoft.com\u003C\u002Fa>) or subdomains (e.g., \u003Ca href=\"http:\u002F\u002Famazon.co.jp\">amazon.co.jp\u003C\u002Fa>.●●●.com).\u003C\u002Fp>\n\u003Cp>Many fake sites now use HTTPS, so the presence of a padlock icon no longer guarantees safety.\u003C\u002Fp>\n\u003Cp>These techniques evolve daily and are often combined, so even the most vigilant users can fall victim due to a momentary lapse.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■\u003C\u002Fstrong> \u003Cstrong>Phishing Countermeasures: Practical Ways to Prevent Damage\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>To protect your information and assets from increasingly sophisticated phishing scams, it’s crucial to adopt multiple \u003Cstrong>countermeasures\u003C\u002Fstrong> regularly:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ch3>\u003Cstrong>Access Official Sites via Bookmarks or Official Apps\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Avoid clicking links in emails, SMS, or search results. Instead, \u003Cstrong>bookmark official sites\u003C\u002Fstrong> or \u003Cstrong>use official apps\u003C\u002Fstrong> for banks, shopping platforms, and social media. This is one of the most reliable ways to eliminate the risk of being redirected to fake sites.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Ch3>\u003Cstrong>Do Not Click Links or Open Attachments in Emails\u002FSMS\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Never click links or open attachments in messages\u003C\u002Fstrong> claiming “Account update,” “Security alert,” “Prize notification,” or “Package delivery.” Be especially cautious if asked to enter personal (ID, password) or payment information.\u003C\u002Fp>\n\u003Cp>It is common practice for the displayed text of a link to differ from the actual destination URL. There is a risk that the moment you click, you will be redirected to a fake site or malware will be downloaded. If you want to check the authenticity of a link, access the official website from your bookmarks or the official app and check for announcements, or contact the official support desk.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ch3>\u003Cstrong>Keep OS, Browser, and Security Software Updated\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Always apply updates promptly to your OS, browser, and security software. Leaving vulnerabilities unpatched increases the risk of phishing and malware attacks. Security software can detect and block known phishing sites and suspicious behavior, so keep it updated.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ch3>\u003Cstrong>Enforce Strong Password Management and Use Multi-Factor Authentication (MFA)\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Use unique, complex passwords for each service (mix uppercase, lowercase, numbers, and symbols). Never reuse passwords. Enable MFA wherever possible—using SMS codes, authenticator apps (such as Google Authenticator, Microsoft Authenticator), or security keys—to add an extra layer of protection.\u003C\u002Fp>\n\u003Cp>If a password is reused and leaked from one service, it can lead to a chain reaction of unauthorized access to other services. By setting up multi-factor authentication, even if a password is leaked, unauthorized logins can be prevented without additional authentication factors, dramatically increasing the security level of your account.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ch3>\u003Cstrong>[Highly Effective] Consider Using\u003C\u002Fstrong> \u003Cstrong>Passkeys\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Passkeys\u003C\u002Fstrong>, standardized by the FIDO Alliance, are a new authentication technology that eliminates passwords and offers \u003Cstrong>strong resistance to phishing\u003C\u002Fstrong>. Many major services now support passkeys. If available, register and use them as your primary login method.\u003C\u002Fp>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003Cstrong>Why Passkeys Are Strong Against Phishing\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>No passwords to remember or enter\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>With passkey authentication, there is \u003Cstrong>no password\u003C\u002Fstrong> that the user needs to remember or enter. Instead, authentication is performed using a pair of a private key that is securely stored on the device (smartphone, PC, security key) and a public key that is registered on the website. Therefore, there is no &quot;password&quot; to be stolen on phishing sites.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Domain binding\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Passkeys \u003Cstrong>only work on the legitimate website (domain)\u003C\u002Fstrong> for which they were generated and registered. Even if an attacker sets up a fake website that looks exactly like the real thing, the domain will be different, so the user&#39;s passkey will not be valid on that fake website. This prevents authentication information from being stolen even if the user accidentally attempts to authenticate on a fake website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Device-based authentication combined with biometrics\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>To use a passkey, you usually need to unlock (by entering a PIN code, fingerprint authentication, facial authentication, etc.) the device on which the passkey is stored (smartphone, PC, security key, etc.). This combines physical possession of the device with the user&#39;s biometric information, making it \u003Cstrong>extremely difficult for a third party to impersonate you\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>■\u003C\u002Fstrong> \u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cstrong>Phishing scams\u003C\u002Fstrong> are malicious cybercrimes targeting personal information and money, and their threat is growing every year.\u003C\u002Fp>\n\u003Cp>To avoid becoming a victim, stay vigilant and practice basic \u003Cstrong>countermeasures\u003C\u002Fstrong>: use bookmarks, avoid suspicious links, keep software updated, manage passwords properly, and enable MFA.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Passkeys\u003C\u002Fstrong> are a game-changer for \u003Cstrong>phishing prevention\u003C\u002Fstrong>—adopt them wherever possible for a safer digital life.\u003C\u002Fp>\n\u003Cp>Our company offers security keys compatible with passkeys and provides \u003Cstrong>YubiOn\u003C\u002Fstrong> security services based on passkey technology. If you’re considering measures against phishing and other cyberattacks, please explore YubiOn.\u003C\u002Fp>\n\u003Cp>For details, consultations, or document requests, contact us via our inquiry form.\u003C\u002Fp>\n\u003Cp>Thank you for reading.\u003C\u002Fp>\n\u003Ch2>■ Related Links\u003C\u002Fh2>\n\u003Cp>\u003Cstrong>[Security Key Sales]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">YubiKeyShop Authorized Distributor\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">Amazon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Smart logon with Passkeys\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[YubiOn FIDO Logon]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">https:\u002F\u002Fwww.yubion.com\u002Ffidologon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Turn your usual authentication into Passkeys\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[YubiOn FIDO2 Server]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffido2-server\">https:\u002F\u002Fwww.yubion.com\u002Ffido2-server\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[Product Inquiries]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Finquiry.yubion.com\u002F\">Contact\u003C\u002Fa>\u003C\u002Fp>\n","what-is-phishing-fraud-tactics-countermeasures","2025-04-10","2026-04-28T07:24:42.741Z","2026-04-28T07:24:45.748Z",{"id":181,"documentId":182,"name":183,"alternativeText":20,"caption":20,"focalPoint":20,"width":184,"height":185,"formats":186,"hash":219,"ext":25,"mime":29,"size":220,"url":221,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":222,"updatedAt":222,"publishedAt":222},985,"bc1xw94uoj2tztl96uzg5avx","blog-what-is-phishing-fraud-tactics-countermeasures-1.png",1278,748,{"large":187,"small":195,"medium":203,"thumbnail":211},{"ext":25,"url":188,"etag":189,"hash":190,"mime":29,"name":191,"path":20,"size":192,"width":32,"height":193,"sizeInBytes":194},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_what_is_phishing_fraud_tactics_countermeasures_1_8bcb985dbb.png","d983fb3a8668e13d43073057b05d26be","large_blog_what_is_phishing_fraud_tactics_countermeasures_1_8bcb985dbb","large_blog-what-is-phishing-fraud-tactics-countermeasures-1.png",131.97,585,131969,{"ext":25,"url":196,"etag":197,"hash":198,"mime":29,"name":199,"path":20,"size":200,"width":41,"height":201,"sizeInBytes":202},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_what_is_phishing_fraud_tactics_countermeasures_1_8bcb985dbb.png","195c597df446f83cff7f3391b05552bc","small_blog_what_is_phishing_fraud_tactics_countermeasures_1_8bcb985dbb","small_blog-what-is-phishing-fraud-tactics-countermeasures-1.png",55.29,293,55288,{"ext":25,"url":204,"etag":205,"hash":206,"mime":29,"name":207,"path":20,"size":208,"width":50,"height":209,"sizeInBytes":210},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_what_is_phishing_fraud_tactics_countermeasures_1_8bcb985dbb.png","3071e4b7b63ef53ddedd7a1fa14915bb","medium_blog_what_is_phishing_fraud_tactics_countermeasures_1_8bcb985dbb","medium_blog-what-is-phishing-fraud-tactics-countermeasures-1.png",90.16,439,90162,{"ext":25,"url":212,"etag":213,"hash":214,"mime":29,"name":215,"path":20,"size":216,"width":124,"height":217,"sizeInBytes":218},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_what_is_phishing_fraud_tactics_countermeasures_1_8bcb985dbb.png","4cca2be01464ca2e9692b22499fe14cc","thumbnail_blog_what_is_phishing_fraud_tactics_countermeasures_1_8bcb985dbb","thumbnail_blog-what-is-phishing-fraud-tactics-countermeasures-1.png",24.89,143,24889,"blog_what_is_phishing_fraud_tactics_countermeasures_1_8bcb985dbb",36.11,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_phishing_fraud_tactics_countermeasures_1_8bcb985dbb.png","2026-04-28T07:24:29.595Z",[224,230,231],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},12,"aire52m2y26x0uq2lb8m0nwy","FIDO","2026-04-28T01:49:06.707Z","2026-04-28T01:49:08.676Z",{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":232,"documentId":233,"name":234,"slug":20,"createdAt":235,"updatedAt":235,"publishedAt":236},96,"cqdyo5o0fawjwtv8ytsu59hk","Glossary","2026-04-28T06:20:09.585Z","2026-04-28T06:20:11.559Z",{"id":238,"documentId":239,"title":240,"content":241,"slug":242,"published":243,"createdAt":244,"updatedAt":244,"publishedAt":245,"locale":14,"authorManual":15,"cover":246,"tags":289},53,"pxi406azvzn36g5g3dvs75qq","Is Your Organization Ready? Insights from IPA’s 2024 SME Security Survey","\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_ipa_2024_sme_security_survey_insights_1_0c079ae834.png\" alt=\"コストが重くセキュリティが軽い天秤の図\">\u003C\u002Fp>\n\u003Cp>In recent years, all organizations have been exposed to increasingly sophisticated and complex cyberattack threats.\u003C\u002Fp>\n\u003Cp>On \u003Cstrong>February 14, 2025\u003C\u002Fstrong>, IPA (Information-technology Promotion Agency, Japan) announced the results of its \u003Cstrong>“2024 Survey on the Actual Conditions of SMEs.”\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This report summarizes the status of cybersecurity measures taken by small and medium-sized enterprises (SMEs) that make up the supply chain against \u003Cstrong>cyber incidents\u003C\u002Fstrong> (security breaches caused by cyberattacks).\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>IPA published the preliminary version of the “2024 Survey on the Actual Conditions of SMEs”\u003C\u002Fstrong> \u003Ca href=\"https:\u002F\u002Fwww.ipa.go.jp\u002Fpressrelease\u002F2024\u002Fpress20250214.html\">https:\u002F\u002Fwww.ipa.go.jp\u002Fpressrelease\u002F2024\u002Fpress20250214.html\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>In this article, based on IPA’s report (hereafter referred to as “the report”), we will discuss the current state of cybersecurity among SMEs in recent years.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ Is Security Really Unnecessary?\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Our company provides services that strongly protect PC terminals with two-factor authentication. In our interactions with customers, \u003Cstrong>ưe òten encounter the following situation\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cp>The IT department representatives we speak with directly during meetings are knowledgeable about security and fully recognize the importance of implementing countermeasures. They want to introduce products immediately to prevent cyber incidents before they occur.\u003C\u002Fp>\n\u003Cp>However, when it comes to actual implementation, they hit a wall: it’s extremely difficult to convince \u003Cstrong>upper management, who hold the final decision-making authority, of the importance of security\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Perhaps some of you reading this have faced similar challenges?\u003C\u002Fp>\n\u003Cp>This issue is not limited to SMEs, but security measures often get postponed because their benefits are not immediately visible.\u003C\u002Fp>\n\u003Cp>Supporting this observation, the report reveals that \u003Cstrong>about 70% of companies lack an organized security framework\u003C\u002Fstrong>, and \u003Cstrong>about 60% have not invested in security measures\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>４. About 70% of companies have not established an organizational security structure.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cblockquote>\n\u003Cp>５．\u003Cstrong>About 60% of companies have not invested in information security measures over the past three terms.\u003C\u002Fstrong> The percentage of companies that answered “We have not invested in information security measures” was \u003Cstrong>62.6%\u003C\u002Fstrong>, up from \u003Cstrong>55.2% in the 2016 survey\u003C\u002Fstrong> and \u003Cstrong>33.1% in the 2021 survey\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Furthermore, when asked why they did not invest in security measures, the majority cited:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>&quot;We don&#39;t feel it&#39;s necessary.&quot;\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>&quot;We don&#39;t see the cost-effectiveness.&quot;\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>&quot;It&#39;s too expensive.&quot;\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_ipa_2024_sme_security_survey_insights_2_c852c1db7a.png\" alt=\"IPAサイトから引用したセキュリティ対策投資を行わない理由の比率\">\u003C\u002Fp>\n\u003Cp>Figure 7: Reasons for Not Investing in Information Security Measures (n=2623)\u003C\u002Fp>\n\u003Cp>In reality, even if you implement security products, they don’t directly increase sales or improve work efficiency—in fact, they can sometimes cause inconvenience.\u003C\u002Fp>\n\u003Cp>For example, with our products, there is the effort of installing software on each PC, and since authentication devices are required at logon, users need to carry and manage these devices.\u003C\u002Fp>\n\u003Cp>From this perspective alone, it’s understandable that security measures—which may seem to offer no visible benefit to the company—are often postponed by decision-makers.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>But is security really unnecessary?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ Cyber Incidents Are Not Natural Disasters\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Unlike earthquakes or typhoons, where predicting damage is nearly impossible, cyber incidents are not natural disasters—they are \u003Cstrong>always caused by humans\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>２．About 50% of companies that suffered unauthorized access were exploited through vulnerabilities, and about 20% were infiltrated via other companies.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cblockquote>\n\u003Cp>Among companies that experienced cyber incidents in FY2023 and reported “unauthorized access” (n=419), the most common attack method was “exploiting vulnerabilities (such as unpatched security updates)” at \u003Cstrong>48.0%\u003C\u002Fstrong>, followed by “credential theft (ID\u002Fpassword)” at \u003Cstrong>36.8%\u003C\u002Fstrong>. Additionally, \u003Cstrong>19.8%\u003C\u002Fstrong> reported infiltration via business partners or group companies, highlighting supply chain security risks.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>According to IPA’s report, most cyber incidents \u003Cstrong>clearly exploit vulnerabilities (gaps in security measures)\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>If it becomes known that a company lacks adequate security measures, the risk of being targeted increases significantly.\u003C\u002Fp>\n\u003Cp>Companies that haven’t experienced cyber incidents simply haven’t been attacked yet. Once they become a clear target, an incident will occur.\u003C\u002Fp>\n\u003Cp>This is similar to news stories about rural homes that never locked their doors until a wave of burglaries hit.\u003C\u002Fp>\n\u003Cp>Assuming “it hasn’t happened yet, so that it won’t happen” is reckless.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ What Is Lost When a Cyber Incident Occurs?\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Direct damages include \u003Cstrong>&quot;data destruction&quot;\u003C\u002Fstrong> and \u003Cstrong>&quot;personal information leaks&quot;\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>１．Over the past three terms, the average damage cost for companies that experienced cyber incidents was ¥730,000 (9.4% exceeded ¥1,000,000), and the average recovery time was 5.8 days (2.1% took over 50 days).\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Recovering destroyed data takes significant time.\u003C\u002Fp>\n\u003Cp>Considering that operations may halt during recovery, \u003Cstrong>the actual cost is likely far higher\u003C\u002Fstrong> than the reported figures.\u003C\u002Fp>\n\u003Cp>From detecting the incident, investigating the damage, responding to inquiries from partners, and restoring systems...\u003C\u002Fp>\n\u003Cp>The process can take days or even over 50 days.\u003C\u002Fp>\n\u003Cp>The stress on managers and staff during this time is immeasurable.\u003C\u002Fp>\n\u003Cp>And \u003Cstrong>the impact doesn’t stop there\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>The report also shows that cyber incidents affect business partners.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>３. About 70% of companies reported that cyber incidents impacted their business partners.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>It has become clear that when a cyber incident occurs, its impact extends beyond the companies directly affected, \u003Cstrong>affecting their business partners as well\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Losing trust from partners can lead to canceled orders and lost distribution channels, severely affecting future sales.\u003C\u002Fp>\n\u003Cp>Restoring trust takes time, and in some cases, the damage can lead to business withdrawal or even threaten the company’s survival.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ Can Security Measures Boost Sales?\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Interestingly, the report also shows that \u003Cstrong>investing in security measures can lead to new business opportunities\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>７. About 50% of companies that invested in security measures reported that it led to business deals.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Earlier, we noted that many companies believe security measures don’t add value.\u003C\u002Fp>\n\u003Cp>However, this finding suggests the opposite: partners increasingly consider security measures a critical factor in risk assessment.\u003C\u002Fp>\n\u003Cp>With frequent news of cyber incidents, more companies now view \u003Cstrong>security as essential\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Additional Note\nThe international security standard PCI DSS v4.0 explicitly requires MFA for all access to cardholder data environments (CDE), making security measures mandatory in certain industries.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch2>\u003Cstrong>■ Summary\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The report shows that many SMEs lack cybersecurity measures.\u003C\u002Fp>\n\u003Cp>However, once a cyber incident occurs, regaining trust is extremely difficult—especially for SMEs.\u003C\u002Fp>\n\u003Cp>Operations halt, trust is lost, and future business becomes uncertain.\u003C\u002Fp>\n\u003Cp>For SMEs, the impact can be devastating, making \u003Cstrong>robust security measures essential\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>However, for small and medium-sized businesses, spending a large amount on security measures is simply not realistic.\u003C\u002Fp>\n\u003Cp>That’s why \u003Cstrong>security measures that match the scale of the organization\u003C\u002Fstrong> are essential.\u003C\u002Fp>\n\u003Cp>Our products include PC logon security software that can be easily implemented even in small-scale environments.\u003C\u002Fp>\n\u003Cp>For example, \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fwindowslogon\">&quot;YubiOn WindowsLogon Standalone&quot;\u003C\u002Fa> is a PC logon security solution that can be introduced easily, starting from just one device. It strengthens logon with two-factor authentication as simply as locking your PC. This product is designed to be the perfect solution for small businesses or departments that cannot afford high security costs, allowing them to start immediately.\u003C\u002Fp>\n\u003Cp>Why not begin by locking your PC first?\u003C\u002Fp>\n\u003Ch2>■ Product Links\u003C\u002Fh2>\n\u003Cp>Quick and easy emplementationof two-factor authentication for PCs\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[YubiOn WindowsLogon Standalone]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fwindowslogon\">https:\u002F\u002Fwww.yubion.com\u002Fwindowslogon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Smart logon with passkeys\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[YubiOn FIDO Logon]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">https:\u002F\u002Fwww.yubion.com\u002Ffidologon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Source:\u003C\u002Fp>\n\u003Cp>IPA (Information-technology Promotion Agency, Japan)\u003C\u002Fp>\n\u003Cp>“Preliminary Report on the 2024 Survey of SMEs”\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.ipa.go.jp\u002Fpressrelease\u002F2024\u002Fpress20250214.html\">https:\u002F\u002Fwww.ipa.go.jp\u002Fpressrelease\u002F2024\u002Fpress20250214.html\u003C\u002Fa>\u003C\u002Fp>\n","ipa-2024-sme-security-survey-insights","2025-03-25","2026-04-28T06:39:49.624Z","2026-04-28T06:39:52.902Z",{"id":247,"documentId":248,"name":249,"alternativeText":20,"caption":20,"focalPoint":20,"width":250,"height":251,"formats":252,"hash":285,"ext":25,"mime":29,"size":286,"url":287,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":288,"updatedAt":288,"publishedAt":288},578,"wrk0apgdupiu2jdb83e7h7ui","blog-ipa-2024-sme-security-survey-insights-1.png",1139,736,{"large":253,"small":261,"medium":269,"thumbnail":277},{"ext":25,"url":254,"etag":255,"hash":256,"mime":29,"name":257,"path":20,"size":258,"width":32,"height":259,"sizeInBytes":260},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_ipa_2024_sme_security_survey_insights_1_0c079ae834.png","0be74b338fc638cd1cc17e6095d15d9c","large_blog_ipa_2024_sme_security_survey_insights_1_0c079ae834","large_blog-ipa-2024-sme-security-survey-insights-1.png",296.96,646,296963,{"ext":25,"url":262,"etag":263,"hash":264,"mime":29,"name":265,"path":20,"size":266,"width":41,"height":267,"sizeInBytes":268},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_ipa_2024_sme_security_survey_insights_1_0c079ae834.png","8047ceb0ad71395a7338962060ccd192","small_blog_ipa_2024_sme_security_survey_insights_1_0c079ae834","small_blog-ipa-2024-sme-security-survey-insights-1.png",96.23,323,96228,{"ext":25,"url":270,"etag":271,"hash":272,"mime":29,"name":273,"path":20,"size":274,"width":50,"height":275,"sizeInBytes":276},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_ipa_2024_sme_security_survey_insights_1_0c079ae834.png","bfa7b266bc93d0ed6dce63af63edd95f","medium_blog_ipa_2024_sme_security_survey_insights_1_0c079ae834","medium_blog-ipa-2024-sme-security-survey-insights-1.png",182.84,485,182841,{"ext":25,"url":278,"etag":279,"hash":280,"mime":29,"name":281,"path":20,"size":282,"width":283,"height":59,"sizeInBytes":284},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_ipa_2024_sme_security_survey_insights_1_0c079ae834.png","e39bd82f1d759b64f7b9ccc2b8a88bc9","thumbnail_blog_ipa_2024_sme_security_survey_insights_1_0c079ae834","thumbnail_blog-ipa-2024-sme-security-survey-insights-1.png",31.45,241,31446,"blog_ipa_2024_sme_security_survey_insights_1_0c079ae834",91.18,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_ipa_2024_sme_security_survey_insights_1_0c079ae834.png","2026-04-28T06:39:38.118Z",[290,296],{"id":291,"documentId":292,"name":293,"slug":20,"createdAt":294,"updatedAt":294,"publishedAt":295},38,"jaxvzpgjcychnf89jrn3x4py","MFA","2026-04-28T05:19:23.626Z","2026-04-28T05:19:25.485Z",{"id":297,"documentId":298,"name":299,"slug":20,"createdAt":300,"updatedAt":300,"publishedAt":301},2,"b4q0trycp73vvz9to2sifded","WindowsLogon","2026-04-27T05:40:37.089Z","2026-04-27T05:40:38.474Z",{"id":303,"documentId":304,"title":305,"content":306,"slug":307,"published":308,"createdAt":309,"updatedAt":309,"publishedAt":310,"locale":14,"authorManual":102,"cover":311,"tags":330},47,"wz6bq4ewvtcwk8gfjbrbnv0a","Getting Started with Yubico Login for Windows","\u003Cp>Recently, there has been a growing demand to use YubiKey for Windows logon authentication to strengthen security through two-factor authentication. To meet such needs, our company offers various services such as &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion-portal?lang=en\">YubiOn Portal\u003C\u002Fa>&quot; and &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fwindowslogon?lang=en\">YubiOn WindowsLogon Standalone\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003Cp>In addition to our services, \u003Cstrong>Yubico\u003C\u002Fstrong>, the manufacturer of YubiKey, also provides a free Windows authentication tool called &quot;Yubico Login for Windows&quot; (hereafter referred to as &quot;Yubico Login&quot;). This tool allows you to log on to Windows using a YubiKey for \u003Cstrong>Windows local accounts\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>In this article, we will share our experience using the &quot;Yubico Login&quot;  tool, while also highlighting similarities and differences compared to our offline Windows authentication service, &quot;YubiOn WindowsLogon Standalone&quot;.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>■ Test Environment\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>We tested under the following conditions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>OS: Windows11\u003C\u002Fli>\n\u003Cli>Authentication Device: YubiKey 5 Series\u003C\u002Fli>\n\u003Cli>Account: Windows local account (Administrator)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>&quot;Yubico Login&quot; supports \u003Cstrong>Windows local accounts only\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Point:\u003C\u002Fstrong>  &quot;YubiOn WindowsLogon Standalone&quot; supports not only Windows local accounts but also \u003Cstrong>Active Directory accounts\u003C\u002Fstrong> and \u003Cstrong>Microsoft accounts\u003C\u002Fstrong>.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Ch4>\u003Cstrong>■ Installation\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Download the \u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fcomputer-login-tools\u002F\">installer\u003C\u002Fa> and proceed with the installation.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_1_06d1647519.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After installation, click “Yes” and restart the OS.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_2_6751a47c37.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the OS restarts, &quot;Yubico Login&quot; will appear on the logon screen, but until you assign a YubiKey, you can still log on using just your username and password.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_3_66b59fcfca.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Log on once, then launch the configuration tool to register the user and YubiKey.\u003C\u002Fp>\n\u003Cp>One important note during registration: since authentication uses \u003Cstrong>challenge-response\u003C\u002Fstrong>, the YubiKey slot will be overwritten (by default, Slot 2 is used).\u003C\u002Fp>\n\u003Cp>Therefore, it is recommended to use a YubiKey that you don’t mind being overwritten.\u003C\u002Fp>\n\u003Cp>First, you will be asked to choose a setup method:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>“Express”\u003C\u002Fstrong> for a quick and easy setup\u003C\u002Fli>\n\u003Cli>\u003Cstrong>“Advanced”\u003C\u002Fstrong> for detailed configuration options\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_4_a9f1608509.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you select “Advanced,” you can configure options such as generating a recovery code and creating a backup device. However, since we didn’t make any changes this time, we chose “Express.”\u003C\u002Fp>\n\u003Cp>You will then be prompted to insert a YubiKey, so plug the YubiKey you want to register into a USB port.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_5_60c5870354.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The YubiKey’s serial number and slot configuration status will be displayed.\u003C\u002Fp>\n\u003Cp>Then, click “Next,” and…\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_6_ba50318947.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The YubiKey registration process is complete.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_7_419abee16b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, insert and register a second YubiKey as a backup by following the same steps.\u003C\u002Fp>\n\u003Cp>(In this case, we registered the same YubiKey as the first one.)\u003C\u002Fp>\n\u003Cp>Finally, an emergency recovery code will be displayed. The recovery code allows you to log on without a YubiKey by manually entering the code on the logon screen if the registered YubiKey is lost.\u003C\u002Fp>\n\u003Cp>Since you won’t be able to retrieve it after proceeding to the next step, we recommend saving it at this point.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_8_9b4e1828e3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This completes the registration process.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_9_436cd50c01.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>■ Authentication\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Now, let’s actually try the authentication process.\u003C\u002Fp>\n\u003Cp>The method is simple.\u003C\u002Fp>\n\u003Cp>First, on the Windows logon screen at startup, &quot;Yubico Login&quot; will be displayed.\u003C\u002Fp>\n\u003Cp>Basically, the user input is in \u003Cstrong>text entry format\u003C\u002Fstrong>, not a selection format.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_10_713e733a94.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you try to log on without a YubiKey inserted, an error message will appear.\u003C\u002Fp>\n\u003Cp>If an unassigned YubiKey is inserted, you will also be prompted to insert the correct YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_11_03128c494f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>With the correct YubiKey inserted, enter your username and password.\u003C\u002Fp>\n\u003Cp>If authentication is successful, you will be logged in as usual.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_12_cbb55281bc.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>It was relatively easy to implement two-factor authentication using YubiKey.\u003C\u002Fp>\n\u003Cp>By the way, with &quot;Yubico Login&quot;, touching the YubiKey during logon is \u003Cstrong>not required\u003C\u002Fstrong> (depending on the settings).\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Point:\u003C\u002Fstrong>  With &quot;YubiOn WindowsLogon Standalone&quot;, OTP is required during logon, so touching the YubiKey is necessary.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>If you use Windows sign-in options that start with Windows Hello (e.g., Windows Hello PIN), users can log on without a YubiKey even if the key is configured in Yubico Login.\u003C\u002Fp>\n\u003Cp>For accounts protected by Yubico Login, it’s recommended to disable Windows Hello and similar options.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>■ Features\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Other notable features are as follows:\u003C\u002Fp>\n\u003Cp>◯ YubiKey Assignment:\u003C\u002Fp>\n\u003Cp>Yubico Login offers relatively flexible YubiKey assignment options:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Assign different YubiKeys to multiple local accounts: \u003Cstrong>Possible\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Assign one YubiKey to multiple local accounts: \u003Cstrong>Possible\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>Assign multiple YubiKeys to one local account: \u003Cstrong>Possible\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Point:\u003C\u002Fstrong>  YubiOn WindowsLogon Standalone also supports all of these options.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>◯ If a YubiKey is lost:\u003C\u002Fp>\n\u003Cp>You can log on without a YubiKey by entering the recovery code issued during YubiKey assignment.\u003C\u002Fp>\n\u003Cp>However, this recovery code is quite long and must be manually entered on the logon screen, which can be cumbersome.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_13_bf8531d87f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>It’s a good idea to register a backup YubiKey in case the primary one is lost.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Point:\u003C\u002Fstrong>  YubiOn WindowsLogon Standalone has a feature called \u003Cstrong>Master Key\u003C\u002Fstrong>.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>Also, if Windows is started in \u003Cstrong>Safe Mode\u003C\u002Fstrong>, you can log on without going through Yubico Login.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Point:\u003C\u002Fstrong>  YubiOn WindowsLogon Standalone still requires two-factor authentication even in Safe Mode.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>◯ Enforcing Two-Factor Authentication:\u003C\u002Fp>\n\u003Cp>If Windows Hello sign-in options (such as Windows Hello PIN) are enabled, users can log on using Windows Hello without a YubiKey.\u003C\u002Fp>\n\u003Cp>To enforce two-factor authentication, these sign-in options must be disabled.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Point:\u003C\u002Fstrong>  YubiOn WindowsLogon Standalone includes a \u003Cstrong>Secure Mode\u003C\u002Fstrong> feature, which allows you to toggle between enforcing YubiKey-based two-factor authentication and permitting other sign-in options.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Ch4>\u003Cstrong>■ Conclusion\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>After trying Yubico Login for Windows, we confirmed that it provides a relatively easy way to implement two-factor authentication.\u003C\u002Fp>\n\u003Cp>Although it is limited to Windows local accounts, it seems suitable for those who want to introduce two-factor authentication at logon to meet security requirements.\u003C\u002Fp>\n\u003Cp>However, there are some security gaps: it only supports local accounts, and if Windows Hello sign-in options are enabled or the system is started in Safe Mode, users can bypass Yubico Login.\u003C\u002Fp>\n\u003Cp>Our service, YubiOn WindowsLogon Standalone, provides enhanced security and addresses these shortcomings.\u003C\u002Fp>\n\u003Cp>If you are interested in higher-security solutions for Windows two-factor authentication, please consider our service.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>■ Reference\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>[Yubico Login for Windows Configuration Guide]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsupport.yubico.com\u002Fhc\u002Fen-us\u002Farticles\u002F360013708460-Yubico-Login-for-Windows-Configuration-Guide\">https:\u002F\u002Fsupport.yubico.com\u002Fhc\u002Fen-us\u002Farticles\u002F360013708460-Yubico-Login-for-Windows-Configuration-Guide\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[YubiOn WindowsLogon Standalone]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fwindowslogon\">https:\u002F\u002Fwww.yubion.com\u002Fwindowslogon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[YubiOn Portal]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion-portal\">https:\u002F\u002Fwww.yubion.com\u002Fyubion-portal\u003C\u002Fa>\u003C\u002Fp>\n","getting-started-yubico-login-for-windows","2025-03-19","2026-04-28T06:37:56.235Z","2026-04-28T06:37:59.250Z",{"id":312,"documentId":313,"name":314,"alternativeText":20,"caption":20,"focalPoint":20,"width":315,"height":316,"formats":317,"hash":326,"ext":25,"mime":29,"size":327,"url":328,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":329,"updatedAt":329,"publishedAt":329},556,"j91kwagusv1rh07at877wksf","blog-getting-started-yubico-login-for-windows-1.png",495,387,{"thumbnail":318},{"ext":25,"url":319,"etag":320,"hash":321,"mime":29,"name":322,"path":20,"size":323,"width":324,"height":59,"sizeInBytes":325},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_getting_started_yubico_login_for_windows_1_06d1647519.png","1546841f2ed7ab899d7f226f82b4b150","thumbnail_blog_getting_started_yubico_login_for_windows_1_06d1647519","thumbnail_blog-getting-started-yubico-login-for-windows-1.png",12.9,200,12896,"blog_getting_started_yubico_login_for_windows_1_06d1647519",5.84,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_getting_started_yubico_login_for_windows_1_06d1647519.png","2026-04-28T06:37:02.331Z",[331,332,338,344],{"id":297,"documentId":298,"name":299,"slug":20,"createdAt":300,"updatedAt":300,"publishedAt":301},{"id":333,"documentId":334,"name":335,"slug":20,"createdAt":336,"updatedAt":336,"publishedAt":337},34,"v4n7em89yu17bwvvo1n3blmj","WindowsStandalone","2026-04-28T05:17:23.012Z","2026-04-28T05:17:24.943Z",{"id":339,"documentId":340,"name":341,"slug":20,"createdAt":342,"updatedAt":342,"publishedAt":343},4,"a4rfd7mimj8pupvxkq2pq24x","Yubico","2026-04-27T05:52:37.380Z","2026-04-27T05:52:38.764Z",{"id":345,"documentId":346,"name":347,"slug":20,"createdAt":348,"updatedAt":348,"publishedAt":349},6,"ls85v4z2cnxz0qzpnmjcf9il","Standalone","2026-04-27T05:52:44.301Z","2026-04-27T05:52:45.692Z",{"id":351,"documentId":352,"title":353,"content":354,"slug":355,"published":356,"createdAt":357,"updatedAt":357,"publishedAt":358,"locale":14,"authorManual":359,"cover":360,"tags":395},31,"utjws04nn0342s3bxg2xmcxx","FIDO2 Enterprise Attestation","\u003Cp>Recently, YubiOn FIDO Logon implemented a management feature for enterprise authenticators. To briefly explain this feature, it allows you to manage authenticators using the serial number of the security key. This functionality is made possible by utilizing a specification called \u003Cstrong>FIDO2 &quot;Enterprise Attestation&quot;\u003C\u002Fstrong>. However, although this specification is defined within the FIDO standard, it is not widely adopted, and in my experience, there are few in-depth explanations available in blogs or other resources. Therefore, I would like to summarize the information I have gathered, even if briefly.\u003C\u002Fp>\n\u003Cp>Please note that this article is primarily intended for technical professionals. If you are looking for details about the features of FIDO Logon, I recommend reading \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ftried-out-yubion-fido-logon-s-new-feature-enterprise-authenticator-management-function?lang=en\">the previous blog post\u003C\u002Fa>. This article focuses on explaining the \u003Cstrong>Enterprise Attestation\u003C\u002Fstrong> specification itself, which is largely independent of FIDO Logon. I have tried to make it understandable even for those unfamiliar with FIDO authentication technology, but readers with knowledge of FIDO authentication or digital signature technology will gain a deeper understanding.\u003C\u002Fp>\n\u003Ch2>■Background of Enterprise Attestation Specification\u003C\u002Fh2>\n\u003Cp>Under the basic FIDO authentication specification, it is not possible to determine whether authenticators used for multiple credentials belong to the same physical device. For example, if the same security key is used on Site A and Site B, or if it is used for Account X and Account Y within Site A, there is no mechanism to identify whether these credentials come from the same authenticator—even if you compare all credential data. (*1) This design primarily aims to prevent “tracking” from a privacy perspective. If such identity could be easily determined, information disclosed only on Site A could potentially be misused on Site B operated by the same company, creating privacy concerns.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_enterprise_attestation_technical_deep_dive_1_fa4acb11bf.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>As a result of these privacy considerations, the individual identification information of the device used for FIDO authentication is not visible even to the service performing the authentication (the Relying Party, RP). This mechanism is excellent for protecting privacy in personal use cases.\u003C\u002Fp>\n\u003Cp>However, when companies want to manage authentication, this can be inconvenient. In the following scenarios, traditional FIDO authentication could not provide a solution:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Employee X has lost an authenticator, and the company wants to disable the authenticator that was issued to them.\u003C\u002Fstrong> Therefore, they need to identify the credentials associated with the authenticator loaned to Employee X.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>An internal report suggests that Employee X, who should only have access to System A, is secretly using System B.\u003C\u002Fstrong> The company wants to identify which credentials in System B belong to the authenticator issued to Employee X.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Employee X appears to have used a personal authenticator instead of the company-issued one.\u003C\u002Fstrong> Employee X recently left the company and returned the issued authenticator, but they can still access internal systems using their personal authenticator. The company wants to prevent access with personal authenticators (i.e., allow only company-issued authenticators).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Of course, one might argue, “Just properly manage and disable Employee X’s account.” Ideally, accounts should indeed be managed on a per-person basis. However, in reality, there are cases where shared accounts use authenticators, or authenticators are registered to another employee’s account for operational reasons—situations that often cause headaches for internal IT teams. (*2) From the perspective of verifying whether such poor practices exist, being able to identify which physical device corresponds to a credential can be a significant advantage in enterprise environments.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_enterprise_attestation_technical_deep_dive_2_ecdb43ba50.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>(*1) Whether the authenticators are of the same \u003Cstrong>type\u003C\u002Fstrong> (for example, which vendor and product) can be determined depending on the options used when creating the credential.\u003C\u002Fp>\n\u003Cp>(*2) In reality, it is more common for multiple people to know the ID and password of a shared account than to use FIDO authentication for shared accounts...\u003C\u002Fp>\n\u003Ch2>■Overview of Enterprise Attestation\u003C\u002Fh2>\n\u003Cp>There are conflicting requirements: on one hand, the need to \u003Cstrong>prevent\u003C\u002Fstrong> device identification, and on the other, the need to \u003Cstrong>enable\u003C\u002Fstrong> device identification. FIDO’s solution to this conflict is \u003Cstrong>Enterprise Attestation\u003C\u002Fstrong>, a specification that allows device identification within a limited scope based on authenticator settings.\u003C\u002Fp>\n\u003Cp>I will try to explain Enterprise Attestation as simply as possible. However, explaining only that part in isolation can be confusing, so I will start by describing the overall flow of FIDO authentication. Please note that I will omit parts not necessary for explaining Enterprise Attestation, so this is not a complete introduction to FIDO authentication.\u003C\u002Fp>\n\u003Ch3>・FIDO Authentication\u003C\u002Fh3>\n\u003Cp>In simple terms, FIDO authentication consists of two main processes:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>makeCredential\u003C\u002Fstrong>: the “registration” (credential creation) process\u003C\u002Fli>\n\u003Cli>\u003Cstrong>getAssertion\u003C\u002Fstrong>: the “authentication” process\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These processes are based on digital signature technology using public-key cryptography, which involves two types of keys: a \u003Cstrong>private key\u003C\u002Fstrong> and a \u003Cstrong>public key\u003C\u002Fstrong>. The authenticator stores the private key internally and uses it to create a signature. The server performing authentication verifies the signature using the corresponding public key stored on its side.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_enterprise_attestation_technical_deep_dive_3_c740274804.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enterprise Attestation is implemented in the \u003Cstrong>makeCredential\u003C\u002Fstrong> process, so we will focus on that here. In makeCredential, the authenticator generates a pair of private and public keys and sends the public key to the server. At the same time, it signs a string called a \u003Cstrong>challenge\u003C\u002Fstrong> (*3) provided by the server using the private key and returns the signature result to the server. The server verifies that the challenge was issued by the server immediately before and that the signature is valid (*4). If everything checks out, the server stores the public key for future authentication.\u003C\u002Fp>\n\u003Cp>This is the basic concept of FIDO authentication. In the case of \u003Cstrong>getAssertion\u003C\u002Fstrong>, the overall flow is similar, except that the step of generating a new key pair is skipped. Instead, the authenticator uses the previously created private key to sign the challenge (*3), and the server verifies the signature(*4).\u003C\u002Fp>\n\u003Cp>(*3) Strictly speaking, the signature is applied to a JSON object (clientData) that contains the challenge and other information.\u003C\u002Fp>\n\u003Cp>(*4) This explanation is simplified for conceptual understanding. In reality, additional checks are required, such as verifying that the operation was performed for the intended RP and that user verification (PIN, fingerprint, etc.) was completed.\u003C\u002Fp>\n\u003Ch3>・AttestationStatement\u003C\u002Fh3>\n\u003Cp>So far, we’ve only covered the basic concept of FIDO authentication and haven’t yet touched on the part that relates to Enterprise Attestation. To understand Enterprise Attestation, we first need to explain the \u003Cstrong>Attestation Statement\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>The Attestation Statement is a mechanism that guarantees the reliability of the authenticator. Using this mechanism, it is possible to ensure that the registered authenticator is a legitimate device certified by the FIDO Alliance. This helps prevent the use of malicious authenticators (e.g., those designed to leak private keys) or even non-malicious authenticators with vulnerabilities.\u003C\u002Fp>\n\u003Cp>From here, it will be easier to understand by looking at the data structure, so let’s start by showing the structure of the data obtained during the makeCredential process.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_enterprise_attestation_technical_deep_dive_4_096378b346.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Within this structure, the \u003Cstrong>attStmt\u003C\u002Fstrong> section is called the Attestation Statement, which contains the signature (\u003Cstrong>sig\u003C\u002Fstrong>) and the certificate (\u003Cstrong>x5c\u003C\u002Fstrong>). The signature here is applied to the fields called \u003Cstrong>authenticatorData\u003C\u002Fstrong> and \u003Cstrong>clientDataHash\u003C\u002Fstrong>. In simple terms, the signature and certificate confirm that the authenticator itself generated the authenticatorData and clientDataHash (which includes the challenge).\u003C\u002Fp>\n\u003Cp>Up to this point, what is guaranteed is only that “authenticatorData and clientDataHash were generated by this authenticator.” It does \u003Cstrong>not\u003C\u002Fstrong> guarantee that “this authenticator is a FIDO Alliance-certified authenticator.” To provide that guarantee, the FIDO Alliance offers a service called \u003Cstrong>MDS (Metadata Service)\u003C\u002Fstrong>. From MDS, you can obtain various information about authenticators provided by each security key vendor (such as model names). Among this information is an item called \u003Cstrong>attestationRootCertificates\u003C\u002Fstrong>. This is the root certificate, and by verifying that the certificate obtained from attStmt forms a certificate chain with attestationRootCertificates, you can confirm that the authenticator’s certificate was generated by the vendor—meaning the authenticator was provided by that vendor.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_enterprise_attestation_technical_deep_dive_5_2f74bb7481.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The attestation certificate obtained from \u003Cstrong>attStmt\u003C\u002Fstrong> is not unique to each authenticator; rather, it is shared among multiple authenticators. The exact scope of sharing depends on the security key vendor’s implementation—it could be at the product model level or the firmware version level. For example, in my own case, the YubiKey Bio I personally own and the YubiKey Bio issued by my company during the same period had identical attestation certificates.\u003C\u002Fp>\n\u003Ch3>・EnterpriseAttestation\u003C\u002Fh3>\n\u003Cp>Enterprise Attestation introduces a slight modification to the attestation certificate mechanism described above. Previously, the attestation certificate was the same across multiple authenticators. In contrast, with Enterprise Attestation, this certificate becomes unique to each authenticator, enabling identification of the specific device used for registration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_enterprise_attestation_technical_deep_dive_6_547432718e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the official \u003Ca href=\"https:\u002F\u002Fwww.w3.org\u002FTR\u002Fwebauthn\u002F#dom-attestationconveyancepreference-enterprise\">WebAuthn specification\u003C\u002Fa>, the behavior when requesting Enterprise Attestation is described as follows:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>This value indicates that the Relying Party wants to receive an attestation statement that may include uniquely identifying information.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Since the specification only states “uniquely identifying information,” it seems that any implementation that provides unique identification would be acceptable. In practice, it is often possible to obtain a serial number or similar identifier. For example, in the Enterprise Attestation-enabled YubiKey provided by Yubico for our development, the serial number was stored in the \u003Cstrong>subject\u003C\u002Fstrong> field of the X.509 certificate in the form of a Distinguished Name (DN).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_enterprise_attestation_technical_deep_dive_7_361dc8bc61.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>How the serial number or similar identifiers are set within the certificate likely varies by vendor. Currently, FIDO Logon has only been tested with Yubico authenticators. In this implementation, the \u003Cstrong>subject\u003C\u002Fstrong> field of the certificate is parsed as a Distinguished Name (DN), and the \u003Cstrong>CN (commonName)\u003C\u002Fstrong> field is extracted using a regular expression to obtain the authenticator ID. For other vendors, different parsing methods may need to be implemented.\u003C\u002Fp>\n\u003Ch3>・Implementing Enterprise Attestation on the Web\u003C\u002Fh3>\n\u003Cp>When using Enterprise Attestation on the web, specify &quot;enterprise&quot; for the \u003Ca href=\"https:\u002F\u002Fwww.w3.org\u002FTR\u002Fwebauthn\u002F#attestation-conveyance\">attestation\u003C\u002Fa> parameter in the \u003Ca href=\"https:\u002F\u002Fw3c.github.io\u002Fwebappsec-credential-management\u002F#dom-credentialscontainer-create\">navigator.credentials.create\u003C\u002Fa> method of WebAuthn. If the request is processed correctly, as mentioned earlier, the returned attestationObject will include the Enterprise Attestation certificate in the \u003Cstrong>attStmt\u003C\u002Fstrong> section. (*5)\u003C\u002Fp>\n\u003Cp>(*5) Technically, the method returns a PublicKeyCredential object, whose response member is an AuthenticatorAttestationResponse containing the attestationObject.\u003C\u002Fp>\n\u003Ch2>■Additional Notes\u003C\u002Fh2>\n\u003Cp>Here are some important considerations when using Enterprise Attestation.\u003C\u002Fp>\n\u003Ch3>・Obtaining Enterprise Attestation-Compatible Security Keys\u003C\u002Fh3>\n\u003Cp>For the development of FIDO Logon’s enterprise authenticator management feature, we worked with Yubico to obtain development YubiKeys. In actual enterprise deployments, collaboration with vendors (not limited to Yubico) will be necessary. The \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecs\u002Ffido-v2.2-rd-20241003\u002Ffido-client-to-authenticator-protocol-v2.2-rd-20241003.html#sctn-feature-descriptions-enterp-attstn\">CTAP2 specification\u003C\u002Fa> states:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>An enterprise attestation is an attestation that may include uniquely identifying information. This is intended for controlled deployments within an enterprise where the organization wishes to tie registrations to specific authenticators.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cblockquote>\n\u003Cp>The expectation is that enterprises will work directly with their authenticator vendor(s) in order to source their enterprise attestation capable authenticators.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The FIDO Alliance’s intent seems to be that Enterprise Attestation-enabled authenticators should be managed by the deploying enterprise and obtained through vendor collaboration. These authenticators are not intended for general distribution. Beyond the technical aspects explained here, enterprises will likely need to discuss operational processes with vendors—such as procurement procedures and protocols for lost authenticators. As noted earlier, FIDO’s core principle is that authenticators should not be trackable, so vendors will likely handle this cautiously.\u003C\u002Fp>\n\u003Ch3>・Scope of RPs That Can Use Enterprise Attestation\u003C\u002Fh3>\n\u003Cp>Even if you obtain an Enterprise Attestation-compatible authenticator, it will not provide unique identifying information to all RPs without restriction. You must define which RPs are allowed to receive this information. There are two methods:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>Vendor-facilitated enterprise attestation\u003C\u002Fp>\n\u003Cp>The authenticator vendor writes the allowed RP IDs into the authenticator before shipping. This requires sharing RP information with the vendor during provisioning.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Platform-managed enterprise attestation\u003C\u002Fp>\n\u003Cp>Instead of writing RP IDs into the authenticator, they are specified in the platform (e.g., browser) settings. As of February 13, 2025, Google Chrome is the only browser confirmed to support this method. (*6)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Vendor-facilitated means RP IDs are set on the authenticator, while platform-managed means RP IDs are configured in the browser.\u003C\u002Fp>\n\u003Cp>For YubiOn FIDO Logon, which implements CTAP internally, RP ID is currently fixed to fl.yubion.com, so we use the platform-managed approach. Depending on future customer requirements, we may also support vendor-facilitated mode (e.g., registration allowed only if the authenticator has fl.yubion.com RP ID set).\u003C\u002Fp>\n\u003Cp>(*6) Chrome’s Enterprise Attestation setting can be found at chrome:\u002F\u002Fflags\u002F#web-authentication-permit-enterprise-attestation. RP IDs are entered in a text box, separated by commas for multiple entries.\u003C\u002Fp>\n\u003Ch3>・Browser and OS Support (Primarily Windows)\u003C\u002Fh3>\n\u003Cp>Information on environments supporting Enterprise Attestation is scarce online. Here’s what we know (focused on Windows):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>OS Restrictions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>Windows 10 is not supported; only Windows 11 works (*7).\u003C\u002Fp>\n\u003Cp>This is because Windows 10’s WebAuthn API (*8) version does not support Enterprise Attestation. All browsers on Windows rely on the OS WebAuthn API, so this limitation applies universally. For Windows Server, versions before 2025 are based on Windows 10, while Windows Server 2025 aligns with Windows 11.\u003C\u002Fp>\n\u003Cp>For Remote Desktop using WebAuthn redirection, both source and destination must be Windows 11.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Browser Restrictions:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>Google Chrome:\u003C\u002Fp>\n\u003Cp>No inherent browser limitation, but you must enable Enterprise Attestation in settings (chrome:\u002F\u002Fflags\u002F#web-authentication-permit-enterprise-attestation) and configure RP IDs for platform-managed mode.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Microsoft Edge:\u003C\u002Fp>\n\u003Cp>Unlike Chrome, Edge does not expose Enterprise Attestation settings in the UI. However, when specifying &quot;enterprise&quot; for attestation in WebAuthn API calls, the Windows WebAuthn API dialog clearly includes the serial number, suggesting support for vendor-facilitated mode. (We have not confirmed this fully as our authenticators lack RP ID configuration.)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_enterprise_attestation_technical_deep_dive_8_daaaa6cb3c.png\" alt=\"\">\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>FireFox:\u003C\u002Fp>\n\u003Cp>As of February 2025, \u003Cstrong>Enterprise Attestation\u003C\u002Fstrong> is not available in Firefox.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Others:\u003C\u002Fp>\n\u003Cp>On \u003Cstrong>Mac\u003C\u002Fstrong>, Chrome can be used in the same way as on Windows by applying the appropriate settings. For \u003Cstrong>Safari\u003C\u002Fstrong>, version 17 did not interpret &#39;attestation=enterprise&#39; (it behaved the same as &#39;attestation=none&#39;). However, in version 18.3, when using an Enterprise Attestation–compatible key without RP ID configuration, it behaved similarly to the &#39;attestation=direct&#39; setting. This suggests that it may support \u003Cstrong>Vendor-facilitated enterprise attestation\u003C\u002Fstrong>, although there is no mention of this in the release notes, so the exact details remain unclear.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>(*7) When registering authenticators from the YubiOn FIDO Logon application (settings tool or logon screen), Enterprise Attestation is available even on Windows 10 systems because CTAP communication is implemented independently. However, when registering authenticators via Remote Desktop Connection, the Windows WebAuthn API is used, so both the source and destination systems must be Windows 11.\u003C\u002Fp>\n\u003Cp>(*8) The name is confusing, but this refers to the \u003Ca href=\"https:\u002F\u002Flearn.microsoft.com\u002Fen-us\u002Fwindows\u002Fwin32\u002Fwebauthn\u002F-webauthn-portal\">Win32API on Windows\u003C\u002Fa>, not the WebAuthenticationAPI on the web.\u003C\u002Fp>\n\u003Ch2>■ Summary\u003C\u002Fh2>\n\u003Cp>To summarize the technical implementation points:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>Specify &quot;enterprise&quot; for the &#39;attestation&#39; parameter when calling the &#39;navigator.credentials.create&#39; method.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>If the authenticator supports this, the resulting Attestation Statement certificate will be device-specific.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The certificate chain mechanism is the same as a normal Attestation Statement.\u003C\u002Fli>\n\u003Cli>Depending on the vendor implementation, the certificate may include a serial number (for Yubico, it is stored in the subject field).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>However, operational considerations seem to be more significant than technical implementation.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>Operational Policy and Structure:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>How to execute the steps leading up to deployment?\u003C\u002Fli>\n\u003Cli>How to manage workflows after deployment?\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Selection of Services and Systems Using Authenticators:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>Enterprise Attestation support is likely limited among general services, so consider which services will use authenticators.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>For in-house developed systems, additional implementation will be required:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Simply storing Enterprise Attestation is easy, but adding features such as credential management based on serial numbers will require further planning.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Decide whether to use \u003Cstrong>Vendor-facilitated\u003C\u002Fstrong>, \u003Cstrong>Platform-managed\u003C\u002Fstrong>, or a combination of both.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Confirm Supported Environments (OS and Browser):\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Chrome requires bulk browser setting changes.\u003C\u002Fli>\n\u003Cli>Consider how to handle unsupported environments.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>As the name suggests, this is an enterprise-oriented feature. It assumes \u003Cstrong>managed deployment within an organization\u003C\u002Fstrong>, so it’s not just a matter of “install and done.” However, for companies that can build and continuously improve operational and management structures, this feature can be a valuable aid.\u003C\u002Fp>\n\u003Cp>In FIDO Logon, we have implemented functionality using Enterprise Attestation–compatible authenticators. Of course, even with security keys or smartphones that do not support this feature, device security can still be improved. A free version offering the same functionality as the paid version is available for a 3-month trial, so please give it a try.\u003C\u002Fp>\n\u003Cp>If you are considering introducing Enterprise Attestation–compatible authenticators, please feel free to \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">contact\u003C\u002Fa> us.\u003C\u002Fp>\n\u003Ch2>■ Related Links\u003C\u002Fh2>\n\u003Cp>[YubiOn FIDO Logon]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffl.yubion.com\">https:\u002F\u002Ffl.yubion.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[YubiOn FIDO Logon Overview Page]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">https:\u002F\u002Fwww.yubion.com\u002Ffidologon\u003C\u002Fa>\u003C\u002Fp>\n","fido2-enterprise-attestation-technical-deep-dive","2025-02-18","2026-04-28T06:24:35.939Z","2026-04-28T06:24:38.941Z","Shiraishi",{"id":361,"documentId":362,"name":363,"alternativeText":20,"caption":20,"focalPoint":20,"width":364,"height":365,"formats":366,"hash":391,"ext":25,"mime":29,"size":392,"url":393,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":394,"updatedAt":394,"publishedAt":394},423,"d6kxu605cztfskjtfiwo6i59","blog-fido2-enterprise-attestation-technical-deep-dive-1.png",960,540,{"small":367,"medium":375,"thumbnail":383},{"ext":25,"url":368,"etag":369,"hash":370,"mime":29,"name":371,"path":20,"size":372,"width":41,"height":373,"sizeInBytes":374},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_fido2_enterprise_attestation_technical_deep_dive_1_fa4acb11bf.png","2e0ef4028ce8ebde390cb249e1558a7b","small_blog_fido2_enterprise_attestation_technical_deep_dive_1_fa4acb11bf","small_blog-fido2-enterprise-attestation-technical-deep-dive-1.png",80.55,281,80553,{"ext":25,"url":376,"etag":377,"hash":378,"mime":29,"name":379,"path":20,"size":380,"width":50,"height":381,"sizeInBytes":382},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_fido2_enterprise_attestation_technical_deep_dive_1_fa4acb11bf.png","9b9015730a7b1941f54881e26de9b534","medium_blog_fido2_enterprise_attestation_technical_deep_dive_1_fa4acb11bf","medium_blog-fido2-enterprise-attestation-technical-deep-dive-1.png",150.92,422,150923,{"ext":25,"url":384,"etag":385,"hash":386,"mime":29,"name":387,"path":20,"size":388,"width":124,"height":389,"sizeInBytes":390},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_fido2_enterprise_attestation_technical_deep_dive_1_fa4acb11bf.png","919c857399160971f70f7a20b54f566e","thumbnail_blog_fido2_enterprise_attestation_technical_deep_dive_1_fa4acb11bf","thumbnail_blog-fido2-enterprise-attestation-technical-deep-dive-1.png",26.51,138,26512,"blog_fido2_enterprise_attestation_technical_deep_dive_1_fa4acb11bf",56.73,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_enterprise_attestation_technical_deep_dive_1_fa4acb11bf.png","2026-04-28T06:23:49.679Z",[396,397,398,399,400],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":154,"documentId":155,"name":156,"slug":20,"createdAt":157,"updatedAt":157,"publishedAt":158},{"id":68,"documentId":69,"name":70,"slug":20,"createdAt":71,"updatedAt":71,"publishedAt":72},{"id":401,"documentId":402,"name":403,"slug":20,"createdAt":404,"updatedAt":404,"publishedAt":405},98,"ze8oeribfs3nh7edjn3larik","EnterpriseAttestation","2026-04-28T06:24:31.082Z","2026-04-28T06:24:32.927Z",{"id":407,"documentId":408,"title":409,"content":410,"slug":411,"published":412,"createdAt":413,"updatedAt":413,"publishedAt":414,"locale":14,"authorManual":15,"cover":415,"tags":458},83,"w20hfzuw0saqjrfos20rfxfa","Tried Out YubiOn FIDO Logon’s New Feature: “Enterprise Authenticator” Management Function","\u003Cp>On \u003Cstrong>February 6, 2025\u003C\u002Fstrong>, YubiOn FIDO Logon released an update introducing a new feature: \u003Cstrong>Enterprise Authenticator Management\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>In this article, we’ll explain what this feature is and what new capabilities it offers, based on actual operation.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_1_324ea9be2f.png\" alt=\"企業向け認証器のみ登録可能\">\u003C\u002Fp>\n\u003Ch2>What is the New Feature?\u003C\u002Fh2>\n\u003Cp>The newly added feature supports a mechanism called \u003Cstrong>FIDO Enterprise Attestation\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Normally, passkeys (FIDO authentication) cannot identify which authenticator an end user is using. As a result, administrators cannot determine which authenticators the end users own or have registered.\u003C\u002Fp>\n\u003Cp>However, for some companies, simply protecting accounts with passkeys is not enough. They may want to ensure that only authenticators provided by the company are being used.\u003C\u002Fp>\n\u003Cp>Enterprise Attestation provides \u003Cstrong>the ability to uniquely identify authenticators\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>By supporting this feature, YubiOn FIDO Logon \u003Cstrong>can now identify the authenticators\u003C\u002Fstrong> being used.\u003C\u002Fp>\n\u003Cp>In other words, it is now possible to prevent users from registering personal authenticators or smartphones, and to allow registration only of authenticators pre-approved by administrators. This enables companies to manage which authenticators are used within their organization.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_2_2fbdd09090.png\" alt=\"認証器をあらかじめ割り当てる\">\u003C\u002Fp>\n\u003Cp>This new feature is quite management-oriented, so it’s clear that it is aimed at companies seeking stricter security and device management.\u003C\u002Fp>\n\u003Ch2>What is an Enterprise Authenticator?\u003C\u002Fh2>\n\u003Cp>In YubiOn FIDO Logon, an authenticator that supports Enterprise Attestation is referred to as an \u003Cstrong>Enterprise Authenticator\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>As of February 2025, authenticators that support Enterprise Attestation are rare worldwide. Among the products we handle, only Yubico’s \u003Cstrong>YubiKey\u003C\u002Fstrong> supports this feature.\u003C\u002Fp>\n\u003Cp>Additionally, enterprise authenticators require specific information to be written at the time of shipment by the vendor to enable Enterprise Attestation. Therefore, \u003Cstrong>they cannot be obtained through normal purchasing channels\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>To acquire them, you need to contact Yubico directly. If you are considering implementation, please reach out to us. We will coordinate with Yubico, and after discussions, the authenticators will be shipped.\u003C\u002Fp>\n\u003Cp>In this article, we will use an Enterprise Attestation-enabled YubiKey obtained from Yubico for testing.\u003C\u002Fp>\n\u003Cp>The model used is \u003Cstrong>YubiKey 5C\u003C\u002Fstrong>. On the back (with the serial number hidden for privacy), you can see the letters “EA,” which indicate Enterprise Attestation support. Standard YubiKey 5C devices do not have this marking, so it appears you can visually distinguish keys that support Enterprise Attestation.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_3_18c9b53fcb.jpeg\" alt=\"EnterpriseAttestation対応のYubiKey 5C\">\u003C\u002Fp>\n\u003Ch2>Try It Out\u003C\u002Fh2>\n\u003Cp>Now, let’s actually test what can be done using an enterprise authenticator.\u003C\u002Fp>\n\u003Ch3>What We&#39;ll Test\u003C\u002Fh3>\n\u003Cp>Here’s what we’ll try:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>As an administrator (management website operations):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Apply restrictions so that end users can only use enterprise authenticators.\u003C\u002Fli>\n\u003Cli>Assume that the enterprise authenticator has already been obtained.\u003C\u002Fli>\n\u003Cli>Ensure that only the YubiKey pre-approved by the administrator can be registered for PC logon.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>As an end user (PC operations):\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Confirm that PC logon is possible only with an enterprise authenticator.\u003C\u002Fli>\n\u003Cli>Assume that the initial setup, such as installing YubiOn FIDO Logon, is complete.\u003C\u002Fli>\n\u003Cli>Register the authenticator using the method introduced in a previous blog post for first-time logon:\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>*&quot;*\u003Cem>Tried a New Method for Implementing YubiOn FIDO Logon&quot;\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fyubion-fido-logon-new-deployment-method\">https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fyubion-fido-logon-new-deployment-method\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Now, let’s get started.\u003C\u002Fp>\n\u003Ch3>■Administrator Operations\u003C\u002Fh3>\n\u003Ch4>\u003Cstrong>１． Enable enterprise authenticator in customer settings\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>First, configure YubiOn FIDO Logon to use enterprise authenticators.\u003C\u002Fp>\n\u003Cp>Log in to the YubiOn FIDO Logon management website and open the customer management screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_4_1f62615b6a.png\" alt=\"カスタマー管理画面\">\u003C\u002Fp>\n\u003Cp>Click the \u003Cstrong>edit icon\u003C\u002Fstrong> on the right side of \u003Cstrong>Enterprise Authenticator Management Settings\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>When you change the \u003Cstrong>Enterprise Authenticator Management Functions\u003C\u002Fstrong> setting to \u003Cstrong>Enabled\u003C\u002Fstrong>, each item becomes editable.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_5_1350287ac4.png\" alt=\"カスタマー管理画面\">\u003C\u002Fp>\n\u003Cp>Of the three items, the top two are for restricting the authenticators used for PC logon to enterprise authenticators. The settings differ depending on whether the target Windows account is a local account or a domain account.\u003C\u002Fp>\n\u003Cp>This time, we want to test the restriction method where the administrator pre-assigns authenticators, so we’ll set both options to \u003Cstrong>“Only enterprise authenticators assigned for the account can be registered.”\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By the way, the setting \u003Cstrong>“Only enterprise authenticators can be registered”\u003C\u002Fstrong> allows registration of any enterprise authenticator even without prior assignment. This option is useful when you want to prevent the use of general authenticators.\u003C\u002Fp>\n\u003Cp>The bottom item is for restricting the authenticators used when administrators log in to the management website. We’ll skip this setting for now and leave it as \u003Cstrong>“All FIDO authenticators can be registered”\u003C\u002Fstrong> so there are no restrictions.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>２． Assign enterprise authenticators to accounts\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>At this point, due to the previous settings, authenticators that can be registered are restricted, so end users cannot register any authenticator yet.\u003C\u002Fp>\n\u003Cp>Next, we’ll assign which authenticator each end-user account can use. Once assigned, the end user will be able to register that authenticator.\u003C\u002Fp>\n\u003Cp>There are two ways to assign authenticators: from the \u003Cstrong>Account Management\u003C\u002Fstrong> screen or from \u003Cstrong>Enterprise Authenticator Management\u003C\u002Fstrong>. This time, we’ll do it from the Enterprise Authenticator Management screen.\u003C\u002Fp>\n\u003Cp>Open the Enterprise Authenticator Management screen from the menu. A list of available enterprise authenticators will be displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_6_4a5b7c4df4.png\" alt=\"企業向け認証器管理画面\">\u003C\u002Fp>\n\u003Cp>The authenticator information will be registered on our side when you purchase the enterprise authenticator, so there is no need for you to register it yourself.\u003C\u002Fp>\n\u003Cp>Authenticators can be identified by their \u003Cstrong>Authenticator ID\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>For YubiKey, the Authenticator ID is the \u003Cstrong>serial number\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>The serial number is engraved on the back of the YubiKey, so it can be visually confirmed.\u003C\u002Fp>\n\u003Cp>Select the Authenticator ID you want to assign and click the \u003Cstrong>edit icon\u003C\u002Fstrong> in the \u003Cstrong>Account\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>A modal window titled \u003Cstrong>Accounts with Enterprise Authenticator registered\u003C\u002Fstrong> will appear. Click the \u003Cstrong>＋ icon\u003C\u002Fstrong> in the upper right corner.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_7_d70e5d0fc0.png\" alt=\"企業向け認証器管理画面\">\u003C\u002Fp>\n\u003Cp>A modal titled \u003Cstrong>“Assign Authenticator to Account”\u003C\u002Fstrong> will appear.\u003C\u002Fp>\n\u003Cp>A list of accounts within the customer will be displayed. Select the account you want to assign and click the \u003Cstrong>“Assign”\u003C\u002Fstrong> button to complete the assignment.\u003C\u002Fp>\n\u003Cp>Both local and domain accounts can be selected, but in this case, we will assign it to a local account.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_8_e374ac24a1.png\" alt=\"企業向け認証器管理画面\">\u003C\u002Fp>\n\u003Cp>When the assignment is successful, the returned modal will display the account information.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_9_68eb134ff3.png\" alt=\"企業向け認証器管理画面\">\u003C\u002Fp>\n\u003Cp>When using passkeys, you must perform the registration process with an actual authenticator.\u003C\u002Fp>\n\u003Cp>However, at this point, only the assignment of the authenticator has been completed, and the actual registration of the authenticator has not yet been performed. Therefore, the \u003Cstrong>Status\u003C\u002Fstrong> field shows \u003Cstrong>“Assigned.”\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Close the modal, and you can also confirm in the authenticator list that the \u003Cstrong>Account\u003C\u002Fstrong> field reflects the assigned status.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_10_5bb4348d9b.png\" alt=\"企業向け認証器管理画面\">\u003C\u002Fp>\n\u003Cp>The administrator-side operations are now complete.\u003C\u002Fp>\n\u003Cp>Next, let’s look at the end-user operations.\u003C\u002Fp>\n\u003Ch3>■End-User Operations\u003C\u002Fh3>\n\u003Ch4>\u003Cstrong>３． Register the Authenticator\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>On a PC with the YubiOn FIDO Logon client software installed, perform the end-user steps.\u003C\u002Fp>\n\u003Cp>Start the PC and select the account that was assigned.\u003C\u002Fp>\n\u003Cp>Since the authenticator is not yet registered for the first login, enter the Windows password.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_11_82040ddc5c.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>After the password is successfully entered, the authenticator registration process will begin.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_12_0407cd3bf0.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>During registration, a notice is displayed indicating that there are restrictions for enterprise authenticators.\u003C\u002Fp>\n\u003Cp>Only the authenticator that was assigned can be registered, so the available authenticator ID is shown.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_13_89f8ff11f7.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>As a test, try registering with a regular authenticator that is not an enterprise authenticator.\u003C\u002Fp>\n\u003Cp>Enter the PIN and touch the authenticator.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_14_3c0a2248cf.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_14_3c0a2248cf.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_15_66b017361f.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_15_66b017361f.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>The attempt failed because of the restriction.\u003C\u002Fp>\n\u003Cp>It is now clear that personal authenticators cannot be used.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_16_9b2d6de8cd.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>Now, re-enter the Windows password, and this time connect the assigned enterprise authenticator.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_17_a49933d0cc.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_17_a49933d0cc.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_18_db85919a0c.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_18_db85919a0c.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_19_b70e4fe451.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_19_b70e4fe451.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>Enter the PIN and touch the authenticator.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_20_e050bd8091.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_20_e050bd8091.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_21_0ca2eee686.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_21_0ca2eee686.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>This time, the registration was successful.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_22_ba9d108f00.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>It has been confirmed that an assigned authenticator can be successfully registered.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>４． Perform Logon Authentication\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Next, try logging on using the registered authenticator.\u003C\u002Fp>\n\u003Cp>Enter the PIN and touch the authenticator.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_23_ee888ea9d6.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_23_ee888ea9d6.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_24_137680e500.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_24_137680e500.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>Logon was successful.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_25_7b2602560b.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_25_7b2602560b.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_26_7bbeba364f.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_26_7bbeba364f.png\" alt=\"Windowsログオン画面\">\u003C\u002Fp>\n\u003Cp>Once registration is complete, from the next logon onward, there will be no registration process. You will authenticate using the authenticator to log on.\u003C\u002Fp>\n\u003Cp>Aside from the registration restrictions, there is no significant difference compared to a regular authenticator.\u003C\u002Fp>\n\u003Ch3>■Administrator Operations\u003C\u002Fh3>\n\u003Ch4>\u003Cstrong>５． Check Registration Status\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Return to the management web screen and verify the registration status.\u003C\u002Fp>\n\u003Cp>Open the Enterprise Authenticator Management screen and click the icon in the \u003Cstrong>Account\u003C\u002Fstrong> field for the authenticator that was assigned.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_27_a4926f72b5.png\" alt=\"企業向け認証器管理画面\">\u003C\u002Fp>\n\u003Cp>Previously, the status was \u003Cstrong>&quot;Assigned&quot;\u003C\u002Fstrong>, but since the end user has now registered the authenticator, it shows \u003Cstrong>&quot;Registered&quot;.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In this way, the management web screen allows you to check both the assignment status and the registration status of authenticators.\u003C\u002Fp>\n\u003Ch2>■Summary\u003C\u002Fh2>\n\u003Cp>Due to the specifications of FIDO authentication, authenticators could not be uniquely identified, and YubiOn FIDO Logon faced the same limitation. However, with the introduction of \u003Cstrong>Enterprise Attestation\u003C\u002Fstrong>, it is now possible to uniquely identify and manage authenticators.\u003C\u002Fp>\n\u003Cp>The feature introduced here is especially useful for companies that enforce strict device and security policies, such as prohibiting BYOD.\u003C\u002Fp>\n\u003Cp>If you are interested, please feel free to contact us.\u003C\u002Fp>\n\u003Cp>YubiOn FIDO Logon offers a free version that allows you to try the same features as the paid version for three months.\u003C\u002Fp>\n\u003Cp>Even if you do not have an enterprise authenticator, you can start by trying it with a standard authenticator or a smartphone.\u003C\u002Fp>\n\u003Ch2>■Related Links\u003C\u002Fh2>\n\u003Cp>[YubiOn FIDO Logon]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffl.yubion.com\">https:\u002F\u002Ffl.yubion.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[YubiOn FIDO Logon Overview Page]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">https:\u002F\u002Fwww.yubion.com\u002Ffidologon\u003C\u002Fa>\u003C\u002Fp>\n","yubion-fido-logon-enterprise-authenticator","2025-02-06","2026-04-28T07:02:56.640Z","2026-04-28T07:02:59.729Z",{"id":416,"documentId":417,"name":418,"alternativeText":20,"caption":20,"focalPoint":20,"width":419,"height":420,"formats":421,"hash":454,"ext":25,"mime":29,"size":455,"url":456,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":457,"updatedAt":457,"publishedAt":457},764,"eevdpwpqppvbuwy2jdhktjoj","blog-yubion-fido-logon-enterprise-authenticator-1.png",1111,827,{"large":422,"small":430,"medium":438,"thumbnail":446},{"ext":25,"url":423,"etag":424,"hash":425,"mime":29,"name":426,"path":20,"size":427,"width":32,"height":428,"sizeInBytes":429},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_yubion_fido_logon_enterprise_authenticator_1_324ea9be2f.png","96c7b705cd2ec9c854044e9b4e65def8","large_blog_yubion_fido_logon_enterprise_authenticator_1_324ea9be2f","large_blog-yubion-fido-logon-enterprise-authenticator-1.png",94.64,744,94641,{"ext":25,"url":431,"etag":432,"hash":433,"mime":29,"name":434,"path":20,"size":435,"width":41,"height":436,"sizeInBytes":437},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubion_fido_logon_enterprise_authenticator_1_324ea9be2f.png","607206105a4972e4e0fa04aa96a78ef1","small_blog_yubion_fido_logon_enterprise_authenticator_1_324ea9be2f","small_blog-yubion-fido-logon-enterprise-authenticator-1.png",40.11,372,40109,{"ext":25,"url":439,"etag":440,"hash":441,"mime":29,"name":442,"path":20,"size":443,"width":50,"height":444,"sizeInBytes":445},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_yubion_fido_logon_enterprise_authenticator_1_324ea9be2f.png","f2a59dc18fdb8b5da3f407fe8e588dd2","medium_blog_yubion_fido_logon_enterprise_authenticator_1_324ea9be2f","medium_blog-yubion-fido-logon-enterprise-authenticator-1.png",66.18,558,66178,{"ext":25,"url":447,"etag":448,"hash":449,"mime":29,"name":450,"path":20,"size":451,"width":452,"height":59,"sizeInBytes":453},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubion_fido_logon_enterprise_authenticator_1_324ea9be2f.png","faa23179dbc2f5bfe544b28930934fce","thumbnail_blog_yubion_fido_logon_enterprise_authenticator_1_324ea9be2f","thumbnail_blog-yubion-fido-logon-enterprise-authenticator-1.png",13.66,210,13660,"blog_yubion_fido_logon_enterprise_authenticator_1_324ea9be2f",21.52,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_enterprise_authenticator_1_324ea9be2f.png","2026-04-28T07:00:57.692Z",[459,460,461],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":68,"documentId":69,"name":70,"slug":20,"createdAt":71,"updatedAt":71,"publishedAt":72},{"id":463,"documentId":464,"title":465,"content":466,"slug":467,"published":468,"createdAt":469,"updatedAt":469,"publishedAt":470,"locale":14,"authorManual":359,"cover":471,"tags":490},85,"uxog92t6rf9gh2c0yhxstzg4","Tried a New Method for Implementing YubiOn FIDO Logon","\u003Cp>\u003Cstrong>Today, we released a new version (3.1.0.1) of YubiOn FIDO Logon.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In previous versions, registering a FIDO authenticator had to be done via the configuration tool or the management web interface. However, with this release, a new method has been added that allows users to register their FIDO authenticator \u003Cstrong>during logon\u003C\u002Fstrong>. While this may seem like a minor update compared to a major release, it is actually a \u003Cstrong>handy feature\u003C\u002Fstrong> when deploying FIDO Logon across an organization. We plan to introduce it in more detail on our blog as well.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_register_at_logon_1_4cb1aaadee.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Until now, when deploying FIDO Logon in an organization, software installation and initial setup could be handled collectively using AD or MDM features (\u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fguide\u002Fen\u002Fadvanced\u002Fsilent_install\u002F\">Reference 1\u003C\u002Fa>、\u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fguide\u002Fen\u002Fadvanced\u002Fcli_tool\u002Fcli_register_code\u002F\">Reference 2\u003C\u002Fa>). However, when it came to registering the actual authenticators (security keys or smartphones), only the following methods were available:\u003C\u002Fp>\n\u003Ch4>① Distribute authenticators and have users register them using the setup tool\u003C\u002Fh4>\n\u003Cp>With this method, a common issue arises: \u003Cstrong>users may not complete the registration\u003C\u002Fstrong> of their authenticators. During this deployment flow, a policy allowing password logon is used until the authenticator is registered. If users do not register their authenticators, they will continue to log in with passwords indefinitely. Administrators must identify unregistered users via the management web and enforce registration through internal communication.\u003C\u002Fp>\n\u003Ch4>② Administrators pre-register authenticators via the management web and distribute them to users\u003C\u002Fh4>\n\u003Cp>This method avoids the issue of users failing to register their authenticators. However, the more users there are, the greater the burden on administrators. Also, in FIDO authentication, the PIN is supposed to be a \u003Cstrong>knowledge factor known only to the user\u003C\u002Fstrong>. But during registration, the administrator must know the PIN, which is not ideal. Depending on the operational method, \u003Cstrong>sharing knowledge factors like passwords or PINs among multiple people is generally discouraged\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>To address these issues, the latest update introduces a mechanism that \u003Cstrong>forces users to register their authenticators during logon\u003C\u002Fstrong>—they cannot log in without completing registration.Additionally, users can now \u003Cstrong>set their own PINs\u003C\u002Fstrong> during this registration process.\u003C\u002Fp>\n\u003Cp>This enables a more secure and streamlined deployment process, as follows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set policy to enforce authenticator registration for accounts without one.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Pre-install FIDO Logon on user PCs and configure registration codes\u003C\u002Fstrong> (via provisioning, AD, or MDM).\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Distribute security keys to users\u003C\u002Fstrong> (no need to pre-set PINs).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>With these steps in place, users will be required to register their authenticators \u003Cstrong>before logging in\u003C\u002Fstrong>. This ensures that every account is protected by an authenticator, and users can set their own PINs, allowing for \u003Cstrong>safer and more autonomous FIDO Logon operation\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch2>■ Trying the New Deployment Method\u003C\u002Fh2>\n\u003Cp>Now, let’s try out the newly added deployment method and walk through the process of a user starting to use their PC. We’ll begin from the point where YubiOn FIDO Logon is already registered, the client app is installed on the PC, and the registration code is configured.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_register_at_logon_2_2df729188a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Before proceeding, we configure the necessary policy settings to enable this new deployment method.\u003C\u002Fp>\n\u003Cp>We modify the default policy from its initial state as follows:\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Restrict Sign-in Options\u003C\u002Ftd>\n\u003Ctd>Enabled\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Logon for Accounts Without Registered Authenticators\u003C\u002Ftd>\n\u003Ctd>Allow password logon only on the first attempt, then enforce authenticator registration\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>With this setup complete, we’re ready to proceed.\u003C\u002Fp>\n\u003Cp>From here, we’ll simulate the experience of a user logging into their account for the first time.\u003C\u002Fp>\n\u003Cp>We assume a scenario where a local account named “YubiOn” has been created on the PC during provisioning, but the user has not yet logged in with that account(*1).\u003C\u002Fp>\n\u003Cp>Each user has been provided with a brand-new YubiKey 5 NFC that has not been configured.\u003C\u002Fp>\n\u003Cp>(*1) While this example uses a local account, the new feature also works with Microsoft accounts, AD accounts, and EntraID accounts.\u003C\u002Fp>\n\u003Ch3>① Perform Password Authentication\u003C\u002Fh3>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_register_at_logon_3_1231c04fa8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This is the logon screen of a PC where \u003Cstrong>FIDO Logon has been installed and the registration code configured\u003C\u002Fstrong>, but no authenticator has been registered yet.\u003C\u002Fp>\n\u003Cp>Since the “YubiOn” account does not have an authenticator registered, the \u003Cstrong>password input screen\u003C\u002Fstrong> is displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_register_at_logon_4_2a07e29e8c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In previous versions, if password logon was allowed, users could log in simply by entering the correct password.\u003C\u002Fp>\n\u003Cp>However, with the new enforcement of authenticator registration, \u003Cstrong>users can no longer log in unless they register an authenticator at this stage\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch3>② Set a PIN for the Security Key (if not already set)\u003C\u002Fh3>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_register_at_logon_5_d381822ea1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>As you proceed, you’ll be prompted to insert the authenticator into the USB port.\u003C\u002Fp>\n\u003Cp>Follow the on-screen instructions and insert the security key.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_register_at_logon_6_ce3f908598.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Since the security key being used this time was in its original state with \u003Cstrong>no PIN set\u003C\u002Fstrong>, the system prompted for PIN setup.\u003C\u002Fp>\n\u003Cp>Following the on-screen instructions, the user sets a PIN of their choice.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_register_at_logon_7_f2cf769a49.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Since the PIN setup has been completed, we now proceed to \u003Cstrong>register the authenticator\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch3>③ Register the Authenticator\u003C\u002Fh3>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_register_at_logon_8_5ee9133c9b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>To register the authenticator, you need to enter the PIN, so at this point, enter the PIN you just set.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_register_at_logon_9_61ec7a7389.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You’ll be prompted to \u003Cstrong>touch the security key\u003C\u002Fstrong> to proceed with registration, so follow the instructions and touch the key to continue.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_register_at_logon_10_1459c58373.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Now that the authenticator registration is complete, follow the on-screen instructions to proceed with authentication again.\u003C\u002Fp>\n\u003Ch3>④ Perform Authenticator for Logon\u003C\u002Fh3>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003C\u002Ftd>\n\u003Ctd>\u003C\u002Ftd>\n\u003Ctd>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>Since the registration and authentication flows in FIDO are almost identical on the surface, you proceed just as before, \u003Cstrong>enter the PIN you set earlier\u003C\u002Fstrong>, then \u003Cstrong>touch the security key\u003C\u002Fstrong> to complete authentication.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003C\u002Ftd>\n\u003Ctd>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>When logging into Windows for the first time, the familiar welcome screen appears, and the account login is completed. These registration steps are only required \u003Cstrong>once\u003C\u002Fstrong>—after the authenticator is registered, users can log in and unlock the screen using the registered key from then on.\u003C\u002Fp>\n\u003Cp>Previously, when using an authenticator registered via the setup tool for the first login, users also had to enter their account password. However, with this new flow, since the account password is entered at the beginning, \u003Cstrong>there’s no need to enter it again\u003C\u002Fstrong> when logging in with the FIDO authenticator immediately after registration.\u003C\u002Fp>\n\u003Ch2>■ Various Use Cases\u003C\u002Fh2>\n\u003Cp>In this example, we demonstrated using a \u003Cstrong>security key with a local account\u003C\u002Fstrong>, but this new feature also works with \u003Cstrong>smartphone-based logon or remote Desktop logon\u003C\u002Fstrong>. So it can be applied flexibly across different environments.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003C\u002Ftd>\n\u003Ctd>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>When Registering a Smartphone\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_register_at_logon_11_a837491f21.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When Registering an Authenticator via Remote Desktop\u003C\u002Fp>\n\u003Ch2>■ Summary\u003C\u002Fh2>\n\u003Cp>Until now, deploying FIDO Logon at scale has posed operational challenges. Whether asking users to register their authenticators via the setup tool or having administrators pre-register them, there was always a need to manage and cover for registration gaps operationally.\u003C\u002Fp>\n\u003Cp>With this update, users can now be \u003Cstrong>required to register their authenticators\u003C\u002Fstrong>, helping ensure safer PC usage and management. We hope this improvement will be a valuable aid in secure system administration.\u003C\u002Fp>\n\u003Cp>A \u003Cstrong>free version\u003C\u002Fstrong> is available with the same features as the paid version for a \u003Cstrong>three-month trial\u003C\u002Fstrong>, so we encourage you to give it a try.\u003C\u002Fp>\n\u003Ch2>■ Related Links\u003C\u002Fh2>\n\u003Cp>[YubiOn FIDO Logon]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffl.yubion.com\">https:\u002F\u002Ffl.yubion.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[YubiOn FIDO Logon Overview Page]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">https:\u002F\u002Fwww.yubion.com\u002Ffidologon\u003C\u002Fa>\u003C\u002Fp>\n","yubion-fido-logon-register-at-logon","2024-11-06","2026-04-28T07:04:25.459Z","2026-04-28T07:04:28.797Z",{"id":472,"documentId":473,"name":474,"alternativeText":20,"caption":20,"focalPoint":20,"width":475,"height":476,"formats":477,"hash":486,"ext":25,"mime":29,"size":487,"url":488,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":489,"updatedAt":489,"publishedAt":489},791,"ascuie2czc3y7xh86r0cqjb7","blog-yubion-fido-logon-register-at-logon-1.png",386,479,{"thumbnail":478},{"ext":25,"url":479,"etag":480,"hash":481,"mime":29,"name":482,"path":20,"size":483,"width":484,"height":59,"sizeInBytes":485},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubion_fido_logon_register_at_logon_1_4cb1aaadee.png","d7012e4edec6237298ae60e209b68048","thumbnail_blog_yubion_fido_logon_register_at_logon_1_4cb1aaadee","thumbnail_blog-yubion-fido-logon-register-at-logon-1.png",20.72,126,20718,"blog_yubion_fido_logon_register_at_logon_1_4cb1aaadee",26.99,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_fido_logon_register_at_logon_1_4cb1aaadee.png","2026-04-28T07:03:14.449Z",[491,492,493,494],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":154,"documentId":155,"name":156,"slug":20,"createdAt":157,"updatedAt":157,"publishedAt":158},{"id":68,"documentId":69,"name":70,"slug":20,"createdAt":71,"updatedAt":71,"publishedAt":72},{"id":496,"documentId":497,"title":498,"content":499,"slug":500,"published":501,"createdAt":502,"updatedAt":502,"publishedAt":503,"locale":14,"authorManual":15,"cover":504,"tags":548},49,"xwkdeqxz0ysq3cx0i5jy8y20","How Many Years can a YubiKey be used?","\u003Cp>Customers sometimes ask, &quot;How many years can a YubiKey be used?&quot;\u003C\u002Fp>\n\u003Cp>They say that physical objects eventually break, and when considering purchasing a YubiKey, some people may be wondering how long the physical authentication device, YubiKey, will last.\u003C\u002Fp>\n\u003Cp>This time, we&#39;ll discuss the durability and service life of the YubiKey.\u003C\u002Fp>\n\u003Cp>The YubiKey is a physical security device that supports various authentication protocols and is primarily used to strengthen two-factor authentication.\u003C\u002Fp>\n\u003Cp>Since it is generally expected that users will carry it around with them, wear and durability are important factors depending on how it is handled.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>YubiKey Durability\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Basic information about YubiKey: All YubiKey series are \u003Cstrong>IP68\u003C\u002Fstrong> certified.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.yubico.com\u002Fhardware\u002Fyubikey\u002Fyk-tech-manual\u002Fyk5-physical-attributes.html\">YubiKey Technical Manual\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>&quot;IPxx&quot; is a standard established by the International Electrotechnical Commission (IEC) to indicate the waterproof and dustproof performance of electrical devices.\u003C\u002Fp>\n\u003Cp>The first number indicates the dustproofness rating, meaning that solid objects (such as fingers, tools, or dust) cannot penetrate the device; \u003Cstrong>&quot;6&quot;\u003C\u002Fstrong> is the highest rating.\u003C\u002Fp>\n\u003Cp>The second number indicates the level of water resistance, with \u003Cstrong>&quot;8&quot;\u003C\u002Fstrong> indicating that the device can be continuously submerged in water without any damage.\u003C\u002Fp>\n\u003Cp>Also, the YubiKey&#39;s operating and storage temperatures are as follows:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Operating temperature:\u003C\u002Fstrong> 0 ℃ ～ 40 ℃ (32 ℉ ～ 104 ℉)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Storage temperature:\u003C\u002Fstrong> -20 ℃ ～ 85℃ (-4 ℉ ～ 185 ℉)\u003C\u002Fp>\n\u003Cp>YubiKey can be used in dusty or sandy places, such as outdoors or in factories, and can also be used daily without worrying about getting wet or submerged in water.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_long_does_a_yubikey_last_1_79a8d65fe3.jpeg\" alt=\"YubiKeyがマグカップの水の中に水没している\">\u003C\u002Fp>\n\u003Cp>No problem, even if submerged\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For reference\u003C\u002Fstrong>, one of our employees accidentally washed his YubiKey after leaving it in his pocket, but it continued to function without any issues afterward.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>YubiKey Lifespan\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Yubico, the company that manufactures and sells YubiKey, does not publicly disclose precise information regarding its lifespan.\u003C\u002Fp>\n\u003Cp>Therefore, there is no official guarantee stating how many years it can be used.\u003C\u002Fp>\n\u003Cp>Among YubiKey’s functions, \u003Cstrong>Yubico OTP\u003C\u002Fstrong> has a maximum internal counter value. Based on usage of five times per day, it is estimated to take approximately \u003Cstrong>18 years\u003C\u002Fstrong> to reach that maximum value.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdevelopers.yubico.com\u002FOTP\u002FOTPs_Explained.html\">OTPs Explained\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>However, this estimate only applies to the software aspect of the Yubico OTP function. Even if Yubico OTP becomes unusable, data can still be rewritten, and other functions (such as FIDO or PIV) remain usable. So this does \u003Cstrong>not\u003C\u002Fstrong> define the actual lifespan of the device.\u003C\u002Fp>\n\u003Cp>The actual lifespan can vary depending on usage, making it difficult to specify. But for reference, here is an example from the author’s experience.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Real-World Usage Example\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>At our company, YubiKeys are used for logging into company PCs and various services.\u003C\u002Fp>\n\u003Cp>The author received their first YubiKey around 2011.\u003C\u002Fp>\n\u003Cp>This YubiKey is version 2.1.3, which is quite old and likely no longer in use by most people. \u003Cem>(As of October 2024, the latest version is 5.7.x.)\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>It has been in use for \u003Cstrong>over 10 years\u003C\u002Fstrong>, with frequent usage, and so far, it continues to work without any issues.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_long_does_a_yubikey_last_2_f5405d47a4.jpeg\" alt=\"使用している3本のYubiKey\">\u003C\u002Fp>\n\u003Cp>The oldest YubiKey owned by the author (far right)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_long_does_a_yubikey_last_3_f0778dc580.png\" alt=\"YubiKeyのバージョンを表示\">\u003C\u002Fp>\n\u003Cp>The old YubiKey version\u003C\u002Fp>\n\u003Cp>Although I no longer carry it this way, I initially kept my YubiKey attached to my keychain along with my house keys for everyday use. While it has accumulated some dirt, there are no major scratches, which suggests that it can withstand reasonably rough handling without any issues.\u003C\u002Fp>\n\u003Cp>Moreover, not only I but also other employees at our company have been using YubiKeys. While there have been cases of \u003Cstrong>loss\u003C\u002Fstrong>, there have been \u003Cstrong>no reported cases of device failure\u003C\u002Fstrong> so far, and they continue to function without problems.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>YubiKey Reliability\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>YubiKeys are made from \u003Cstrong>high-strength materials\u003C\u002Fstrong>, and their internal structure is sealed, making them highly resistant to \u003Cstrong>shock and pressure\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Physical damage is very unlikely, even if the device is dropped or accidentally stepped on.\u003C\u002Fp>\n\u003Cp>Yubico, the manufacturer, frequently emphasizes the \u003Cstrong>durability and robustness\u003C\u002Fstrong> of YubiKey devices.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_long_does_a_yubikey_last_4_5ee989500d.jpeg\" alt=\"YubiKeyとトンカチ\">\u003C\u002Fp>\n\u003Cp>Encased in resin, it has a structure that is resistant to shock and pressure.\u003C\u002Fp>\n\u003Cp>In fact, since our company began handling YubiKeys, we have sold over \u003Cstrong>100,000 units\u003C\u002Fstrong> in total. However, actual device failures are \u003Cstrong>extremely rare\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>That said, it&#39;s not that there have been \u003Cstrong>no failure cases at all\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>One confirmed case of failure involved a YubiKey breaking at the base after receiving a strong impact while still connected to a USB port.\u003C\u002Fp>\n\u003Cp>Even though the device is highly durable, applying \u003Cstrong>excessive force\u003C\u002Fstrong> can still potentially cause damage.\u003C\u002Fp>\n\u003Cp>For models like the \u003Cstrong>YubiKey 5 NFC\u003C\u002Fstrong>, the device protrudes from the PC when connected to a USB port. This can result in \u003Cstrong>lever-like force\u003C\u002Fstrong> being applied to the connector, increasing the risk of damage.\u003C\u002Fp>\n\u003Cp>Therefore, when carrying around a laptop, please be careful not to forget to \u003Cstrong>remove the YubiKey\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>The device is strong enough that it won’t bend or break from \u003Cstrong>normal finger pressure\u003C\u002Fstrong>, so it can be used safely in everyday life without concern.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>・YubiKey is \u003Cstrong>IP68 certified\u003C\u002Fstrong>, offering dust and water resistance.\u003C\u002Fp>\n\u003Cp>・While no official lifespan is stated, there are examples of devices being used for \u003Cstrong>over 10 years\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>・YubiKey has a \u003Cstrong>highly durable structure\u003C\u002Fstrong>, and \u003Cstrong>failures are extremely rare\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>・However, applying \u003Cstrong>extreme force\u003C\u002Fstrong> can cause damage, so caution is advised.\u003C\u002Fp>\n\u003Cp>Although we cannot say the device will \u003Cstrong>never fail\u003C\u002Fstrong>, it is a product that can be used for a \u003Cstrong>very long time\u003C\u002Fstrong>, so even those concerned about reliability can use it with confidence.\u003C\u002Fp>\n\u003Cp>For purchasing YubiKey, please visit the following EC sites or contact us via the inquiry form:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">YubiKeyShop (Authorized Distributor)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">Amazon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">Contact Form\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Thank you for reading to the end.\u003C\u002Fp>\n","how-long-does-a-yubikey-last","2024-10-28","2026-04-28T06:38:38.956Z","2026-04-28T06:38:41.740Z",{"id":505,"documentId":506,"name":507,"alternativeText":20,"caption":20,"focalPoint":20,"width":508,"height":509,"formats":510,"hash":544,"ext":512,"mime":516,"size":545,"url":546,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":547,"updatedAt":547,"publishedAt":547},569,"pqdgcn99jcb2s46in4w88y2z","blog-how-long-does-a-yubikey-last-1.jpeg",2268,2574,{"large":511,"small":521,"medium":529,"thumbnail":537},{"ext":512,"url":513,"etag":514,"hash":515,"mime":516,"name":517,"path":20,"size":518,"width":519,"height":32,"sizeInBytes":520},".jpeg","https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_how_long_does_a_yubikey_last_1_79a8d65fe3.jpeg","03c804d4d0ed70e8c89b69da95a4cba4","large_blog_how_long_does_a_yubikey_last_1_79a8d65fe3","image\u002Fjpeg","large_blog-how-long-does-a-yubikey-last-1.jpeg",64.53,881,64534,{"ext":512,"url":522,"etag":523,"hash":524,"mime":516,"name":525,"path":20,"size":526,"width":527,"height":41,"sizeInBytes":528},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_how_long_does_a_yubikey_last_1_79a8d65fe3.jpeg","e2586c5bca5bdd5c6a1d6ea6f24cea76","small_blog_how_long_does_a_yubikey_last_1_79a8d65fe3","small_blog-how-long-does-a-yubikey-last-1.jpeg",21.56,441,21556,{"ext":512,"url":530,"etag":531,"hash":532,"mime":516,"name":533,"path":20,"size":534,"width":535,"height":50,"sizeInBytes":536},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_how_long_does_a_yubikey_last_1_79a8d65fe3.jpeg","a8844ece3cb59cec43ac308d57f80f1c","medium_blog_how_long_does_a_yubikey_last_1_79a8d65fe3","medium_blog-how-long-does-a-yubikey-last-1.jpeg",40.52,661,40516,{"ext":512,"url":538,"etag":539,"hash":540,"mime":516,"name":541,"path":20,"size":542,"width":389,"height":59,"sizeInBytes":543},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_how_long_does_a_yubikey_last_1_79a8d65fe3.jpeg","6fd66a90985eb17e4619b4147a94148e","thumbnail_blog_how_long_does_a_yubikey_last_1_79a8d65fe3","thumbnail_blog-how-long-does-a-yubikey-last-1.jpeg",4.17,4170,"blog_how_long_does_a_yubikey_last_1_79a8d65fe3",429.95,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_long_does_a_yubikey_last_1_79a8d65fe3.jpeg","2026-04-28T06:38:17.091Z",[549,555],{"id":550,"documentId":551,"name":552,"slug":20,"createdAt":553,"updatedAt":553,"publishedAt":554},28,"ctdhuf8ybynihdblggcicfqi","SecurityKey","2026-04-28T05:16:07.443Z","2026-04-28T05:16:09.282Z",{"id":556,"documentId":557,"name":558,"slug":20,"createdAt":559,"updatedAt":559,"publishedAt":560},22,"e0nti57slk8t0ag21prw0zr2","YubiKey","2026-04-28T05:13:37.740Z","2026-04-28T05:13:39.579Z",{"id":562,"documentId":563,"title":564,"content":565,"slug":566,"published":567,"createdAt":568,"updatedAt":568,"publishedAt":569,"locale":14,"authorManual":570,"cover":571,"tags":614},113,"t4qpduklunusn7qg49r6e1wg","What is a Phishing-resistant MFA?","\u003Cp>Are you taking measures against the theft of authentication information through phishing attacks? &quot;Theft of personal information through phish&quot; has been ranked as a threat to individuals for six consecutive years in the &quot;\u003Ca href=\"https:\u002F\u002Fwww.ipa.go.jp\u002Fsecurity\u002F10threats\u002F10threats2024.html\">Top 10 Information Security Threats 2024\u003C\u002Fa>&quot; published by IPA. Phishing is an attack that leads users to a fake website with a similar URL and steals personal or authentication information. There has been a steady stream of incidents of phishing attacks where thieves log into web services using stolen authentication information and obtain money through fraudulent transfers. Setting up MFA (\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifference-between-2-step-verification-2-factor-authentication-and-multi-factor-authentication-mfa?lang=en\">multi-factor authentication\u003C\u002Fa>) is one effective way to counter phishing attacks. However, in recent years, there have been cases where MFA has been breached by attacks that trick users into performing MFA and steal authentication and session information. So, what kind of MFA can be said to be resistant to phishing? Let me explain with some images.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Increasingly sophisticated phishing attacks\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Many people have already implemented traditional MFA using time-based one-time passwords (TOTP) or SMS as a countermeasure against phishing attacks. However, as attack methods become more sophisticated, there are cases where MFA is breached. I will explain this using the image below.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_phishing_resistant_mfa_1_1428f21f84.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Examples of traditional MFA being victimized by phishing\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cp>The attacker prepares a fake website (phishing website) that acts as a relay server between the official website and the user and sends the user an email directing the user to the fake website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>The user accesses the fake website &quot;login.yubi0n.com&quot; and enters login information (ID\u002Fpassword).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>The fake website that receives the login information forwards it to the official website &quot;login.yubion.com&quot;.\u003C\u002Fp>\n\u003Cp>※ The fake website only relays communication between the user and the official website. So the user feels as if they are logging in to the official website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>The official website requests an MFA.\u003C\u002Fp>\n\u003Cp>Here, it sends an authentication code via SMS and asks the user to enter it.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>The user responds to the MFA request.\u003C\u002Fp>\n\u003Cp>Here, the received authentication code is entered into the fake website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>The fake website that received the MFA information will forward it to the official website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>If the MFA information is correct, the official website will return a successful login session.\u003C\u002Fp>\n\u003Cp>※ At this time, the user feels as if they have logged in to the official website as usual, and does not realize that their information has been stolen.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>The attacker uses session information obtained from the fake website to access the official website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Even if you have set up MFA in this way, authentication information and session information may be stolen and unauthorized access may be obtained through man-in-the-middle phishing. So, can MFA not prevent phishing?\u003C\u002Fp>\n\u003Cp>It is possible to prevent phishing with MFA using a &quot;passkey&quot;. Since major mobile carriers have started to support passkeys, you may have used them without even realizing it. Next, I will explain why passkeys are resistant to phishing.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Phishing-resistant &quot;passkeys&quot;\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>A passkey is a simple and secure authentication method that replaces passwords. It is based on an authentication technology called FIDO, and when authentication is required, you log in using a smartphone or other device by biometric verification (face\u002Ffingerprint) or by entering a PIN. Also, unlike passwords, passkeys cannot be guessed, making them highly resistant to phishing attacks. Why it is resistant to phishing attacks? As before, I will explain this using the example of a man-in-the-middle phishing attack.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_phishing_resistant_mfa_2_e5bcf7e05f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Example of MFA using passkey to prevent phishing attacks\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cp>The user is sent an email inviting them to a fake website.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>The user accesses the fake website &quot;login.yubi0n.com&quot; and enter their login information (ID).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>The fake website that received the login information will forward it to the official website (&quot;\u003Ca href=\"http:\u002F\u002Flogin.yubion.com\">login.yubi\u003C\u002Fa>\u003Ca href=\"http:\u002F\u002Flogin.yubion.com\">o\u003C\u002Fa>\u003Ca href=\"http:\u002F\u002Flogin.yubion.com\">n.com\u003C\u002Fa>&quot;).\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>The official website requests MFA.\u003C\u002Fp>\n\u003Cp>Here, it requests MFA using a passkey. For details on the FIDO authentication sequence, please see \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffido\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>When a user&#39;s smartphone receives an MFA request using a passkey, it automatically checks that the doamin name (URL) is correct.\u003C\u002Fp>\n\u003Cp>→ If you use a smartphone that has already registered MFA on the official website &quot;login.yubion.com&quot; to make an MFA request on the fake website &quot;login.yubi0n.com&quot;, the domain name is different. So no authentication information will be returned. (Here, the lowercase letter o and the number 0 are different.)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>The fake website will not return an MFA response and will fail to log in.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>In this way, MFA using passkey prevents authentication information from being returned to fake websites by using the doamin check mechanism,preventing the theft of authentation information through phishing attacks. Passkey authentication allows you to log in easily and securely by simply taking out your smartphone or other device and entering biometric authentication (face\u002Ffingerprint) or a PIN. If the web service\u002Fapplication you are using supports passkeys, we recommend that you try using them.\u003C\u002Fp>\n\u003Cp>However, there may be cases where you want to use a passkey but cannot use your personal smartohone at work. In such cases, you can use a &quot;security key&quot; that supports FIDO authentication. Since we are a distributor of security keys, we would like to introduce some of the FIDO-compatible security keys we handle.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>FIDO-compatible security keys\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Beside smartphones, you can use a &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fabout-securitykey?lang=en\">security key\u003C\u002Fa>&quot; that supports FIDO2, the latest FIDO specification, to log in with a passkey. However, some services may not support the use of security keys. So please check the service&#39;s MFA explanation page to make sure that security keys can be used.\u003C\u002Fp>\n\u003Cp>Below is alist of FIDO2-compatible security keys that we handle.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_phishing_resistant_mfa_3_9613ec301a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>There are two types of security keys: one that requires a \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifferences-between-password-and-pin?lang=en\">PIN code\u003C\u002Fa> to be entered (biometric items unchecked), and one that confirms biometrics (biometric items checked) during authentication. You can choose between the PIN input type and the biometric verification type depending on the usage scenario. We also sell a variety of USB forms, including models that support NFC and BLE. Please buy from Amazon. Or contact us if you wish to purchase in bulk.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">Buy on Amazon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The security key you purchased will require initial settings (PIN\u002Fbiometris).\u003C\u002Fp>\n\u003Cp>Please refer to the blogs below for setup.\u003C\u002Fp>\n\u003Cp>For those who have a Windows machine:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for Windows (\u003C\u002Fa>\u003Ca href=\"http:\u002F\u002Fyubion.com\">yubion.com\u003C\u002Fa>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>For those who use a macOS or Linux (GUI) machine:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting---fingerprint-setting-for-macos?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for macOS (\u003C\u002Fa>\u003Ca href=\"http:\u002F\u002Fyubion.com\">yubion.com\u003C\u002Fa>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting---fingerprint-setting-for-macos?lang=en\">)\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Finally\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>I hope you understand why MFA using a passkey is resistant to phishing. In the future, passkeys may become widespread and the use of passkeys may become commonplace for many people. This time, I explained the use of MFA with a passkey, focusing on Web services. YubiOn also offers a solution that introduces MFA using a passkey when logging on to a PC. You can try it for free, so please give it a try.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>YubiOn FIDO Logon\u003C\u002Fstrong>\nYubiOn FIDO Logon is a cloud service that provides multi-factor authentication using a passkey to log on to a PC. It also has convenient features such as integrated management and remote control functions on the Web management console. Please check \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">the product introduction page\u003C\u002Fa> for details. Also, for details on installation procedures, please refer to \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fguide\u002Fen\u002Fsetup\u002F\">this setup guide\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","what-is-phishing-resistant-mfa","2024-09-09","2026-04-28T07:25:26.610Z","2026-04-28T07:25:29.378Z","YubiOnstaff",{"id":572,"documentId":573,"name":574,"alternativeText":20,"caption":20,"focalPoint":20,"width":575,"height":576,"formats":577,"hash":610,"ext":25,"mime":29,"size":611,"url":612,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":613,"updatedAt":613,"publishedAt":613},987,"gxhki8qdraw99zq0nyudorsy","blog-what-is-phishing-resistant-mfa-1.png",4302,2361,{"large":578,"small":586,"medium":594,"thumbnail":602},{"ext":25,"url":579,"etag":580,"hash":581,"mime":29,"name":582,"path":20,"size":583,"width":32,"height":584,"sizeInBytes":585},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_what_is_phishing_resistant_mfa_1_1428f21f84.png","58a7d786acac486c76f9ce47df51a463","large_blog_what_is_phishing_resistant_mfa_1_1428f21f84","large_blog-what-is-phishing-resistant-mfa-1.png",133.66,549,133656,{"ext":25,"url":587,"etag":588,"hash":589,"mime":29,"name":590,"path":20,"size":591,"width":41,"height":592,"sizeInBytes":593},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_what_is_phishing_resistant_mfa_1_1428f21f84.png","981cc41b341bce7a56345919b4f348bf","small_blog_what_is_phishing_resistant_mfa_1_1428f21f84","small_blog-what-is-phishing-resistant-mfa-1.png",50.46,274,50459,{"ext":25,"url":595,"etag":596,"hash":597,"mime":29,"name":598,"path":20,"size":599,"width":50,"height":600,"sizeInBytes":601},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_what_is_phishing_resistant_mfa_1_1428f21f84.png","4e1cd99ec4ae367b4c009847494dd531","medium_blog_what_is_phishing_resistant_mfa_1_1428f21f84","medium_blog-what-is-phishing-resistant-mfa-1.png",88.59,412,88585,{"ext":25,"url":603,"etag":604,"hash":605,"mime":29,"name":606,"path":20,"size":607,"width":124,"height":608,"sizeInBytes":609},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_what_is_phishing_resistant_mfa_1_1428f21f84.png","b399487f746c692ae99878e8723c01ac","thumbnail_blog_what_is_phishing_resistant_mfa_1_1428f21f84","thumbnail_blog-what-is-phishing-resistant-mfa-1.png",18.9,134,18895,"blog_what_is_phishing_resistant_mfa_1_1428f21f84",169.24,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_phishing_resistant_mfa_1_1428f21f84.png","2026-04-28T07:25:03.026Z",[615,616,617],{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":291,"documentId":292,"name":293,"slug":20,"createdAt":294,"updatedAt":294,"publishedAt":295},{"id":550,"documentId":551,"name":552,"slug":20,"createdAt":553,"updatedAt":553,"publishedAt":554},{"id":619,"documentId":620,"title":621,"content":622,"slug":623,"published":624,"createdAt":625,"updatedAt":625,"publishedAt":626,"locale":14,"authorManual":570,"cover":627,"tags":669},43,"m7ev4zt456mll5uo326aa118","Fingerprint Authentication with YubiOn Portal","\u003Cp>YubiOn Portal now supports fingerprint authentication using the authentication device &quot;ATKey.Pro YubiOn Model&quot; developed in collaboration with AuthenTrend. Support for biometric authentication devices has made it possible to identify individuals and achieve device two-factor authentication more secure.\u003C\u002Fp>\n\u003Cp>Let&#39;s try fingerprint authentication with YubiOn Portal!\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Environment\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Cp>OS: Windows 11 (Windows 10 is also fine.)\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Browser: Chrome\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Windows client tool: ver 2.15.1.1\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Authentication device: ATKey.Pro YubiOn Model\u003C\u002Fp>\n\u003Cp>※Please \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">contact us\u003C\u002Fa> if you want to use this service.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>Prerequisites\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>Registered to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">YubiOn Portal\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Purchased the &quot;ATKey.Pro YubiOn Model&quot; from us.\n※Please purchase from us as this is not available commercially.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fen\u002Fatkey\u002Finit_atkey\u002F\">Registered fingerprint\u003C\u002Fa> on the ATKey. Pro YubiOn Model.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>Steps\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Now, let&#39;s look at the process from registering and assigning an ATKey to two-factor authentication of a PC using the biometric authentication device &quot;ATKey.Pro YubiOn Model (hereinafter referred to as ATKey)&quot;.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Register and assign an ATKey\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Log in to the YubiOn Portal.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_1_9d0790bea6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After logging in, click the &quot;Key&quot; icon from the menu on the left side of the screen, then click &quot;ATKey Management&quot;\u003C\u002Fp>\n\u003Cp>※ Customers who purchase the ATKey.Pro YubiOn Model from us will be given a license to use ATKey. If you do not have this license, this menu will be hidden.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_2_47f9ee7f4b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>To register an ATKey, click the &quot;＋&quot; icon in the upper right corner of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_3_4d969870d1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The ATKey registration modal will appear. So insert the ATKey into the USB port.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_4_ad0b239999.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_5_16881d70eb.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>※ Make sure the ATKey&#39;s light is lit yellow\u003C\u002Fp>\n\u003Cp>If it is not lit yellow, press the small black button on the side of the ATKey once and it will turn yellow.\u003C\u002Fp>\n\u003Cp>With the cursor in the input box of the ATKey registration modal, touch the fingerprint sensor on the top of the ATKey. If your fingerprint is successfully verified, a one-time password will be issued and the Enter key will be pressed automatically.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_6_fd02bf3d7d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After touching the ATKey, enter the authentication device name and click the &quot;Register&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_7_b0a59ae5d0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;OK&quot; button on the confirmation or registration completion message.\u003C\u002Fp>\n\u003Cp>If registration is successful, the registered ATKey will be displayed in the ATKey list.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_8_e275a6f7c7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, assign an ATKey to the member using the authentication device.\u003C\u002Fp>\n\u003Cp>Click the &quot;Member&quot; icon and then click the desired member.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_9_4f8f13751c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;＋&quot; icon in the upper right corner of ATKey assignment.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_10_93d3cbdaa6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The ATKey assignment modal will appear. So click the link &quot;Click here to select a registered ATKey&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_11_62fc1efcfd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select the ATKey you just registered and click the &quot;Register&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_12_6a629a0b23.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;OK&quot; button on the confirmation or the assignment completion message.\u003C\u002Fp>\n\u003Cp>If the assignment is successful, the assigned ATKey will be displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_13_edf27e762d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The ATKey registration and assignment are completed.\u003C\u002Fp>\n\u003Cp>Next, download and set up the Windows client tool.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Download and set up the client tool\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Click the &quot;Computer&quot; icon on the left side of the screen, then click &quot;Download&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_14_041cc717c5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;Download&quot; button to download the client tool.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_15_0a76830297.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Double-click &quot;WlsInstaller_x64.msi&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_16_f35dfd2b31.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you see the following message, click &quot;More info&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_17_4ba163988a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;Run anyway&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_18_7a32d0e3e0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Read the software license agreement, check the &quot;Accept&quot; checkbox, then click &quot;Install&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_19_1bb6a09451.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the installation is complete, a completion screen will be displayed.\u003C\u002Fp>\n\u003Cp>If you exit with &quot;Launch the configuration tool&quot; checked, the setting tool will launch automatically.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_20_483a7d3acf.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Continue installing the required runtimes.\u003C\u002Fp>\n\u003Cp>If the user account control confirmation pop-up appears, click &quot;Yes&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_21_b988bd3a98.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once the runtime installation is complete, the setting tool will start automatically.\u003C\u002Fp>\n\u003Cp>※ In some cases, you may be asked to restart the computer. In this case, please reboot the computer and launch the setting tool from the start menu.\u003C\u002Fp>\n\u003Cp>The setting tool will start and you will be asked to log in. Enter your YubiOn Portal member email address, password, and OTP via ATKey. (After entering with ATKey, the Enter key is automatically entered.)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_22_30d72f0f75.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;Account setting&quot; and then click the &quot;Register&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_23_5fe4ea248d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select the &quot;Account&quot; to log on to Windows, then select a YubiOn Portal member, and finally select the authenticator &quot;ATKey&quot; to use, and click the &quot;OK&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_24_94cbd18d5c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If the assignment is successful, a completion message will be displayed. Click the &quot;OK&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_25_eacce5b7e6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The setup is complete.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Log on to your Windows account with biometric authentication\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Once setup is complete, lock the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_26_0ccc3acc2d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When you open the logon screen, &quot;YubiOn® Wls CredentialProvider&quot; will be displayed.\u003C\u002Fp>\n\u003Cp>※ If it is not displayed, please switch from &quot;Sign-in options&quot; at the bottom.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_27_24cb5bc84a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Insert the ATKey you want to use into the USB port.\u003C\u002Fp>\n\u003Cp>※ Make sure that the ATKey&#39;s lamp is lit in yellow. If it is not lit yellow, press the small black button on the side of the ATKey once to turn to yellow.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_5_16881d70eb.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the password entry field on the logon screen, enter your Windows account password, then touch the fingerprint sensor on the top of the ATKey.\u003C\u002Fp>\n\u003Cp>※ In addition to the password you entered, a one-time password issued by ATKey will be entered. (After input, the Enter key is automatically entered.)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_28_8dfc1f7ab9.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If the password and one-time password are correct, the logon is successful.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_29_53a876b98a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>※ This time, we tested the system with a password-only login allowed when logging on to a Windows computer. However, it is also possible to enforce two-factor authentication using the group policy settings of YubiOn Portal.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Finally\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>YubiOn Portal makes it easy to achieve two-factor authentication for PCs. You can use it according to the usage scenario, such as using the biometric authentication device ATKey for employees and YubiKey for workers of external partner companies. As cyber-attacks increase, more and more companies are considering two-factor authentication for computers due to changes in working styles, such as teleworking. YubiOn Portal allows you to configure it to suit your operations, so please give it a try.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_30_cbb91bdbcb.png\" alt=\"\">\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Ca href=\"http:\u002F\u002FATKey.Pro\">\u003Cstrong>ATKey.Pro\u003C\u002Fstrong>\u003C\u002Fa> \u003Cstrong>YubiOn Model\u003C\u002Fstrong>\nPlease \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">contact us\u003C\u002Fa> for purchase.\u003C\u002Fp>\n\u003Cp>※ The model available for the YubiOn Portal is the &quot;ATKey.Pro YubiOn Model&quot;.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>YubiOn Portal\u003C\u002Fstrong>\nRefer to \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">here\u003C\u002Fa> for product details.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Standalone version\u003C\u002Fstrong>\nComing soon.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","fingerprint-authentication-with-yubion-portal","2024-08-27","2026-04-28T06:35:19.007Z","2026-04-28T06:35:21.802Z",{"id":628,"documentId":629,"name":630,"alternativeText":20,"caption":20,"focalPoint":20,"width":631,"height":632,"formats":633,"hash":665,"ext":25,"mime":29,"size":666,"url":667,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":668,"updatedAt":668,"publishedAt":668},510,"ay05wgmqjbxbi1a0gm51jzsc","blog-fingerprint-authentication-with-yubion-portal-1.png",1767,433,{"large":634,"small":641,"medium":649,"thumbnail":657},{"ext":25,"url":635,"etag":636,"hash":637,"mime":29,"name":638,"path":20,"size":639,"width":32,"height":124,"sizeInBytes":640},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_fingerprint_authentication_with_yubion_portal_1_9d0790bea6.png","a1caa917825f663084e222bc3be7e5f8","large_blog_fingerprint_authentication_with_yubion_portal_1_9d0790bea6","large_blog-fingerprint-authentication-with-yubion-portal-1.png",19.37,19371,{"ext":25,"url":642,"etag":643,"hash":644,"mime":29,"name":645,"path":20,"size":646,"width":41,"height":647,"sizeInBytes":648},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_fingerprint_authentication_with_yubion_portal_1_9d0790bea6.png","64f75bea55bee3dda3e2df298e9f941d","small_blog_fingerprint_authentication_with_yubion_portal_1_9d0790bea6","small_blog-fingerprint-authentication-with-yubion-portal-1.png",7.77,123,7771,{"ext":25,"url":650,"etag":651,"hash":652,"mime":29,"name":653,"path":20,"size":654,"width":50,"height":655,"sizeInBytes":656},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_fingerprint_authentication_with_yubion_portal_1_9d0790bea6.png","23b6f6f0f0ece3ae15742823eb906ed7","medium_blog_fingerprint_authentication_with_yubion_portal_1_9d0790bea6","medium_blog-fingerprint-authentication-with-yubion-portal-1.png",13.24,184,13243,{"ext":25,"url":658,"etag":659,"hash":660,"mime":29,"name":661,"path":20,"size":662,"width":124,"height":663,"sizeInBytes":664},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_fingerprint_authentication_with_yubion_portal_1_9d0790bea6.png","c1bba10b5c9fd06b2035338ec3e15938","thumbnail_blog_fingerprint_authentication_with_yubion_portal_1_9d0790bea6","thumbnail_blog-fingerprint-authentication-with-yubion-portal-1.png",3.09,60,3094,"blog_fingerprint_authentication_with_yubion_portal_1_9d0790bea6",8.71,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fingerprint_authentication_with_yubion_portal_1_9d0790bea6.png","2026-04-28T06:33:07.215Z",[670,671],{"id":74,"documentId":75,"name":76,"slug":20,"createdAt":77,"updatedAt":77,"publishedAt":78},{"id":672,"documentId":673,"name":674,"slug":20,"createdAt":675,"updatedAt":675,"publishedAt":676},26,"zga89rixd2cfoxv47le8mms0","ATKey","2026-04-28T05:13:52.588Z","2026-04-28T05:13:54.449Z",{"id":678,"documentId":679,"title":680,"content":681,"slug":682,"published":683,"createdAt":684,"updatedAt":684,"publishedAt":685,"locale":14,"authorManual":359,"cover":686,"tags":730},75,"ke50kc5dhw0ahmqllmktvlq3","Remote Desktop Using Passkey with YubiOn FIDO Logon","\u003Cp>Today, we have released a new version (3.0.0.1) of YubiOn FIDO Logon. It will be a major update since the logon using smartphone update last September.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_remote_desktop_login_passkey_yubion_fido_logon_1_91f2edfaf7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>With this update, you can now log into Remote Desktop using a Passkey!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>YubiOn FIDO Logon interacted directly with USB devices and smartphone BLEs. So until now, it was only available in remote environments such as the redirection of USB devices. However, by using the WebAuthn redirect mechanism implemented by Microsoft last year on the remote desktop, it is now possible to transfer only the contents of Passkey authentication to the connectors instead of the USB device itself. This renovation will use the function of this WebAuthn redirect to perform passkey authentication at the connection source when connecting to a remote desktop. I think that it has become a product that can be more flexible by supporting accessing a company computer with remote work or remotely accessing a computer in the data center.\u003C\u002Fp>\n\u003Ch3>■Try a remote desktop with passkey logon (FIDO logon)\u003C\u002Fh3>\n\u003Cp>First, let&#39;s look at the actual operation, after registering YubiOn FIDO Logon, installing the client application on your computer, and setting the registration code.\u003C\u002Fp>\n\u003Cp>As a prerequisite, the OS of both PCs you are connecting to and from must be Windows 11, 10, or Server 2022（※1）. And of course, Remote Desktop must be allowed. The PC you are connecting to needs to have FIDO Logon installed. （※2） This time, I will work with both of the PCs on Windows 11.\u003C\u002Fp>\n\u003Cp>（※1）Some functions are restricted depending on the OS, but we will discuss that later.\u003C\u002Fp>\n\u003Cp>（※2）Of course, there is no problem if the FIDO Logon is installed on the PC you are connecting from.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>① Register an authenticator\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>First, let&#39;s register an authenticator. You can also register an authenticator on a Remote Desktop. Connect to the Remote desktop using the conventional connection method, and start the Setting tool on the PC you are connecting to. Once launched, open &quot;Authentication settings&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_remote_desktop_login_passkey_yubion_fido_logon_2_e787da7151.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When you operated on your PC directly, the &quot;Register smartphone&quot; and &quot;Register security key&quot; buttons were displayed, but when connecting via Remote Desktop, the &quot;Register authenticator remotely&quot; button appeared. （※3） Click this button to register.\u003C\u002Fp>\n\u003Cp>（※3）There is also a new checkbox for &quot;Register as DiscoverableCredential&quot;, but this is the same as the setting when registering an authenticator from the WEB. Please check \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fguide\u002Fen\u002Fusers_manual\u002Fsetup\u002Fassign_credential\u002Fassign_credential_remote\u002F\">this\u003C\u002Fa> out for details.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_remote_desktop_login_passkey_yubion_fido_logon_3_1d826c4539.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After communicating with the server via FIDO Logon for a while, a FIDO authentication dialog will be displayed \u003Cstrong>on the PC you are connecting to\u003C\u002Fstrong>. Those of you who use passkeys or FIDO authentication on the WEB may already know this, but this is the standard Windows passkey authentication dialog.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_remote_desktop_login_passkey_yubion_fido_logon_4_6a71a7f23a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This time I will register a security key. So follow the instructions in the dialog to register the security key. After being given some instructions about the information to be obtained from the security key, the registration process will proceed by touching the key if it is a fingerprint authentication key, or entering the PIN and touching the key if it is a PIN authentication key.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_remote_desktop_login_passkey_yubion_fido_logon_5_037ca7a205.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you continue, a standard Windows dialog box will appear, and a registration completion message will also appear on the Setting tool screen on the PC you are connecting to. Now you are ready for authentication.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>② Remote Desktop Login\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Next, let&#39;s try an actual login.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_remote_desktop_login_passkey_yubion_fido_logon_6_393589acd9.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This time, I will explain the process from connecting to a Remote Desktop. So let&#39;s sign out and disconnect the Remote Desktop connection. After signing out from the Start menu, open the Remote Desktop app again on the PC you want to connect from and proceed as you would usually do with a Remote Desktop Connection.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_remote_desktop_login_passkey_yubion_fido_logon_7_fae2e7dffb.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of a typical Remote Desktop Connection, the screen shown above will be displayed, and once you enter your ID and password, the logon desktop will be displayed. FIDO authentication with FIDO Logon requires regular password authentication here, and then FIDO authentication again on the PC you are connecting to. I will explain why it is formatted like this later, but first, enter your ID and password as you normally would.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_remote_desktop_login_passkey_yubion_fido_logon_1_91f2edfaf7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the Remote Desktop screen opens, the FIDO authentication dialog will appear on the PC you are connecting from, just like when you registered. （※4） Follow the instructions in the dialog to proceed with security key authentication.\u003C\u002Fp>\n\u003Cp>（※4）If it doesn&#39;t appear, you may need to select the YubiOn FIDO Logon icon in &quot;Sign-in options&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_remote_desktop_login_passkey_yubion_fido_logon_8_eb0786a994.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This will look almost the same as when you registered. If necessary, you will need to enter a PIN to authenticate.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_remote_desktop_login_passkey_yubion_fido_logon_9_c9a1bdca11.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once authentication is complete, you will be asked to enter your password on the PC you are connecting to, for the first time only. This is the same as when logging on directly. Once you enter the password, you will not be asked for it again.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_remote_desktop_login_passkey_yubion_fido_logon_10_8bab71bfaf.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The PC you are connecting to was displayed successfully on the Remote Desktop.\u003C\u002Fp>\n\u003Ch3>■ Technical talk ① - Authentication when connecting to a Remote Desktop:\u003C\u002Fh3>\n\u003Cp>Many people who usually use Remote Desktop Connection enter their ID and password on the PC they are connecting from before connecting. The ID and password you enter at this time are the ID and password required to pass the &quot;Network Level Authentication (NLA)&quot; authentication for Remote Desktop Connection. In fact, within Windows, authentication is performed twice when connecting to a Remote Desktop.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Windows standard\u003C\u002Ftd>\n\u003Ctd>After FIDO Logon is installed\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>① \u003Cstrong>Network Level Authentication\u003C\u002Fstrong> - Performed when connecting to a Remote Desktop. If this authentication is passed, input and output (screen display, keyboard, mouse input, etc.) can be shared.\u003C\u002Fp>\n\u003Cp>② \u003Cstrong>Windows Logon authentication\u003C\u002Fstrong> - Performed when logging on to the PC you are connecting to, similar to the authentication required when operating on the PC directly. Normally, if the authentication in ① has been cleared and you can log on with the same authentication information, it will be skipped.\u003C\u002Fp>\n\u003Cp>YubiOn FIDO Logon is a product that strengthens the Windows logon authentication② and does not support the Network Level Authentication①. If you are concerned about the increased operational load on users, it may be a good idea to store authentication information on the PC you are connecting from. Regarding strengthening the security of the Network Level Authentication part, we are not aware of any products that directly do that. Please consider strengthening the protection of the connection path such as Windows Server RD Gateway and VPN tunneling.\u003C\u002Fp>\n\u003Ch3>■ Technical talk ② - OS-specific constraints on WebAuthn redirection:\u003C\u002Fh3>\n\u003Cp>The mechanism of WebAuthn redirection is implemented in a common process called WebAuthnAPI on Windows, but the available functions of this API are different depending on the version of Windows. They are roughly divided into Windows 10 series and Windows 11 series. Regarding authentication using external authenticators used in FIDO Logon (security key authentication and cross-device authentication（※5）), whether cross-device authentication is possible or not is different.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Windows10\u003C\u002Ftd>\n\u003Ctd>Windows11\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>・Windows 10 series: Cross-device authentication is not possible.\u003C\u002Fp>\n\u003Cp>・Windows 11 series: Cross-device authentication possible.\u003C\u002Fp>\n\u003Cp>However, when using these with WebAuthn redirection, availability is determined not by which Windows the PC you connecting to is, but by \u003Cstrong>which Windows the PC you connecting from is\u003C\u002Fstrong>. In other words, even if the PC you are connecting to is Windows 10, if you connect via Remote Desktop from a Windows 11 PC, you can log on with your smartphone. Conversely, even if the PC you are connecting to is Windows 11, if you connect via a Remote Desktop from a Windows 10 PC, you will not be able to log on with a smartphone.\u003C\u002Fp>\n\u003Cp>（※5）This has been introduced as Hybrid authentication in previous blogs and as a function of FIDO Logon, it refers to smartphone authentication. It seems that FIDO-related specifications are relatively often renamed.\u003C\u002Fp>\n\u003Ch3>■Summary\u003C\u002Fh3>\n\u003Cp>This time, I explained the Remote Desktop login function that was added in the update of YubiOn FIDO Logon. Until now, we have recommended YubiOn Portal to customers considering using Remote Desktop, but recently, with the spread of passkeys, we have seen an increase in requests to use Remote Desktop with FIDO Logon. We hope that we have been able to meet the needs of such customers.\u003C\u002Fp>\n\u003Cp>The free version has the same functionality as the paid version and can be tried for three months. So please give it a try.\u003C\u002Fp>\n\u003Ch3>■Related links\u003C\u002Fh3>\n\u003Cp>[YubiOn FIDO Logon]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffl.yubion.com\">https:\u002F\u002Ffl.yubion.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[YubiOn FIDO Logon overview page]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">https:\u002F\u002Fwww.yubion.com\u002Ffidologon\u003C\u002Fa>\u003C\u002Fp>\n","remote-desktop-login-passkey-yubion-fido-logon","2024-07-01","2026-04-28T06:57:11.678Z","2026-04-28T06:57:14.444Z",{"id":687,"documentId":688,"name":689,"alternativeText":20,"caption":20,"focalPoint":20,"width":690,"height":691,"formats":692,"hash":725,"ext":25,"mime":29,"size":726,"url":727,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":728,"updatedAt":728,"publishedAt":729},722,"rfghm49gtpscrvj7jnb9bv6g","blog-remote-desktop-login-passkey-yubion-fido-logon-1.png",1172,847,{"large":693,"small":701,"medium":709,"thumbnail":717},{"ext":25,"url":694,"etag":695,"hash":696,"mime":29,"name":697,"path":20,"size":698,"width":32,"height":699,"sizeInBytes":700},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_remote_desktop_login_passkey_yubion_fido_logon_1_91f2edfaf7.png","e209c29c85d7952a02cc28f6f982f8cf","large_blog_remote_desktop_login_passkey_yubion_fido_logon_1_91f2edfaf7","large_blog-remote-desktop-login-passkey-yubion-fido-logon-1.png",600.41,723,600413,{"ext":25,"url":702,"etag":703,"hash":704,"mime":29,"name":705,"path":20,"size":706,"width":41,"height":707,"sizeInBytes":708},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_remote_desktop_login_passkey_yubion_fido_logon_1_91f2edfaf7.png","2956181b0a69708f8e9c7bd1b0c01dfc","small_blog_remote_desktop_login_passkey_yubion_fido_logon_1_91f2edfaf7","small_blog-remote-desktop-login-passkey-yubion-fido-logon-1.png",172.65,361,172650,{"ext":25,"url":710,"etag":711,"hash":712,"mime":29,"name":713,"path":20,"size":714,"width":50,"height":715,"sizeInBytes":716},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_remote_desktop_login_passkey_yubion_fido_logon_1_91f2edfaf7.png","a6a664e3b047575f0de0dd4523745b01","medium_blog_remote_desktop_login_passkey_yubion_fido_logon_1_91f2edfaf7","medium_blog-remote-desktop-login-passkey-yubion-fido-logon-1.png",356.5,542,356496,{"ext":25,"url":718,"etag":719,"hash":720,"mime":29,"name":721,"path":20,"size":722,"width":723,"height":59,"sizeInBytes":724},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_remote_desktop_login_passkey_yubion_fido_logon_1_91f2edfaf7.png","b7219539f9c5fed46929ee45004807dd","thumbnail_blog_remote_desktop_login_passkey_yubion_fido_logon_1_91f2edfaf7","thumbnail_blog-remote-desktop-login-passkey-yubion-fido-logon-1.png",44.95,216,44945,"blog_remote_desktop_login_passkey_yubion_fido_logon_1_91f2edfaf7",166.12,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_remote_desktop_login_passkey_yubion_fido_logon_1_91f2edfaf7.png","2026-04-28T06:55:55.670Z","2026-04-28T06:55:55.671Z",[731,732,733,734,735],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":154,"documentId":155,"name":156,"slug":20,"createdAt":157,"updatedAt":157,"publishedAt":158},{"id":68,"documentId":69,"name":70,"slug":20,"createdAt":71,"updatedAt":71,"publishedAt":72},{"id":663,"documentId":736,"name":737,"slug":20,"createdAt":738,"updatedAt":738,"publishedAt":739},"i25j516iffazwmfl4bj9luea","Remote Desktop","2026-04-28T05:30:15.512Z","2026-04-28T05:30:17.363Z",{"id":741,"documentId":742,"title":743,"content":744,"slug":745,"published":746,"createdAt":747,"updatedAt":747,"publishedAt":748,"locale":14,"authorManual":570,"cover":20,"tags":749},15,"ajbhapbkoemfj2mwpql6hb1a","Could the Multi-factor Authentication (MFA) be the Key to Solving the Recent Spate of Cyber Attacks and Data Leaks?","\u003Cp>Recently, JAXA (Japan Aerospace Exploration Agency) announced that it may have suffered multiple cyber-attacks from last year to this year, resulting in the leakage of confidential information. The server that was the target of an internal server attack after receiving unauthorized access from outside contained approximately 5,000 personal information records of employees and temporary staff. However, the company said that sensitive information related to security, such as rocket and satellite operations, was not affected.\u003C\u002Fp>\n\u003Cp>Announced on June 21st, 2024.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww3.nhk.or.jp\u002Fnews\u002Fhtml\u002F20240621\u002Fk10014487721000.html\">​ (NHK NEWS WEB)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Information leaks due to cyber attacks can damage the credibility of an organization and cause serious economic losses. In particular, in institutions that handle confidential and personal information, the outflow of information has the risk of shaking social trust. The lack of security measures so far is behind this incident, and the deployment of a strong security system is urgently needed.\u003C\u002Fp>\n\u003Cp>Also, this incident highlights that there is a risk of hacking damage if there are no security measures somewhere. Generally, a single authentication with only an ID and password is highly vulnerable to cyber-attacks. In institutions where security is important, information should be highly protected, and security is urgently needed.\u003C\u002Fp>\n\u003Cp>When considering security enhancement in authentication,multi-factor authentication (MFA) is said to be effective. There are various methods in bite of multi-factor authentication, but what kind of method is effective for future security measures?\u003C\u002Fp>\n\u003Cp>One of them is Passkey.\u003C\u002Fp>\n\u003Cp>FIDO&#39;s Passkey uses the public key encryption method to prevent password theft and phishing attacks. The user&#39;s authentication information is safely stored in the device and does not leak out. So you can maintain high security.\u003C\u002Fp>\n\u003Cp>FIDO (Fast Identity Online) Passkey has some important points.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>１． High Security\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>FIDO Passkey uses public key encryption and saves authentication information on the user&#39;s device. At the time of authentication, authentication is performed using a public key and the private key does not leak out of the device. This helps users prevent password theft and phishing attacks.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>２． Phishing Measures\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>FIDO Passkey is not available on a phishing site because it is linked to a specific website or service. Since authentication is performed only on regular sites, it greatly reduces the risk of users being deceived by fake sites.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>３． Easy to Use and Convenience\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Users do not need to learn the password. So you can easily log in using biometric authentication (fingerprint authentication, face authentication, etc.) and PIN code. This makes the authentication process quickly and intuitively.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>４． Passwordless Authentication\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Using FIDO Passkey allows you to complete passwordless authentication. This eliminates the risk of password management and leakage, improving security.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>５． Cross Platform Compatibility\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>FIDO Passkey is compatible with many devices and platforms such as Windows, macOS, iOS, and Android, users can be seamlessly authenticated between multiple devices.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>６． Privacy Protection\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>The authentication information is saved on the user&#39;s device. So the service provider cannot access the user&#39;s private key. This protects privacy.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>７． Industry-wide Support\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>FIDO Alliance has many large companies, such as Google, Microsoft, and Apple, and the FIDO standard is widely used. This has an environment where many online services can use FIDO Passkey.\u003C\u002Fp>\n\u003Cp>From these points, the FIDO Passkey is an effective authentication method that combines high security and ease of use and is useful for both users and service providers.\u003C\u002Fp>\n\u003Cp>See below for detailed explanations about Passkey:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-1?lang=en\">What are Passkeys? (Part 1)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-2?lang=en\">What are Passkeys? (Part 2)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Also, the deployment of physicality keys is one of the effective means.\u003C\u002Fp>\n\u003Cp>FIDO-compatible security keys such as YubiKey function as physical tokens and enhance user authentication processes. This will further improve security by preventing unauthorized access and achieving two-factor authentication.\u003C\u002Fp>\n\u003Cp>The reasons are effective for the deployment of physical security keys:\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>１． High-security Level\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>A physical security key is used as part of multi-factor authentication (MFA), which is required in addition to a password to access the account. This makes it impossible to access the account even if the password is leaked.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>２． Resistance to Phishing Attacks\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>The security key used in FIDO authentication is designed to function only for a specific domain that has been registered. So it cannot be used on a phishing site. This greatly reduces the risk of users accidentally entering information on fake sites.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>３． Easy to Use and Convenience\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Once set, it is easy for users to authenticate simply by connecting the keys or connecting them with near-field communication (NFC) or Bluetooth. It is especially convenient for users who log in frequently.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>４． Passwordless Authentication\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Some services can fully use a physical security key to fully authenticate with passwordless. This reduces the burden of password management and memory.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>５． General and Compatibility\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Many physical security keys are compliant with the FIDO (Fast Identity Online) standard and can be used for major services such as Google, Microsoft, and Facebook. This allows you to use the same key in multiple accounts.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>６． Long-term Cost Effect\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Security keys are durable and can be used for a long time. So you can reduce the cost of password reset and account recovery in the long term. Although there is an initial investment.\u003C\u002Fp>\n\u003Cp>For those reasons, the deployment of physical security keys is an effective security measure for many companies and individuals.\u003C\u002Fp>\n\u003Cp>See below for details on security keys:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-is-a-security-key?lang=en\">What is a Security Key?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Our company&#39;s YubiOn solution is an advanced security solution that allows you to use Passkeys and security keys. Strictly manage access to personal information and confidential data, based on FIDO authentication. In addition, there is no impact on existing systems (local AD or Entra ID) and can be deployed quickly and easy to operate.\u003C\u002Fp>\n\u003Cp>In addition, there is a solution that can use SSO. So you can select solutions according to the operation requirements. The effects after the deployment can significantly reduce unauthorized access, reduce the risk of confidential information, increase security awareness, and improve management efficiency.\u003C\u002Fp>\n\u003Cp>The YubiOn solution reduces the risk of information leakage due to cyber-attacks and contributes to zero-trust security. The deployment of YubiOn solutions that combine safety and convenience is very effective as part of future information security measures. Deploying advanced authentication technology such as multi-factor authentication (MFA) can enhance security and significantly reduce the risk of information leakage.\u003C\u002Fp>\n\u003Cp>Furthermore, the importance of zero trust security is increasing. Zero Trust verifies all accesses regardless of whether they are inside the network, based on the principle of &quot;Do not trust, always check&quot;. This approach can minimize risks in areas where internal threats and conventional border protection are not extended. By combining multi-factor authentication (MFA) and zero trust, companies can build a more robust and comprehensive security system and further reduce the risk of information leakage.\u003C\u002Fp>\n\u003Cp>See below for more information about the YubiOn solution:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon?lang=en\">Passwordless logon using FIDO key YubiOn FIDO Logon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002F?lang=en\">YubiOn Website\u003C\u002Fa>\u003C\u002Fp>\n","mfa-key-to-solving-cyber-attacks-data-leaks","2024-06-28","2026-04-28T06:13:23.372Z","2026-04-28T06:13:25.907Z",[750,751],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":753,"documentId":754,"title":755,"content":756,"slug":757,"published":758,"createdAt":759,"updatedAt":759,"publishedAt":760,"locale":14,"authorManual":15,"cover":761,"tags":804},117,"xxpoknce8r3envmva5rwjp2m","What's New on YubiKey Firmware 5.7?","\u003Cp>Yubico announced on its blog on May 21st that they will soon offer YubiKeys with the latest 5.7 firmware.\u003C\u002Fp>\n\u003Cp>Reference) Yubico Blog\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fblog\u002Fnow-available-for-purchase-yubikey-5-series-and-security-key-series-with-new-5-7-firmware\u002F\">Now available for purchase: YubiKey 5 Series and Security Key Series with new 5.7 firmware\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>I recently received a YubiKey 5C NFC with the latest 5.7 firmware, so I&#39;d like to try it out and see what has changed.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>YubiKey Appearance\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_1_fbced29f30.jpeg\" alt=\"YubiKey 5C NFC ブリスターパック\">\u003C\u002Fp>\n\u003Cp>YubiKey 5C NFC 5.7 firmware\u003C\u002Fp>\n\u003Cp>The YubiKey I obtained this time has a Type-C USB connection.\u003C\u002Fp>\n\u003Cp>Opened the blister pack.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_2_18ef58cf98.jpeg\" alt=\"YubiKey 5C NFCの表面\">\u003C\u002Fp>\n\u003Cp>YubiKey - front\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_3_3358505800.jpeg\" alt=\"YubiKey 5C NFCの裏面\">\u003C\u002Fp>\n\u003Cp>YubiKey- back\u003C\u002Fp>\n\u003Cp>It looks the same as the previous YubiKey 5.\u003C\u002Fp>\n\u003Cp>Only the firmware was updated, so this is to be expected.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Changes in the firmware update\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>From Yubico&#39;s blog, here are the changes in this firmware update:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cstrong>Expanded passkey and passwordless storage capabilities\u003C\u002Fstrong> – accommodating up to 100 device-bound passkeys (up from 25), 64 OATH seeds (up from 32), 24 PIV certificates, and 2 OTP seeds at once for a total of 190 credentials.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Expansion and enhancement of public key algorithms\u003C\u002Fstrong>, including support for larger RSA keys (RSA-3072 and RSA-4096), Ed25519, and X25519 key types enhances key management functions and flexibility for organizations, aligning with \u003Ca href=\"https:\u002F\u002Fdl.dod.cyber.mil\u002Fwp-content\u002Fuploads\u002Fpki-pke\u002Fpdf\u002Funclass-memo_dodcryptoalgorithms.pdf\">DoD memo requirements\u003C\u002Fa> on stronger public key algorithms. \u003Cstrong>Migration to Yubico’s own cryptographic library\u003C\u002Fstrong> that performs the underlying cryptographic operations (decryption, signing, etc.) for RSA and ECC.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enterprise attestation\u003C\u002Fstrong> facilitates the retrieval of unique identifiers during FIDO2 registration and streamlining asset tracking by allowing identity providers to read the serial number from the YubiKey during FIDO2 registration.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enhanced PIN complexity settings across all YubiKey\u003C\u002Fstrong> applications, including FIDO2, PIV, and OpenPGP.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>FIDO Client to Authenticator Protocol (CTAP) 2.1 implementation\u003C\u002Fstrong> brings improvements around the FIDO2 PIN, including Force PIN Change and Minimum PIN Length, addressing PIN requirements in “enroll on behalf” scenarios.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>About 1:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The number of passkeys that can be registered has been increased from 25 to 100, and the storage capacity for OATH and PIV certificate seeds has been increased.\u003C\u002Fp>\n\u003Cp>Compared to before, some more services and products support passkeys, so it seems that the number that can be registered has been increased with an eye to the future.\u003C\u002Fp>\n\u003Cp>At the moment, just a few people use more than the 25 passkeys limit, but considering the future, it&#39;s probably helpful to have more storage space.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>About ２:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Algorithms with larger key lengths are now supported.\u003C\u002Fp>\n\u003Cp>Originally, multiple key types were supported, but the number of algorithms with higher security strength is steadily increasing.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>About ３:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>During FIDO registration, the ID provider can read the serial number of the YubiKey and identify the YubiKey, making it possible to manage it by preventing personal YubiKeys from being registered.\u003C\u002Fp>\n\u003Cp>However, to use this function, it seems that separate customization is required at the Yubico factory, so this function is not available on YubiKeys that have already been shipped.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>About ４:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>It is now possible to set the complexity of PIN used for FIDO2, PIV, etc.\u003C\u002Fp>\n\u003Cp>However, this also requires separate customization at the Yubico factory, so it seems that this function is not available on YubiKeys that have already been shipped.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>About ５:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>It is now possible to restrict PIN settings, such as forcing PIN changes and minimum PIN length restrictions.\u003C\u002Fp>\n\u003Cp>This function allows administrators to specify how PINs should be used before distributing YubiKeys to end users. So they can impose restrictions such as a minimum number of characters for PINs and make users change the PIN the first time, just like traditional password requirements.\u003C\u002Fp>\n\u003Cp>This is a useful feature for system administrators who want to enforce security policies because if a company has a security policy, they can operate YubiKeys following that policy.\u003C\u002Fp>\n\u003Cp>It seems that these PIN restriction settings can be tried using commands, so I would like to try them out right away.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Trying out PIN restriction settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Since the settings are usually done by the administrator, let&#39;s assume the following as an example.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>You are an administrator and you distribute YubiKeys to employees for FIDO authentication.\u003C\u002Fli>\n\u003Cli>You want to meet the company security policy of a PIN of 10 digits or more.\u003C\u002Fli>\n\u003Cli>You want each employee to set their PIN.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>To carry out the above assumptions, we will try the following two settings on the YubiKey:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Set the minimum number of digits for the PIN.\u003C\u002Fli>\n\u003Cli>Always change the PIN when using the device.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Now, let&#39;s get to the practical part.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Preparation for setting up\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>To change the PIN settings, you need to run commands using a tool called YubiKey Manager CLI.\u003C\u002Fp>\n\u003Cp>※ Please note that this does not seem to be possible with the GUI YubiKey Manager.\u003C\u002Fp>\n\u003Cp>Also, the command is compatible with YubiKey Manager CLI version 5.4.0 and later. So please download 5.4.0.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdevelopers.yubico.com\u002Fyubikey-manager\u002FReleases\u002F\">https:\u002F\u002Fdevelopers.yubico.com\u002Fyubikey-manager\u002FReleases\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Go to the site and download 5.4.0.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_4_ebb545b343.png\" alt=\"YubiKeyManager CLIのダウンロードページ\">\u003C\u002Fp>\n\u003Cp>Since my test environment is Windows, I&#39;ll download the Windows installer and run the installation.\u003C\u002Fp>\n\u003Cp>Once the installation is complete, run the command prompt.\u003C\u002Fp>\n\u003Cp>※ The command prompt must be launched with administrator privileges.\u003C\u002Fp>\n\u003Cp>The commands were taken from the page pushed by Yubico.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.yubico.com\u002Fsoftware\u002Fyubikey\u002Ftools\u002Fykman\u002Findex.html\">YubiKey Manager (ykman) CLI and GUI Guide\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Check the version of the command.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>ykman -v\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_5_71699425e4.png\" alt=\"コマンドプロンプト\">\u003C\u002Fp>\n\u003Cp>You can see that YubiKey Manager version 5.4.0 is installed.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Setting the default PIN\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>To restrict the PIN, it is necessary to set a default PIN beforehand.\u003C\u002Fp>\n\u003Cp>※ If you try to set restrictions without setting a PIN, you will get the error &quot;ERROR: No PIN is set.&quot;\u003C\u002Fp>\n\u003Cp>The default PIN can be set from the Windows system settings or the GUI version of YubiKey Manager.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for Windows\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This time, I will set it using the CLI command.\u003C\u002Fp>\n\u003Cp>Set a 6-digit PIN (123456) with the following command.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>ykman fido access change-pin -n 123456\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Now that the settings are complete, I will try setting PIN restrictions.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Set the minimum PIN length\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Set the minimum PIN length to 10 digits with the following command.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>ykman fido access set-min-length 10\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>When setting up, you will be asked for your current PIN. So enter the PIN (123456) you have already set.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_6_efd4be8bc3.jpeg\" alt=\"コマンドプロンプト\">\u003C\u002Fp>\n\u003Cp>The settings have been changed.\u003C\u002Fp>\n\u003Cp>Let&#39;s try changing the PIN to one shorter than 10 digits.\u003C\u002Fp>\n\u003Cp>Execute the following command, specifying an 8-digit PIN.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>ykman fido access change-pin -n 12345678\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_7_25e6f628d4.jpeg\" alt=\"コマンドプロンプト\">\u003C\u002Fp>\n\u003Cp>Because the PIN is shorter than the specified 10 digits, an error was displayed and the change failed.\u003C\u002Fp>\n\u003Cp>This is expected.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[Additional Information]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you enter a short PIN when changing it from Windows system settings, you will see an error message saying &quot;Try creating a PIN that &#39;s more complex.&quot;\u003C\u002Fp>\n\u003Cp>Please note that this message is not about the PIN length and can be confusing.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_8_52edd1ce09.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, try setting a 10-digit PIN.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>ykman fido access change-pin -n 1234567890\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_9_e66f72d63d.jpeg\" alt=\"コマンドプロンプト\">\u003C\u002Fp>\n\u003Cp>This was successful without any errors.\u003C\u002Fp>\n\u003Cp>One thing to note is that once you change the minimum PIN length, you can set a longer number of digits than you set it to, but you will not be able to set a shorter number of digits.\u003C\u002Fp>\n\u003Cp>For example, after setting 10 digits, you can increase it to 12 digits, but you cannot decrease it to 8 digits.\u003C\u002Fp>\n\u003Cp>If you set it incorrectly, you will need to reset the FIDO information.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Setting to force a PIN change\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Next, let&#39;s try forcing the user to change their PIN before using the device.\u003C\u002Fp>\n\u003Cp>Run the following command:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>ykman fido access force-change\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Enter your current PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_10_cdc76f90db.jpeg\" alt=\"コマンドプロンプト\">\u003C\u002Fp>\n\u003Cp>The setup is complete.\u003C\u002Fp>\n\u003Cp>To check if the settings are correct, I will try to use FIDO authentication in this state.\u003C\u002Fp>\n\u003Cp>To test FIDO, I will try logging in to the YubiOn FIDO Logon management screen using FIDO.\u003C\u002Fp>\n\u003Cp>I will check the operation on a Windows 11 computer.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_11_1394b58a4a.png\" alt=\"PINを変更する必要があるというメッセージ\">\u003C\u002Fp>\n\u003Cp>When I selected the security key, I received a message saying &quot;PIN must be changed before using security key.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_12_1b83d8d183.png\" alt=\"PIN変更ウィンドウ\">\u003C\u002Fp>\n\u003Cp>After a short while, the window for changing the PIN will appear.\u003C\u002Fp>\n\u003Cp>You can change your PIN by entering your current PIN and your new PIN twice and clicking the OK button.\u003C\u002Fp>\n\u003Cp>This operation is very easy for users to understand.\u003C\u002Fp>\n\u003Cp>It looks like it will be possible to prevent users from using the YubiKey until they change their PIN at least once.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>[Additional Information]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The behaviors are different on Windows 10.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_13_259d994a8c.png\" alt=\"FIDOのPIN入力\">\u003C\u002Fp>\n\u003Cp>When I entered the PIN for FIDO authentication, the attempt failed with a message saying that the PIN was incorrect, even though I was sure I entered the correct PIN.\u003C\u002Fp>\n\u003Cp>Is this as expected?\u003C\u002Fp>\n\u003Cp>In the case of Windows 10, it does not automatically move on to the PIN change sequence as when I tried it on Windows 11. It seems that the YubiKey will not treat the PIN as correct unless you simply change it.\u003C\u002Fp>\n\u003Cp>Since the only message you get is that the PIN is incorrect, it&#39;s difficult to tell whether you need to change your PIN or you simply entered the wrong PIN. So it&#39;s important to be careful about this.\u003C\u002Fp>\n\u003Cp>The PIN change window does not appear automatically. So you will need to change your PIN separately.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_14_ff61d6df90.jpeg\" alt=\"コマンドプロンプト\">\u003C\u002Fp>\n\u003Cp>※ This time, the PIN was changed using a command, but for general users, it is easier to change the PIN from the Windows system.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for Windows\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>When I tried entering the changed PIN to perform FIDO authentication in the same way, I was asked to touch the key without getting an error.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_15_595ca6db73.png\" alt=\"FIDO認証でセキュリティキーにタッチする画面\">\u003C\u002Fp>\n\u003Cp>If users are using Windows 10 computers, administrators who are considering operation should be aware of these differences.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>YubiKey with firmware version 5.7 is now available.\u003C\u002Fp>\n\u003Cp>There are no particular changes in appearance, but several functions have been added.\u003C\u002Fp>\n\u003Cp>The PIN management function can be used by installing the YubiKey Manager CLI (version 5.4.0) and executing commands.\u003C\u002Fp>\n\u003Cp>The PIN restriction function does not have any particular impact on general users, but it does expand the options for company administrators who distribute YubiKeys to their employees.\u003C\u002Fp>\n\u003Cp>However, some behaviors change depending on the Windows OS used. So when administrators distribute YubiKeys to employees, they will likely need to create a detailed initial setup manual.\u003C\u002Fp>\n\u003Cp>The YubiKeys we sell will also be available with firmware 5.7. So please contact us if you are looking for an authenticator.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form?lang=en\">CONTACT\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>We also offer solutions that use security keys. So if you are interested, please take a look at our solutions and blogs.\u003C\u002Fp>\n\u003Cp>Thanks for reading to the end.\u003C\u002Fp>\n","whats-new-on-yubikey-firmware-5-7","2024-06-26","2026-04-28T07:28:40.858Z","2026-04-28T07:28:44.087Z",{"id":762,"documentId":763,"name":764,"alternativeText":20,"caption":20,"focalPoint":20,"width":765,"height":766,"formats":767,"hash":800,"ext":512,"mime":516,"size":801,"url":802,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":803,"updatedAt":803,"publishedAt":803},1008,"ihryr8mp5o3v9syze0n2vcj1","blog-whats-new-on-yubikey-firmware-5-7-1.jpeg",1309,1438,{"large":768,"small":776,"medium":784,"thumbnail":792},{"ext":512,"url":769,"etag":770,"hash":771,"mime":516,"name":772,"path":20,"size":773,"width":774,"height":32,"sizeInBytes":775},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_whats_new_on_yubikey_firmware_5_7_1_fbced29f30.jpeg","73714aae35973596a13c99e14dabf7a7","large_blog_whats_new_on_yubikey_firmware_5_7_1_fbced29f30","large_blog-whats-new-on-yubikey-firmware-5-7-1.jpeg",118.64,910,118639,{"ext":512,"url":777,"etag":778,"hash":779,"mime":516,"name":780,"path":20,"size":781,"width":782,"height":41,"sizeInBytes":783},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_whats_new_on_yubikey_firmware_5_7_1_fbced29f30.jpeg","11d2deb6f399bd60fe38fface7171b3c","small_blog_whats_new_on_yubikey_firmware_5_7_1_fbced29f30","small_blog-whats-new-on-yubikey-firmware-5-7-1.jpeg",34.18,455,34183,{"ext":512,"url":785,"etag":786,"hash":787,"mime":516,"name":788,"path":20,"size":789,"width":790,"height":50,"sizeInBytes":791},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_whats_new_on_yubikey_firmware_5_7_1_fbced29f30.jpeg","1a03a0259b1023ac594cc206b6cffb92","medium_blog_whats_new_on_yubikey_firmware_5_7_1_fbced29f30","medium_blog-whats-new-on-yubikey-firmware-5-7-1.jpeg",72.4,683,72399,{"ext":512,"url":793,"etag":794,"hash":795,"mime":516,"name":796,"path":20,"size":797,"width":798,"height":59,"sizeInBytes":799},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_whats_new_on_yubikey_firmware_5_7_1_fbced29f30.jpeg","3da84a771dcdbc8e89dd626fdcaae9da","thumbnail_blog_whats_new_on_yubikey_firmware_5_7_1_fbced29f30","thumbnail_blog-whats-new-on-yubikey-firmware-5-7-1.jpeg",4.4,142,4398,"blog_whats_new_on_yubikey_firmware_5_7_1_fbced29f30",213.11,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_whats_new_on_yubikey_firmware_5_7_1_fbced29f30.jpeg","2026-04-28T07:27:30.966Z",[805,806,807,808],{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":154,"documentId":155,"name":156,"slug":20,"createdAt":157,"updatedAt":157,"publishedAt":158},{"id":556,"documentId":557,"name":558,"slug":20,"createdAt":559,"updatedAt":559,"publishedAt":560},{"id":339,"documentId":340,"name":341,"slug":20,"createdAt":342,"updatedAt":342,"publishedAt":343},{"id":810,"documentId":811,"title":812,"content":813,"slug":814,"published":815,"createdAt":816,"updatedAt":816,"publishedAt":817,"locale":14,"authorManual":570,"cover":818,"tags":861},41,"ed1qtyk8t0rvtjh8xhhij273","FIDO Alliance Osaka Seminar Report","\u003Cp>On Monday, May 20th, the FIDO Alliance※ Osaka Seminar was held.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fevent\u002Ffido-alliance-osaka-seminar\u002F\">FIDO Alliance Osaka Seminar - FIDO Alliance\u003C\u002Fa>\u003C\u002Fp>\n\u003Cpre>\u003Ccode>※ A global non-profit organization promoting authentication standards that reduce reliance on passwords. We are also an active Alliance member in Japan.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This time, the seminar was held at the Hilton Hotel in Osaka. And since our development team is based in Kobe, we all decided to attend as the seminar was being held nearby.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido_alliance_osaka_seminar_report_1_84a5e7d622.jpeg\" alt=\"FIDO大阪セミナーの受付\">\u003C\u002Fp>\n\u003Cp>FIDO Osaka Seminar\u003C\u002Fp>\n\u003Cp>This time, there were many participants from overseas, as the FIDO Plenary is being held from May 21st to 23rd. It seemed like the majority of the participants were English speakers.\u003C\u002Fp>\n\u003Cp>(As an aside, since all the receptionists were foreigners, they didn&#39;t understand Japanese, so at the request of the Alliance, our staff helped out at the reception desk before the seminar started. A little contribution to the Alliance?)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido_alliance_osaka_seminar_report_2_ef576328d7.jpeg\" alt=\"FIDO大阪セミナー受付\">\u003C\u002Fp>\n\u003Cp>At the seminar, some people spoke in English and others in Japanese. But simultaneous interpretation earphones were provided, which was a relief for non-English staff, as he is not very good at English.)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido_alliance_osaka_seminar_report_3_117bfee348.jpeg\" alt=\"FIDO大阪セミナー会場\">\u003C\u002Fp>\n\u003Cp>The seminar included an explanation of FIDO (Passkey) by a global key figure from the FIDO Alliance, a talk on its prospects, and several speakers from well-known companies.\u003C\u002Fp>\n\u003Cp>The seminar explaining FIDO (Passkey) was of course excellent, but I was personally more interested in the content of the seminars given by the company representatives, so I will write a little about that today.\u003C\u002Fp>\n\u003Cp>Each company mainly introduced cases where they introduced passkeys for authentication of their services.\u003C\u002Fp>\n\u003Cp>In addition to analyzing why they introduced Passkey and what its benefits are. The content included stories of their experiences, such as the difficulties they faced during implementation, requests for FIDO, and concrete figures on the number of implementations and effects. They shared valuable stories that we don&#39;t usually get to hear.\u003C\u002Fp>\n\u003Cp>How to get end users to switch from existing authentication to passkey is a difficult problem, and it was very interesting to hear the ideas of each company. I listened to the solutions to this issue, thinking that they could be useful for our development.\u003C\u002Fp>\n\u003Cp>What was eye-opening for me when listening to the case studies of each company was that the advantages of passkey were not only the improved security but also the emphasis on UX, such as improved authentication speed and success rate.\u003C\u002Fp>\n\u003Cp>Our company provides many BtoB services, and when explaining the benefits, we stand to focus on security strength, so I learned that we lack the perspective of BtoC.\u003C\u002Fp>\n\u003Cp>What particularly impressed me was that each company has introduced Passkey, and while they have some requests for improvements to FIDO specifications, they are convinced that FIDO is a great thing. Everyone, including the audience, also was encouraged to spread FIDO throughout Japan.\u003C\u002Fp>\n\u003Cp>In recent years, Passkey has been introduced one after another in the services of large companies, including the companies that were presenting this time, and I feel that awareness of Passkey is gradually increasing among general users. We at FIDO are convinced that FIDO technology is excellent, and as a member of the FIDO Alliance, we would like to work to further spread the benefits of FIDO.\u003C\u002Fp>\n\u003Cp>The materials used in this seminar will be made public at a later date, so I would like to review the contents again once they are released.\u003C\u002Fp>\n\u003Cp>It was a very meaningful seminar.\u003C\u002Fp>\n\u003Cp>We also offer services that use passkeys, such as \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">YubiOn FIDO Logon\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffido2-server\">YubiOn FIDO2 Server\u003C\u002Fa>, so please take a look if you are interested.\u003C\u002Fp>\n","fido-alliance-osaka-seminar-report","2024-05-21","2026-04-28T06:32:50.282Z","2026-04-28T06:32:53.063Z",{"id":819,"documentId":820,"name":821,"alternativeText":20,"caption":20,"focalPoint":20,"width":822,"height":823,"formats":824,"hash":856,"ext":512,"mime":516,"size":857,"url":858,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":859,"updatedAt":859,"publishedAt":860},507,"eutq70pwxn8rypk949du3654","blog-fido-alliance-osaka-seminar-report-1.jpeg",1688,2556,{"large":825,"small":833,"medium":841,"thumbnail":848},{"ext":512,"url":826,"etag":827,"hash":828,"mime":516,"name":829,"path":20,"size":830,"width":831,"height":32,"sizeInBytes":832},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_fido_alliance_osaka_seminar_report_1_84a5e7d622.jpeg","a2b2870752797e75d165d9cb4c846f33","large_blog_fido_alliance_osaka_seminar_report_1_84a5e7d622","large_blog-fido-alliance-osaka-seminar-report-1.jpeg",113.54,660,113535,{"ext":512,"url":834,"etag":835,"hash":836,"mime":516,"name":837,"path":20,"size":838,"width":839,"height":41,"sizeInBytes":840},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_fido_alliance_osaka_seminar_report_1_84a5e7d622.jpeg","23d52934a99a08d3a73c0f088c0a7b0b","small_blog_fido_alliance_osaka_seminar_report_1_84a5e7d622","small_blog-fido-alliance-osaka-seminar-report-1.jpeg",34.68,330,34679,{"ext":512,"url":842,"etag":843,"hash":844,"mime":516,"name":845,"path":20,"size":846,"width":315,"height":50,"sizeInBytes":847},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_fido_alliance_osaka_seminar_report_1_84a5e7d622.jpeg","408cdb74da3a108349e8cceebbe1fd2c","medium_blog_fido_alliance_osaka_seminar_report_1_84a5e7d622","medium_blog-fido-alliance-osaka-seminar-report-1.jpeg",69.9,69904,{"ext":512,"url":849,"etag":850,"hash":851,"mime":516,"name":852,"path":20,"size":853,"width":854,"height":59,"sizeInBytes":855},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_fido_alliance_osaka_seminar_report_1_84a5e7d622.jpeg","4d06896d486fd4dfd1d3c326151224ae","thumbnail_blog_fido_alliance_osaka_seminar_report_1_84a5e7d622","thumbnail_blog-fido-alliance-osaka-seminar-report-1.jpeg",4.74,103,4737,"blog_fido_alliance_osaka_seminar_report_1_84a5e7d622",479.21,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido_alliance_osaka_seminar_report_1_84a5e7d622.jpeg","2026-04-28T06:32:22.784Z","2026-04-28T06:32:22.785Z",[862,863,864],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":154,"documentId":155,"name":156,"slug":20,"createdAt":157,"updatedAt":157,"publishedAt":158},{"id":866,"documentId":867,"title":868,"content":869,"slug":870,"published":871,"createdAt":872,"updatedAt":872,"publishedAt":873,"locale":14,"authorManual":570,"cover":874,"tags":917},59,"yp83vd7me088gycuw3jzogbj","Log on to Windows machine Using Passkeys on iPhone","\u003Cp>Have you ever felt dissatisfied with logging in using a password? It&#39;s tedious to enter long and complex passwords every time. The more services you use, the more passwords you need to remember. And you may wish you didn&#39;t have a password anymore.\u003C\u002Fp>\n\u003Cp>If you use &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-1?lang=en\">passkeys\u003C\u002Fa>&quot;, a new authentication method that replaces passwords that various companies&#39; services have recently adopted, this dissatisfaction will disappear. Passkey support for Nintendo account and PlayStation Network was also a hot topic. When logging in, take out your smartphone and log in using biometric authentication (fingerprint\u002Fface)! It&#39;s easy and more secure than passwords, which is amazing.\u003C\u002Fp>\n\u003Cp>Passkeys are increasingly being implemented in Web services and applications but can also be used on PCs. When I log on to my Windows machine, I take out my iPhone and use facial recognition to log on. This time, I will introduce the logon of Windows machine using passkeys on iPhone.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Logon using passkeys on smartphone\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Seeing is believing, so please take a look at the actual passkey logon without going into detailed explanations.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Prerequisites for passkey logon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>An environment where you can connect to the Internet.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>PC:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Apply the latest updates for Windows 10 or 11.\u003C\u002Fli>\n\u003Cli>YubiOn FIDO Logon has been installed and the smartphone has been registered.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Smartphone:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>iOS \u002F iPadOS: version 16 or later\u003C\u002Fli>\n\u003Cli>Android: version 9\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>First, start your Windows machine.\u003C\u002Fp>\n\u003Cp>※ If you register your smartphone on your Windows machine with \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">YubiOn FIDO Logon\u003C\u002Fa> installed in advance, a QR code will be displayed at the top of the logon screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_log_on_windows_using_passkeys_on_iphone_1_8ae860f8db.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Scan the QR code above with your iPhone&#39;s camera and tap &quot;Sign in with passkey&quot;.\u003C\u002Fp>\n\u003Cp>Tap &quot;Continue&quot; and perform facial recognition.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_log_on_windows_using_passkeys_on_iphone_2_4d4e71e642.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If facial recognition is successful, loginn is complete.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_log_on_windows_using_passkeys_on_iphone_3_d18231c06f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You can easily log in with your smartphone without having to enter a password!\u003C\u002Fp>\n\u003Cp>Below is the actual logon operation.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_log_on_windows_using_passkeys_on_iphone_4_5098ae3f8f.gif\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Even though you feel that the passkey is the best, you may have a question here. Windows has a mechanism called Windows Hello as standard, and can we log in with PIN or biometric authentication?\u003C\u002Fp>\n\u003Cp>Let&#39;s talk a little bit about Windows Hello. Windows Hello&#39;s PIN (or biometric) is a \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002F2%E6%AE%B5%E9%9A%8E%E8%AA%8D%E8%A8%BC%E3%81%A82%E8%A6%81%E7%B4%A0%E8%AA%8D%E8%A8%BC%E3%81%A8%E5%A4%9A%E8%A6%81%E7%B4%A0%E8%AA%8D%E8%A8%BC-mfa-%E3%81%AE%E9%81%95%E3%81%84\">two-factor authentication\u003C\u002Fa>. One factor is the possession of a Windows PC and one factor is PIN (knowledge) or biometrics. Although this two-factor authentication has a high level of security, you should not be careless. If the PC itself is stolen, there is a risk that these two authentication factors will be taken at the same time. If you use an external authentication device such as a smartphone for logon, even if you forget your PC, you will not be able to log on without the authentication factor (possession + biometric). Using passkeys allows you to log on safely and reduces the risk of theft. I will introduce the differences between Windows Hello, Windows Hello for business, and YubiOn FIDO Logon somewhere else.\u003C\u002Fp>\n\u003Cp>Another advantage of using a passkey is that with passkey authentication on a smartphone, the authentication information is synchronized with your Google account or Apple ID, not on the device itself. So, even when changing from an old iPhone to a new iPhone, as long as you use the same Apple ID, you can still use passkey login on the new iPhone.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Try YubiOn FIDO Logon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>All features of YubiOn FIDO Logon can be used for free for 3 months. You can use it immediately if you have a smartphone, so feel free to try it out from the \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fen\u002F\">YubiOn FIDO Logon product page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Please see below for the simple steps from registering YubiOn FIDO Logon to logging on to your PC.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fguide\u002Fen\u002Fsetup\u002Fsimple_setup\u002F\">Simplified procedure - YubiOn FIDO Logon Guide\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Related blogs\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Flogon-using-passkey-on-smartphone-with-yubion-fido-logon?lang=en\">Logon Using Passkey on Smartphone with YubiOn FIDO Logon\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-1?lang=en\">What are Passkeys? (Part 1)\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-2?lang=en\">What are Passkeys? (Part 2)\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fenhanced-passwordless-pc-logon-with-fido-devices?lang=en\">Enhanced Passwordless PC Logon with FIDO Devices\u003C\u002Fa>\u003C\u002Fp>\n","log-on-windows-using-passkeys-on-iphone","2024-04-09","2026-04-28T06:42:30.087Z","2026-04-28T06:42:32.866Z",{"id":875,"documentId":876,"name":877,"alternativeText":20,"caption":20,"focalPoint":20,"width":878,"height":879,"formats":880,"hash":913,"ext":25,"mime":29,"size":914,"url":915,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":916,"updatedAt":916,"publishedAt":916},591,"akdy4uxrklspn3jeukaeljt2","blog-log-on-windows-using-passkeys-on-iphone-1.png",1844,1129,{"large":881,"small":889,"medium":897,"thumbnail":905},{"ext":25,"url":882,"etag":883,"hash":884,"mime":29,"name":885,"path":20,"size":886,"width":32,"height":887,"sizeInBytes":888},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_log_on_windows_using_passkeys_on_iphone_1_8ae860f8db.png","3bb04a8655afa47698ef4e2382beb1b6","large_blog_log_on_windows_using_passkeys_on_iphone_1_8ae860f8db","large_blog-log-on-windows-using-passkeys-on-iphone-1.png",729.45,612,729445,{"ext":25,"url":890,"etag":891,"hash":892,"mime":29,"name":893,"path":20,"size":894,"width":41,"height":895,"sizeInBytes":896},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_log_on_windows_using_passkeys_on_iphone_1_8ae860f8db.png","b6af8bf6476959dfc05a3d479d4b49ec","small_blog_log_on_windows_using_passkeys_on_iphone_1_8ae860f8db","small_blog-log-on-windows-using-passkeys-on-iphone-1.png",169.9,306,169903,{"ext":25,"url":898,"etag":899,"hash":900,"mime":29,"name":901,"path":20,"size":902,"width":50,"height":903,"sizeInBytes":904},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_log_on_windows_using_passkeys_on_iphone_1_8ae860f8db.png","3cb68bea8f35868a822707d6786a8e3e","medium_blog_log_on_windows_using_passkeys_on_iphone_1_8ae860f8db","medium_blog-log-on-windows-using-passkeys-on-iphone-1.png",390.95,459,390945,{"ext":25,"url":906,"etag":907,"hash":908,"mime":29,"name":909,"path":20,"size":910,"width":124,"height":911,"sizeInBytes":912},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_log_on_windows_using_passkeys_on_iphone_1_8ae860f8db.png","55512d5456a831d0b9f48396de4c7f62","thumbnail_blog_log_on_windows_using_passkeys_on_iphone_1_8ae860f8db","thumbnail_blog-log-on-windows-using-passkeys-on-iphone-1.png",47.1,150,47103,"blog_log_on_windows_using_passkeys_on_iphone_1_8ae860f8db",471.66,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_log_on_windows_using_passkeys_on_iphone_1_8ae860f8db.png","2026-04-28T06:41:54.950Z",[918,919,920],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":68,"documentId":69,"name":70,"slug":20,"createdAt":71,"updatedAt":71,"publishedAt":72},{"id":922,"documentId":923,"title":924,"content":925,"slug":926,"published":927,"createdAt":928,"updatedAt":928,"publishedAt":929,"locale":14,"authorManual":570,"cover":930,"tags":973},57,"abgppccwpbisnpu2whrfxlfl","Log in to Your PC Using Your Passkey or FIDO Security Key","\u003Cp>Many web services and applications are increasingly introducing &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-1?lang=en\">Passkeys\u003C\u002Fa>&quot; and &quot;FIDO security keys&quot; as new authentication methods to replace passwords. Recently, inquiries about this new authentication technology have increased rapidly, and requests to use passkey to log in to PCs have also increased. Our YubiOn FIDO Logon incorporates this new authentication technology and provides a fast and secure passkey login.\u003C\u002Fp>\n\u003Cp>This time, we will introduce YubiOn FIDO Logon and how to log in to a PC using a passkey. If you have a smartphone, you can try it for free, so please feel free to use it.\u003C\u002Fp>\n\u003Cp>※ The terms passkeys and FIDO are understood here as authentication technologies that replace passwords, and there is no problem here.\u003C\u002Fp>\n\u003Cp>※ YubiOn FIDO Logon is compatible with Windows, so logging in to the device will be referred to as logon.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>What is YubiOn FIDO Logon?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>YubiOn FIDO Logon is a solution that enhances PC logon with two-factor authentication using passkeys (FIDO). This is an endpoint security product that combines safety and convenience with improved user experience using passkeys, integrated management of users, PCs, and authentication information using a browser-based management console.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_login_to_pc_with_passkey_or_fido_key_1_f42cb55af4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>One thing not found in other companies&#39; products is that YubiOn FIDO Logon can \u003Cstrong>realize passkeys logon for PCs that are local accounts or joined Active Directory (including Entra ID) environments\u003C\u002Fstrong>. We respond to a wide range of needs, from small-scale installations for personal devices and specific devices containing confidential information to large-scale installations for organizations and companies.\u003C\u002Fp>\n\u003Cp>In addition, it has various functions other than the PC logon function, such as a screen lock function as a countermeasure when you are away from your desk, and a computer lockout function in the event of an incident, but this time we will mainly introduce the PC logon function.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Passwordless logon with passkeys\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>By using YubiOn FIDO Logon, you can log on using passkeys. It is no longer necessary to enter a password every time you log on to a PC, and you can log on using biometric authentication on your smartphone or verification on your security key (PIN or biometric).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Premise\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>An environment where you can connect to the Internet.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>PC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Windows 10, 11 (There is no problem as long as the latest updates are applied.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>If you are using a smartphone\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>For Android: Android 9 or later\u003C\u002Fli>\n\u003Cli>For iOS \u002F iPadOS: version 16 or later\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ Must be compatible with BLE (Bluetooth Low Energy).\u003C\u002Fp>\n\u003Cp>\u003Cstrong>If you are using a security key\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Please use a security key compatible with &quot;FIDO2&quot;.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>By installing the YubiOn FIDO Logon software and registering the passkeys and security key, the logon operation of the PC will change as shown below.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_login_to_pc_with_passkey_or_fido_key_2_22b56dd6b3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Traditional password logon is generally easy to understand and relatively easy for users to use. However, if users set passwords that are easy to guess or are short and uncomplicated, attackers can easily break through and take over accounts in many cases. Administrators of organizations and companies have focused on password management, such as changing passwords regularly and setting complexity requirements. But cyber-attacks are evolving day by day, and the use of passwords alone is reaching its limits.\u003C\u002Fp>\n\u003Cp>With the introduction of passkey, \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifference-between-2-step-verification-2-factor-authentication-and-multi-factor-authentication-mfa?lang=en\">two-factor authentication\u003C\u002Fa> based on possession of a smartphone or security key, user verification using \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifferences-between-password-and-pin?lang=en\">PIN\u003C\u002Fa> or biometric can be used to significantly enhance security compared to password-only logon. Users can easily log on by simply picking up their smartphone and performing face or fingerprint authentication without sacrificing usability. In the case of password authentication, the &quot;password&quot; itself is confidential information, and if that information is known, it may lead to unauthorized access or account takeover. Passkeys are authenticated by performing biometric authentication (face\u002Ffingerprint) on your smartphone, etc., and collating the data generated based on the authentication information on the YubiOn FIDO Logon side. Compared to password authentication, it is designed to prevent secret information from leaking, making it an extremely secure authentication method.\u003C\u002Fp>\n\u003Cp>※ Biometric information is used only during authentication with a smartphone and is not sent to the server side.\u003C\u002Fp>\n\u003Cp>Depending on the environment, there may be cases where you cannot use your smartphone, but in such cases, we recommend using a security key. Please try out passkey authentication which is expected to become the standard for authentication in the future.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Try YubiOn FIDO Logon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>All features of YubiOn FIDO Logon can be used for free for 3 months. You can use it immediately if you have a smartphone, so feel free to try it out from the \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fen\u002F\">YubiOn FIDO Logon product page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Please see below for the simple steps from registering YubiOn FIDO Logon to logging on to your PC.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fguide\u002Fen\u002Fsetup\u002Fsimple_setup\u002F\">Simplified procedure - YubiOn FIDO Logon Guide\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Others\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>How to buy a security key\u003C\u002Fstrong>\nYou can buy it from \u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">Amazon\u003C\u002Fa>.\n※ For bulk purchases or requests for quotations, please contact us from the contact page.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>For those who want to switch to the paid version\u003C\u002Fstrong>\nPaid licenses can be purchased using automatic payment (credit card). Please see \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fguide\u002Fen\u002Fpayment\u002Fabout_paid_license\u002F\">here\u003C\u002Fa> for the details.\u003C\u002Fp>\n\u003Cp>If you are a corporate customer wishing to deal directly with us, please complete the paid procedure using \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">the contact form\u003C\u002Fa>. When contacting us, please let us know that you would like to purchase a paid license for YubiOn FIDO Logon and the number of computers to be installed.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Related blogs\u003C\u002Fstrong>\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Flogon-using-passkey-on-smartphone-with-yubion-fido-logon?lang=en\">Logon Using Passkey on Smartphone with YubiOn FIDO Logon\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-1?lang=en\">What are Passkeys? (Part 1) (\u003C\u002Fa>\u003Ca href=\"http:\u002F\u002Fyubion.com\">yubion.com\u003C\u002Fa>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-1?lang=en\">)\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-2?lang=en\">What are Passkeys? (Part 2) (\u003C\u002Fa>\u003Ca href=\"http:\u002F\u002Fyubion.com\">yubion.com\u003C\u002Fa>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-2?lang=en\">)\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fenhanced-passwordless-pc-logon-with-fido-devices?lang=en\">Enhanced Passwordless PC Logon with FIDO Devices (\u003C\u002Fa>\u003Ca href=\"http:\u002F\u002Fyubion.com\">yubion.com\u003C\u002Fa>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fenhanced-passwordless-pc-logon-with-fido-devices?lang=en\">)\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","login-to-pc-with-passkey-or-fido-key","2024-03-26","2026-04-28T06:41:34.785Z","2026-04-28T06:41:37.534Z",{"id":931,"documentId":932,"name":933,"alternativeText":20,"caption":20,"focalPoint":20,"width":934,"height":935,"formats":936,"hash":969,"ext":25,"mime":29,"size":970,"url":971,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":972,"updatedAt":972,"publishedAt":972},589,"j1tbvtx8hvfi3wam6qdpqb4u","blog-login-to-pc-with-passkey-or-fido-key-1.png",3936,1741,{"large":937,"small":945,"medium":953,"thumbnail":961},{"ext":25,"url":938,"etag":939,"hash":940,"mime":29,"name":941,"path":20,"size":942,"width":32,"height":943,"sizeInBytes":944},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_login_to_pc_with_passkey_or_fido_key_1_f42cb55af4.png","7779a9a752d073c2820c3dc900868bd1","large_blog_login_to_pc_with_passkey_or_fido_key_1_f42cb55af4","large_blog-login-to-pc-with-passkey-or-fido-key-1.png",126.7,442,126702,{"ext":25,"url":946,"etag":947,"hash":948,"mime":29,"name":949,"path":20,"size":950,"width":41,"height":951,"sizeInBytes":952},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_login_to_pc_with_passkey_or_fido_key_1_f42cb55af4.png","be2a9ef4505790555e79a1bfd95ee9c1","small_blog_login_to_pc_with_passkey_or_fido_key_1_f42cb55af4","small_blog-login-to-pc-with-passkey-or-fido-key-1.png",47.92,221,47923,{"ext":25,"url":954,"etag":955,"hash":956,"mime":29,"name":957,"path":20,"size":958,"width":50,"height":959,"sizeInBytes":960},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_login_to_pc_with_passkey_or_fido_key_1_f42cb55af4.png","62b0ddb420eeecb94e4f1dddec2ed0aa","medium_blog_login_to_pc_with_passkey_or_fido_key_1_f42cb55af4","medium_blog-login-to-pc-with-passkey-or-fido-key-1.png",83.47,332,83467,{"ext":25,"url":962,"etag":963,"hash":964,"mime":29,"name":965,"path":20,"size":966,"width":124,"height":967,"sizeInBytes":968},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_login_to_pc_with_passkey_or_fido_key_1_f42cb55af4.png","61486122517712284a00545ec6649994","thumbnail_blog_login_to_pc_with_passkey_or_fido_key_1_f42cb55af4","thumbnail_blog-login-to-pc-with-passkey-or-fido-key-1.png",17.81,108,17805,"blog_login_to_pc_with_passkey_or_fido_key_1_f42cb55af4",204.04,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_login_to_pc_with_passkey_or_fido_key_1_f42cb55af4.png","2026-04-28T06:41:18.270Z",[974,975,976],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":68,"documentId":69,"name":70,"slug":20,"createdAt":71,"updatedAt":71,"publishedAt":72},{"id":978,"documentId":979,"title":980,"content":981,"slug":982,"published":983,"createdAt":984,"updatedAt":984,"publishedAt":985,"locale":14,"authorManual":570,"cover":986,"tags":1030},115,"dmi5vuahrm9h6npeurd0los5","What is a Security Key?","\u003Cp>In recent years, many Web services\u002Fapplications have increasingly introduced MFA (\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifference-between-2-step-verification-2-factor-authentication-and-multi-factor-authentication-mfa?lang=en\">multi-factor authentication\u003C\u002Fa>) to protect users from risks such as phishing attacks. In the future, MFA using smartphones and security keys may become the standard when logging in to the service. In this article, I will briefly introduce security keys, reasons, features, and how to use them. It is not a technical commentary article for those who want to know general information about security keys.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Table of Contents\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Ca href=\"#viewer-z84xb898\">What is a security key?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-cok6f10034\">Why use security keys?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-0wzcm11219\">Features of security keys\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-qi8mw24874\">Where can I use the security key?\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-tetrq30897\">Buy a security key\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-gj9kr49250\">How to use security keys\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-n0edv115449\">Initial setup of security key\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-5za4f72156\">Register a security key\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-xebcm353670\">Authentication with a security key\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-xc1bl250234\">FAQ\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>What is a security key?\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The security key is an external hardware device used for MFA (\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifference-between-2-step-verification-2-factor-authentication-and-multi-factor-authentication-mfa?lang=en\">multi-factor authentication\u003C\u002Fa>). Based on the new authentication technology &quot;FIDO (Fast Identity Online)&quot; (*1), which replaces the password. It is resistant to phishing and man-in-the-middle attacks and can prevent account hijacks.\u003C\u002Fp>\n\u003Cp>※ Since then, the security key introduced in this article has been compatible with \u003Cstrong>FIDO2 (new specification of FIDO)\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>(*1) There is no technical explanation here, but what is called &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffido\">FIDO \u002F FIDO2 \u002F WebAuthn\u003C\u002Fa> \u002F \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002F%E3%83%91%E3%82%B9%E3%82%AD%E3%83%BC%EF%BC%88passkeys%EF%BC%89%E3%81%A3%E3%81%A6%E3%81%AA%E3%82%93%E3%81%A0%E3%82%8D%E3%81%86%EF%BC%9F%EF%BC%88%E5%89%8D%E7%B7%A8%EF%BC%89\">Passkeys\u003C\u002Fa>&quot; can be understood as a &quot;new authentication technology instead of password&quot;.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Why use security keys?\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>In many Web services and applications, &quot;ID\u002Fpassword&quot; is commonly used in user authentication. However, as attack methods such as phishing evolve, the risk of IDs and passwords being illegally obtained is increasing. Under these circumstances, it is becoming difficult to ensure sufficient security using only traditional authentication methods. That is why MFA using security keys is attracting attention as a means to protect users from such attacks. By using a security key, you cannot log in unless you have a physical key. This mechanism is expected to reduce the possibility of unauthorized access by cybercriminals significantly.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Features of security keys\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Cstrong>Phishing resistance\u003C\u002Fstrong>\nTo briefly explain phishing, it is the act of &quot;Redirecting people to a fake site with a similar URL, forcing them to enter their authentication information, and stealing their account, information, money, etc.&quot;. When authenticating using a security key, a mechanism automatically checks the domain name (URL) and passes the authentication information (result) only to sites that match. Therefore, if you access a fake URL, your authentication information will not be handed over and a third party will not steal your information.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Convenience\u003C\u002Fstrong>\nAuthentication is completed by inserting the security key into the USB port and &quot;entering the \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifferences-between-password-and-pin?lang=en\">PIN code\u003C\u002Fa>&quot; or &quot;verifying the biometrics&quot; preset in the security key. Strong authentication is possible without compromising usability. (The details of the authentication method will be explained later in the section on how to use security keys.)\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Robustness\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>Where can I use the security key?\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Security keys can be used with any service that supports MFA for security keys. To check whether the service you are currently using supports MFA, please check the MFA compatibility page for each service. You can easily find it by searching for &quot;\u003Cname of service you are using> MFA&quot; in the search field of your browser.\u003C\u002Fp>\n\u003Cp>※ Please check whether it is listed as compatible with &quot;Security Key, FIDO2 or WebAuthn&quot;. Please note that MFA that can be used is not limited to the new authentication technologies &quot;FIDO2 and WebAuthn&quot; that we have introduced so far. Some MFAs also support SMS, one-time password, etc.\u003C\u002Fp>\n\u003Cp>If you want to use a security key to log on to a Windows device, we recommend our solution.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">YubiOn FIDO Logon product introduction page\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-strengthen-windows-log-on?lang=en\">Strengthen\u003C\u002Fa> \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-strengthen-windows-log-on?lang=en\">Windows logon authentication with F\u003C\u002Fa>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-strengthen-windows-log-on?lang=en\">IDO2 security keys\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>Buy a security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Our company, SoftGiken, is a security key distributor. Regarding the FIDO2 security keys that I have explained so far, I would like to introduce some of the some of the security keys that we handle.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_1_ea98ce6f1f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>During authentication, there are security keys that require you to enter a \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifferences-between-password-and-pin?lang=en\">PIN code\u003C\u002Fa> (no biometric verification) and security keys that require biometric verification. Please choose whether to use the PIN entry or biometric verification type depending on the usage situation. We have a variety of USB types, and we also sell models that support NFC and BLE. Please purchase from Amazon or contact us when purchasing in large quantities.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">Buy on Amazon\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>How to use security keys\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>You may be surprised for the first time when purchasing security keys, but many security key products do not come with detailed manuals, which can be confusing. Here I will explain everything from initial setup to starting use.\u003C\u002Fp>\n\u003Cp>The following environment is used for explanation.\u003C\u002Fp>\n\u003Cp>Device: Windows 11\n※ This does not mean that it will not work unless you are using Windows 11.\u003C\u002Fp>\n\u003Cp>Browser: Chrome\u003C\u002Fp>\n\u003Cp>※ You can use any other major browser such as Edge, Firefox, Safari, etc. as long as you use the latest version.\u003C\u002Fp>\n\u003Cp>Security key: Yubico&#39;s &quot;YubiKey 5 NFC&quot;\n※ Similar operations are possible with other FIDO2-compatible security keys.\u003C\u002Fp>\n\u003Cp>Here are the steps to get started using your security key:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Ca href=\"#viewer-n0edv115449\">Initial setup\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-5za4f72156\">Register for the service you want to use\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-xebcm353670\">Authenticate with the service you use\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch3>\u003Cstrong>Security key initial setup\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Before we get into setup, I will explain why initial setup is necessary. Authentication using a security key requires &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifferences-between-password-and-pin?lang=en\">PIN code\u003C\u002Fa> entry&quot; or &quot;biometric verification&quot; to confirm your identity. The PIN code and biometrics required for this operation must be set in advance.\u003C\u002Fp>\n\u003Cp>※ If you have not set it up, you will be prompted to set it up when using it.\u003C\u002Fp>\n\u003Cp>※ If you want to use biometric functions, you will need to buy a biometric-compatible security key.\u003C\u002Fp>\n\u003Cp>No PIN code or biometric information is set on the security key by default. Both security keys, &quot;PIN code entry type security key&quot; and &quot;biometric verification type security key&quot;, require a PIN code to be set first.\u003C\u002Fp>\n\u003Cp>Please refer to the blogs below to set the PIN code.\u003C\u002Fp>\n\u003Cp>※ If you are using a biometric verification type security key, please register your biometric information after setting the PIN code.\u003C\u002Fp>\n\u003Cp>For those who have a Windows machine:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for Windows (\u003C\u002Fa>\u003Ca href=\"http:\u002F\u002Fyubion.com\">yubion.com\u003C\u002Fa>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>For those using using macOS or Linux (GUI) machines:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting---fingerprint-setting-for-macos?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for macOS (\u003C\u002Fa>\u003Ca href=\"http:\u002F\u002Fyubion.com\">yubion.com\u003C\u002Fa>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting---fingerprint-setting-for-macos?lang=en\">)\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Register your security key\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>To use a security key with your service, you need to register the security key as part of your MFA settings. This time, I will use the demo site &quot;\u003Ca href=\"http:\u002F\u002Fwebauthn.io\">webauthn.io\u003C\u002Fa>&quot; to explain the registration process.\u003C\u002Fp>\n\u003Cp>※ When registering a security key for a service that you will use, please follow the settings instructions for each service. I think the registration and authentication process itself is the same as the demo site above.\u003C\u002Fp>\n\u003Cp>Access &quot;\u003Ca href=\"http:\u002F\u002Fwebauthn.io\">webauthn.io\u003C\u002Fa>&quot;, enter your username, and click the &quot;Register&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_2_b5a8e05c8e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If the screen below appears, click &quot;Use another device&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_3_cb2338b587.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked where to save the passkey, so select &quot;Security key&quot; and click &quot;Next&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_4_16b1d37899.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;OK&quot; on the Security key setup screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_5_f219840604.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;OK&quot; on the Continue setup screen.\u003C\u002Fp>\n\u003Cp>※ If you can use the function to remember your ID information in the security key, this pop-up will be displayed. (Whether or not it supports storing ID information depends on the service you are using.)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_6_1e3f253ee6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to insert the security key, so insert it into the USB port.\u003C\u002Fp>\n\u003Cp>※ This pop-up will not appear if it is already inserted into the USB port.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_7_72e27b0bb2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_8_c9c74a06c8.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>On the PIN entry screen, enter the PIN code set for the security key and click &quot;OK&quot;.\u003C\u002Fp>\n\u003Cp>※ You can also proceed to the next step by pressing Enter in the input field.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_9_e1adf99bf0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>※ For biometric verification type security keys, biometric verification is required instead of PIN input.\u003C\u002Fp>\n\u003Cp>You will be asked to touch the security key, so touch the flashing part.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_10_66fcdbb93b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_11_452e6e3675.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Security key registration is complete when the following pop-up appears.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_12_d0c6cb3e0c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Supplement:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>There is a time-out period for security key registration operations, and if the registration operation takes too long, registration may fail. In that case, please try again.\u003C\u002Fli>\n\u003Cli>To prevent you from being unable to access the service due to forgetting or losing your security key, we recommend that you register another security key as a backup. (Only if the service you are using allows you to register multiple security keys.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Authenticate with a security key\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Following registration, authenticate using the demo site &quot;\u003Ca href=\"http:\u002F\u002Fwebauthn.io\">webauthn.io\u003C\u002Fa>&quot; with the security key. With your username entered, click &quot;Authenticate&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_13_ddebb5441a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A pop-up will appear that says Sign in using a passkey, select &quot;Security key&quot; and then click &quot;Next&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_14_2c8376d8c0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to insert the security key, so insert it into the USB port.\u003C\u002Fp>\n\u003Cp>※ This pop-up will not appear if it is already inserted into the USB port.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_15_ac1d84caa4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_8_c9c74a06c8.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>On the PIN entry screen, enter the PIN code set for the security key and click &quot;OK&quot;.\u003C\u002Fp>\n\u003Cp>※ You can also proceed to the next step by pressing Enter in the input field.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_16_60c11f0a8f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>※ For biometric verification type security keys, biometric verification is required instead of PIN input.\u003C\u002Fp>\n\u003Cp>You will be asked to touch the security key, so touch the flashing part.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_17_c231d84659.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_11_452e6e3675.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If authentication is successful, login is complete.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_18_ad37e584c1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Supplement:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>There is a time-out period for security key authentication operations, and if the authentication operation takes too long, authentication may fail. In that case, please try again.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>If you fail to enter your PIN 8 times in a row, the security key will become blocked (does to accept PIN entry) and will become unusable unless you reset it. Also, when you reset, your authentication information will be cleared and you will need to re-register with the services you are using.\u003C\u002Fp>\n\u003Cp>For details, please refer to &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en#viewer-4vltt\">How to reset the security key\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>FAQ\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Q1:\u003C\u002Fp>\n\u003Cp>What characters and length can be set for the PIN code?\u003C\u002Fp>\n\u003Cp>A1:\u003C\u002Fp>\n\u003Cp>The characters and length that can be set for the PIN code are as follows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Available characters: Unicode characters including half-width alphanumeric characters.\u003C\u002Fli>\n\u003Cli>PIN length: Can be set from 4 to 63.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Q2:\u003C\u002Fp>\n\u003Cp>Can I change my PIN?\u003C\u002Fp>\n\u003Cp>A2:\u003C\u002Fp>\n\u003Cp>Yes, the blog below will be helpful.\u003C\u002Fp>\n\u003Cp>For those who have a Windows machine:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for Windows (\u003C\u002Fa>\u003Ca href=\"http:\u002F\u002Fyubion.com\">yubion.com\u003C\u002Fa>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>For those using using macOS or Linux (GUI) machines:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting---fingerprint-setting-for-macos?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for macOS (\u003C\u002Fa>\u003Ca href=\"http:\u002F\u002Fyubion.com\">yubion.com\u003C\u002Fa>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting---fingerprint-setting-for-macos?lang=en\">)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Q3:\u003C\u002Fp>\n\u003Cp>My PIN code has been blocked. What should I do?\u003C\u002Fp>\n\u003Cp>A3:\u003C\u002Fp>\n\u003Cp>If you fail to enter your PIN 8 times in a row, the security key will become blocked (does to accept PIN entry) and will become unusable unless you reset it. Also, when you reset, your authentication information will be cleared and you will need to re-register with the services you are using. For details, please refer to &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en#viewer-4vltt\">How to reset the security key\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003Cp>Q4:\u003C\u002Fp>\n\u003Cp>I lost my security key. What should I do?\u003C\u002Fp>\n\u003Cp>A4:\u003C\u002Fp>\n\u003Cp>Please visit the support page of the service you are using to find out how to recover your account if you lose your security key.\u003C\u002Fp>\n\u003Cp>※ If you are using it in an organization, please perform account recovery according to the rules within your organization. If there are no rules, please contact the person in charge of your organization.\u003C\u002Fp>\n","what-is-a-security-key","2023-12-19","2026-04-28T07:27:10.161Z","2026-04-28T07:27:13.422Z",{"id":987,"documentId":988,"name":989,"alternativeText":20,"caption":20,"focalPoint":20,"width":990,"height":991,"formats":992,"hash":1025,"ext":25,"mime":29,"size":1026,"url":1027,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1028,"updatedAt":1028,"publishedAt":1029},990,"nfm4zo44rnfpy6puo8nc7jqr","blog-what-is-a-security-key-1.png",2204,2011,{"large":993,"small":1001,"medium":1009,"thumbnail":1017},{"ext":25,"url":994,"etag":995,"hash":996,"mime":29,"name":997,"path":20,"size":998,"width":32,"height":999,"sizeInBytes":1000},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_what_is_a_security_key_1_ea98ce6f1f.png","3441cbd05cbb8d18c2e475429d23c3a7","large_blog_what_is_a_security_key_1_ea98ce6f1f","large_blog-what-is-a-security-key-1.png",353.79,912,353794,{"ext":25,"url":1002,"etag":1003,"hash":1004,"mime":29,"name":1005,"path":20,"size":1006,"width":41,"height":1007,"sizeInBytes":1008},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_what_is_a_security_key_1_ea98ce6f1f.png","4d64c3a241913f59090726365bdd72c6","small_blog_what_is_a_security_key_1_ea98ce6f1f","small_blog-what-is-a-security-key-1.png",125.45,456,125450,{"ext":25,"url":1010,"etag":1011,"hash":1012,"mime":29,"name":1013,"path":20,"size":1014,"width":50,"height":1015,"sizeInBytes":1016},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_what_is_a_security_key_1_ea98ce6f1f.png","4c332d95181aa357aa895e71f6aa5c88","medium_blog_what_is_a_security_key_1_ea98ce6f1f","medium_blog-what-is-a-security-key-1.png",224.45,684,224452,{"ext":25,"url":1018,"etag":1019,"hash":1020,"mime":29,"name":1021,"path":20,"size":1022,"width":1023,"height":59,"sizeInBytes":1024},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_what_is_a_security_key_1_ea98ce6f1f.png","77146d0143adcf728c6a145eda8482d1","thumbnail_blog_what_is_a_security_key_1_ea98ce6f1f","thumbnail_blog-what-is-a-security-key-1.png",30.68,171,30678,"blog_what_is_a_security_key_1_ea98ce6f1f",260.69,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_is_a_security_key_1_ea98ce6f1f.png","2026-04-28T07:25:45.406Z","2026-04-28T07:25:45.407Z",[1031,1032],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":550,"documentId":551,"name":552,"slug":20,"createdAt":553,"updatedAt":553,"publishedAt":554},{"id":1034,"documentId":1035,"title":1036,"content":1037,"slug":1038,"published":1039,"createdAt":1040,"updatedAt":1040,"publishedAt":1041,"locale":14,"authorManual":570,"cover":1042,"tags":1086},61,"ej6cs5ffbkt8trlwn33um1go","Logon Using Passkey on Smartphone with YubiOn FIDO Logon","\u003Cp>The previous day, a new version of YubiOn FIDO Logon was released. YubiOn FIDO Logon has also undergone various updates since its release in May 2021, but this is the first major update.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Surprisingly, you can now log on to Windows using your smartphone!\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Until now, all of YubiOn&#39;s logon products required some security key device (YubiKey \u002F FIDO security key), but now we have finally created a YubiOn product that can be used without a security key. Our company also works as a security key sales agent, so this may not be a good idea for promoting sales. However, we believe that we have created a product that is easy to recommend to everyone. A product that is easier to introduce enhances PC logon and allows more people to use it.\u003C\u002Fp>\n\u003Ch3>■ Try logon using the passkey on a smartphone\u003C\u002Fh3>\n\u003Cp>First, let&#39;s see how it works. I will check the actual operation after registering YubiOn FIDO Logon, installing the client application on the PC, and setting the registration code.\u003C\u002Fp>\n\u003Cp>As a prerequisite, your PC must be connected to the Internet and your PC and smartphone must be compatible with BLE (Bluetooth Low Energy). Additionally, the smartphone OS version must be Android 9 or later for Android, and version 16 or later for iOS \u002F iPadOS.\u003C\u002Fp>\n\u003Cp>Launch the Setting tool and open &quot;Authentication settings&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_1_ca1316128b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This Authentication settings screen previously had buttons for &quot;Register&quot; and &quot;Delete&quot;, but the &quot;Register&quot; button has been divided into the &quot;Register smartphone&quot; and &quot;Register security key&quot; buttons. Click the &quot;Register smartphone&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_2_357bb81809.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After communicating with the server for a while, a QR code will be displayed on the screen. By reading this QR code, you can use your smartphone as an &quot;authenticator&quot; similar to a security key. Here, let&#39;s read the QR code using an Android device.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_3_4ac346b705.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When you read the QR code with a QR code reading app, a screen like this will be displayed on your smartphone, so tap &quot;Allow&quot; to proceed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_4_aec6de61bc.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The registration confirmation screen will appear on your smartphone, so tap &quot;Continue&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_5_e632eadfde.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>My smartphone supports fingerprint authentication, so I am asked for fingerprint authentication. Touch the fingerprint sensor the same way you normally unlock your smartphone. (I can&#39;t take a screen capture of this screen, but the screen will be like this photo.)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_6_55d220c1da.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After communicating with the server for a while, registration is complete. Now you are ready for authentication.\u003C\u002Fp>\n\u003Cp>Next, let&#39;s try logging on and unlocking.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_7_e5793ee648.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This time we will try it briefly, so let&#39;s try locking the screen instead of logging out.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_8_d477e9cd05.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When you open the lock screen, a message will appear saying that a notification will be sent to the smartphone you registered earlier. The behavior here will change depending on the registered device. For Apple devices (iOS \u002F iPadOS), a QR code will be displayed on the screen just like when registering. Android devices support &quot;Hybrid authentication by notification&quot;, so notifications will be sent like this. I will explain the differences in this area later, but let&#39;s proceed with authentication for now.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_9_f87dc6ef38.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When you click &quot;Start authentication&quot;, a notification will be sent to your smartphone. Open the notification.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_10_1f7b69aa7b.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to verify on your smartphone. Just like when registering, touch the fingerprint sensor to proceed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_11_ba06e021a7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you proceed to this point, authentication will be completed and you will be asked to enter your Windows password. This part is the same as when using a security key, once you enter the password, you will not be asked for the password next time.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_12_642cfac5cd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The screen lock was successfully released and the desktop was displayed.\u003C\u002Fp>\n\u003Ch3>■ Don&#39;t need the security key anymore?\u003C\u002Fh3>\n\u003Cp>Some people may think that if a smartphone can replace a security key, there is no need for a security key anymore. However, in actual use, I think it is best to use security keys and smartphones differently depending on the purpose. For example, the following usages can be considered:\u003C\u002Fp>\n\u003Cp>・Scenes where high security is required:\u003C\u002Fp>\n\u003Cp>In situations where high security is required, such as data centers, it may not be possible to bring in communication devices such as smartphones. In such cases, it is possible to use a security key inside the data center and a smartphone outside the data center.\u003C\u002Fp>\n\u003Cp>・Scenes where you want to physically manage authentication information:\u003C\u002Fp>\n\u003Cp>This is a similar story to the high-security section. One possible use would be to permit to use of the PC by physically handing over the security key. Normally, the administrator keeps the security key and permits to use the PC by handing over the key when necessary.\u003C\u002Fp>\n\u003Cp>・Scenes without internet connection:\u003C\u002Fp>\n\u003Cp>I will explain the details in the &quot;Technical issue ①&quot; section below, but this time, smartphone support uses a mechanism called Hybrid authentication. Due to the Hybrid authentication mechanism, an internet connection is required. You can easily log on with your smartphone in cases where you normally have a network connection, and use a security key to log on in cases where you cannot connect to the network.\u003C\u002Fp>\n\u003Cp>In addition, although the technical aspects will be explained later if you register a smartphone as an authenticator, the authentication information will be synchronized with your Google account or Apple ID as a synced passkey(*1) rather than with the device itself. Although not directly related to YubiOn FIDO Logon, we also recommend using FIDO security keys to protect those OS accounts. Of course, the security key can also be shared with YubiOn FIDO Logon, so you can use the security key like a master key, usually authenticating with your smartphone, and then authenticating with the security key in case of trouble.\u003C\u002Fp>\n\u003Cp>I can say that I have a position as an employee of a security key sales agency, but as an engineer myself, I also recommend FIDO security keys, so I hope you will consider them.\u003C\u002Fp>\n\u003Cp>(*1) Only when registering an Android device from the WEB management console, it may be treated as device-bound passkeys depending on the settings. Please check \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fguide\u002Fen\u002Fsettings_manual\u002Fsupplement\u002Ffido2_advanced_options\u002F\">this\u003C\u002Fa> out for details.\u003C\u002Fp>\n\u003Ch3>■ Technical Talk ① - Hybrid Authentication\u003C\u002Fh3>\n\u003Cp>In technical terms, this update is an update that &quot;supports Hybrid authentication&quot;. I explained Hybrid authentication \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-1?lang=en\">as an aside\u003C\u002Fa> when I explained passkey previously, but to put it simply, it is a mechanism(*2) for using a smartphone as an external authenticator. It was previously called &quot;caBLE (cloud-assisted BLE)&quot; and was primarily implemented in Android and Chrome browsers. Apple is implementing it at the same time as passkey support.\u003C\u002Fp>\n\u003Cp>There are two main ways to use Hybrid authentication, which differ in how communication is started between a PC and a smartphone:\u003C\u002Fp>\n\u003Cp>① Scan the QR and connect:\u003C\u002Fp>\n\u003Cp>Display the QR code on the PC screen, and scan the QR on the smartphone side to connect. After scanning the QR code, it uses BLE to confirm that the PC and smartphone are nearby and then authenticates by exchanging authentication information via the Internet.\u003C\u002Fp>\n\u003Cp>② Connect using notification:\u003C\u002Fp>\n\u003Cp>At the moment, it is only implemented on Android, but once you have connected using the QR code in ①, you can send an authentication request notification from your PC to your smartphone via the Internet. By using this, you can perform authentication more easily by going through the notification → authentication on the smartphone side, without having to scan the QR code every time. Of course, BLE communication is also used now, so authentication cannot be performed if the PC and smartphone are far apart.\u003C\u002Fp>\n\u003Cp>In both cases, the main flow is as follows:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Hybrid authentication starts by scanning a QR code or notification (via the Internet).\u003C\u002Fli>\n\u003Cli>Confirm that the PC and smartphone are nearby using BLE.\u003C\u002Fli>\n\u003Cli>Authentication is exchanged using CTAP2 (FIDO device communication protocol) via the Internet.\u003C\u002Fli>\n\u003Cli>Authentication completed.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>In addition, as the old name &quot;caBLE&quot; says, &quot;cloud-assisted&quot;, Hybrid authentication communicates via the cloud, so an Internet connection is required. After confirming the presence of a smartphone near the PC using BLE, the actual exchange of authentication information (CTAP2) is encrypted over the Internet. The information required for encryption and decryption is exchanged using QR code and BLE, so data can be exchanged safely even over the Internet.\u003C\u002Fp>\n\u003Cp>(*2) Basically, there are many ways to use a smartphone from a PC as an external authenticator, but the latest Chrome browser on Android has also been implemented to display a QR code on the smartphone and use another smartphone as an external authenticator.\u003C\u002Fp>\n\u003Ch3>■ Technical Talk ② - synced passkeys\u003C\u002Fh3>\n\u003Cp>The website claims that this update &quot;supports passkey&quot;, but as \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-2?lang=en\">I mentioned before\u003C\u002Fa>, the word passkey is a little ambiguous. To describe precisely how we have &quot;supported passkeys&quot; this time, I think we can say that we have &quot;supported synced passkeys on Apple and Android through Hybrid authentication&quot;.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-2?lang=en\">I have previously introduced\u003C\u002Fa> synced passkeys (formerly known as Multi-device FIDO Credentials, MDC), and as I briefly touched on above, it is a mechanism for synchronizing (sharing) authentication information with your smartphone OS account. I tried registering and logging in to my Android device earlier, but the credentials I registered here are automatically synchronized with my Google account and can be used on other Android smartphones and tablets using the same Google account. Apple devices also sync with Apple ID. This mechanism eliminates the need to register authentication information again even if you buy a new smartphone.\u003C\u002Fp>\n\u003Ch3>■ Summary\u003C\u002Fh3>\n\u003Cp>This time, I explained about logging on using a smartphone, which was added in the YubiOn FIDO Logon update. I think security products are evolving positively, becoming more convenient while still maintaining a high level of security.\u003C\u002Fp>\n\u003Cp>You can try the free version for 3 months with the same functions as the paid person, so please try it!\u003C\u002Fp>\n\u003Ch3>■ Related links\u003C\u002Fh3>\n\u003Cp>[YubiOn FIDO Logon]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffl.yubion.com\">https:\u002F\u002Ffl.yubion.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[YubiOn FIDO Logon Overview Page]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">https:\u002F\u002Fwww.yubion.com\u002Ffidologon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[Special page for YubiOn FIDO Logon passkey support]\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon-passkeys\">https:\u002F\u002Fwww.yubion.com\u002Ffidologon-passkeys\u003C\u002Fa>\u003C\u002Fp>\n","yubion-logon-windows-with-smartphone-passkey","2023-09-07","2026-04-28T06:43:44.304Z","2026-04-28T06:43:47.324Z",{"id":1043,"documentId":1044,"name":1045,"alternativeText":20,"caption":20,"focalPoint":20,"width":1046,"height":1047,"formats":1048,"hash":1081,"ext":25,"mime":29,"size":1082,"url":1083,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1084,"updatedAt":1084,"publishedAt":1085},595,"akyea0jfda570n7i0ek6fu4c","blog-yubion-logon-windows-with-smartphone-passkey-1.png",1180,708,{"large":1049,"small":1057,"medium":1065,"thumbnail":1073},{"ext":25,"url":1050,"etag":1051,"hash":1052,"mime":29,"name":1053,"path":20,"size":1054,"width":32,"height":1055,"sizeInBytes":1056},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_yubion_logon_windows_with_smartphone_passkey_1_ca1316128b.png","3097244766c3006a908034aa09fd8dc5","large_blog_yubion_logon_windows_with_smartphone_passkey_1_ca1316128b","large_blog-yubion-logon-windows-with-smartphone-passkey-1.png",89.46,600,89456,{"ext":25,"url":1058,"etag":1059,"hash":1060,"mime":29,"name":1061,"path":20,"size":1062,"width":41,"height":1063,"sizeInBytes":1064},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubion_logon_windows_with_smartphone_passkey_1_ca1316128b.png","ec7e8ee8a285f30259dc7aa5785701a4","small_blog_yubion_logon_windows_with_smartphone_passkey_1_ca1316128b","small_blog-yubion-logon-windows-with-smartphone-passkey-1.png",35.5,300,35500,{"ext":25,"url":1066,"etag":1067,"hash":1068,"mime":29,"name":1069,"path":20,"size":1070,"width":50,"height":1071,"sizeInBytes":1072},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_yubion_logon_windows_with_smartphone_passkey_1_ca1316128b.png","7fe54edff0818dbc5b5d71a000675872","medium_blog_yubion_logon_windows_with_smartphone_passkey_1_ca1316128b","medium_blog-yubion-logon-windows-with-smartphone-passkey-1.png",60.6,450,60600,{"ext":25,"url":1074,"etag":1075,"hash":1076,"mime":29,"name":1077,"path":20,"size":1078,"width":124,"height":1079,"sizeInBytes":1080},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubion_logon_windows_with_smartphone_passkey_1_ca1316128b.png","74ce2b3b4a4944fe0a55a53e4a7671f5","thumbnail_blog_yubion_logon_windows_with_smartphone_passkey_1_ca1316128b","thumbnail_blog-yubion-logon-windows-with-smartphone-passkey-1.png",13.69,147,13693,"blog_yubion_logon_windows_with_smartphone_passkey_1_ca1316128b",18.37,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_logon_windows_with_smartphone_passkey_1_ca1316128b.png","2026-04-28T06:42:49.242Z","2026-04-28T06:42:49.243Z",[1087,1088],{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":1089,"documentId":1090,"name":1091,"slug":20,"createdAt":1092,"updatedAt":1092,"publishedAt":1093},32,"zt1ovwdzoamj0fceo15vzarp","YubiOnFIDOLogon","2026-04-28T05:17:14.006Z","2026-04-28T05:17:15.861Z",{"id":1095,"documentId":1096,"title":1097,"content":1098,"slug":1099,"published":1100,"createdAt":1101,"updatedAt":1101,"publishedAt":1102,"locale":14,"authorManual":570,"cover":1103,"tags":1143},81,"vp0i1rl4q8o04cnn5irnu0zo","Swissbit iShield Key First Impressions","\u003Cp>We have decided to sell Swissbit&#39;s \u003Ca href=\"https:\u002F\u002Fwww.swissbit.com\u002Fen\u002Fproducts\u002Fsecurity-products\u002Fishield-key\u002F\">iShield Key\u003C\u002Fa>, so this time we would like to introduce the FIDO2 version and Pro version.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.swissbit.com\u002Fen\u002Fcompany\u002Fabout-us\u002F\">Swissbit\u003C\u002Fa> manufactures storage, security, and embedded IoT solutions, headquartered near Zurich, Switzerland, with only one production site in Berlin, Germany. The products manufactured there are of high quality, high reliability, and strong robustness.\u003C\u002Fp>\n\u003Cp>Let&#39;s take a quick look.\u003C\u002Fp>\n\u003Cp>First, here&#39;s what it looks like.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>●iShield Key FIDO2\u003C\u002Fstrong>\u003C\u002Ftd>\n\u003Ctd>\u003Cstrong>​●iShield Key Pro\u003C\u002Fstrong>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003C\u002Ftd>\n\u003Ctd>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>\u003C\u002Ftd>\n\u003Ctd>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>It is thicker than Yubico&#39;s Security Key.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_swissbit_ishield_key_first_impressions_1_fb8057fb7b.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Also, when authenticating, touch the gold part in front.\u003C\u002Fp>\n\u003Cp>Since the direction of pressure is the same as the direction of insertion into the USB port, the load on the USB port seems to be small.\u003C\u002Fp>\n\u003Cp>By the way, each key is engraved with a QR code(*), and when read, the serial number is output, so it can be used for managing devices.\u003C\u002Fp>\n\u003Cp>(*) For iShield Key FIDO2, the serial number and the URL to the Swissbit website are described in the QR code on the key. For iShield Key Pro, the URL to the Swissbit website is written in the QR code on the front, and the serial number is written in another QR code on the back of the key.\u003C\u002Fp>\n\u003Cp>And in terms of functionality, iShield Key FIDO2, as its name suggests, only supports FIDO2, and Pro seems to support HOTP and PIV in addition to FIDO2.\u003C\u002Fp>\n\u003Cp>This time, I would like to verify that FIDO2 authentication can be performed using these keys.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>◯ iShield Key FIDO2\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Now, let&#39;s use iShield Key FIDO2.\u003C\u002Fp>\n\u003Cp>First, \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">set the PIN\u003C\u002Fa> as the initial setting.\u003C\u002Fp>\n\u003Cp>After initial setup, register iShield Key FIDO2 to YubiOn FIDO Logon and try to log on.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_swissbit_ishield_key_first_impressions_2_db2459fb37.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After successful registration, &quot;iShield Key FIDO2&quot; appeared on the list.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_swissbit_ishield_key_first_impressions_3_e075a24e43.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Logon to Windows with FIDO2 authentication was also successful without any problems.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>◯ iShield Key Pro\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>Next, I will try it with iShield Key Pro.\u003C\u002Fp>\n\u003Cp>Logon using YubiOn FIDO Logon should be the same as iShield Key FIDO2.\u003C\u002Fp>\n\u003Cp>After \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">setting the PIN\u003C\u002Fa>, register to YubiOn FIDO Logon.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_swissbit_ishield_key_first_impressions_4_fcd2bfc38d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This time, it was registered as &quot;iShield Key Pro&quot;.\u003C\u002Fp>\n\u003Cp>Try to log on as well.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_swissbit_ishield_key_first_impressions_5_af7ddf153e.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>iShield Key Pro was also able to perform FIDO2 authentication without any problems.\u003C\u002Fp>\n\u003Cp>By the way, during authentication for both FIDO2 and Pro versions, it lights up in red while waiting for the key to be touched, and in green when the authentication is successful and logged on.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003C\u002Ftd>\n\u003Ctd>\u003C\u002Ftd>\n\u003Ctd>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>We have confirmed that FIDO2 authentication can be performed without problems using iShield Key FIDO2 and Pro.\u003C\u002Fp>\n\u003Cp>This time, only FIDO2 authentication was performed, but Pro has a HOTP function and PIV function, and it seems that it can be managed using a dedicated command line tool. I would like to try it again if I have the chance.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_swissbit_ishield_key_first_impressions_6_be8d1dadb3.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In addition to the Swissbit iShield Key introduced this time, we also handle the iShield HSM, a hardware security module that can be retrofitted.\u003C\u002Fp>\n\u003Cp>If you are considering purchasing these keys, please contact us using the form.\u003C\u002Fp>\n\u003Cp>And our Swissbit keys are guaranteed for 2 years.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contact\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Thank you for reading until the end.\u003C\u002Fp>\n","swissbit-ishield-key-first-impressions","2023-07-11","2026-04-28T07:00:38.412Z","2026-04-28T07:00:41.235Z",{"id":1104,"documentId":1105,"name":1106,"alternativeText":20,"caption":20,"focalPoint":20,"width":1107,"height":1108,"formats":1109,"hash":1139,"ext":512,"mime":516,"size":1140,"url":1141,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1142,"updatedAt":1142,"publishedAt":1142},758,"s5kr2ylzj6qk8d1dt0hxl9b8","blog-swissbit-ishield-key-first-impressions-1.jpeg",3750,2500,{"large":1110,"small":1117,"medium":1125,"thumbnail":1132},{"ext":512,"url":1111,"etag":1112,"hash":1113,"mime":516,"name":1114,"path":20,"size":1115,"width":32,"height":33,"sizeInBytes":1116},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_swissbit_ishield_key_first_impressions_1_fb8057fb7b.jpeg","af519603edb71822b70fc162898fb1f3","large_blog_swissbit_ishield_key_first_impressions_1_fb8057fb7b","large_blog-swissbit-ishield-key-first-impressions-1.jpeg",29.84,29841,{"ext":512,"url":1118,"etag":1119,"hash":1120,"mime":516,"name":1121,"path":20,"size":1122,"width":41,"height":1123,"sizeInBytes":1124},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_swissbit_ishield_key_first_impressions_1_fb8057fb7b.jpeg","ee39ee95666695de468bb37978620317","small_blog_swissbit_ishield_key_first_impressions_1_fb8057fb7b","small_blog-swissbit-ishield-key-first-impressions-1.jpeg",10.22,334,10219,{"ext":512,"url":1126,"etag":1127,"hash":1128,"mime":516,"name":1129,"path":20,"size":1130,"width":50,"height":41,"sizeInBytes":1131},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_swissbit_ishield_key_first_impressions_1_fb8057fb7b.jpeg","5c90d63745273063f563fcd538ca3879","medium_blog_swissbit_ishield_key_first_impressions_1_fb8057fb7b","medium_blog-swissbit-ishield-key-first-impressions-1.jpeg",18.63,18628,{"ext":512,"url":1133,"etag":1134,"hash":1135,"mime":516,"name":1136,"path":20,"size":1137,"width":58,"height":59,"sizeInBytes":1138},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_swissbit_ishield_key_first_impressions_1_fb8057fb7b.jpeg","b3be5e72a4a5cac63c998a3a7bc53737","thumbnail_blog_swissbit_ishield_key_first_impressions_1_fb8057fb7b","thumbnail_blog-swissbit-ishield-key-first-impressions-1.jpeg",3.67,3670,"blog_swissbit_ishield_key_first_impressions_1_fb8057fb7b",251.38,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_swissbit_ishield_key_first_impressions_1_fb8057fb7b.jpeg","2026-04-28T07:00:02.950Z",[1144,1145,1146,1152],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":154,"documentId":155,"name":156,"slug":20,"createdAt":157,"updatedAt":157,"publishedAt":158},{"id":1147,"documentId":1148,"name":1149,"slug":20,"createdAt":1150,"updatedAt":1150,"publishedAt":1151},46,"nl04aj3noxcv0w9hq5ncf4ct","Swissbit","2026-04-28T05:23:04.751Z","2026-04-28T05:23:06.564Z",{"id":1153,"documentId":1154,"name":1155,"slug":20,"createdAt":1156,"updatedAt":1156,"publishedAt":1157},50,"ofxivhsmrzx4jx074bxu5i7l","iShield Key","2026-04-28T05:23:57.017Z","2026-04-28T05:23:58.874Z",{"id":1159,"documentId":1160,"title":1161,"content":1162,"slug":1163,"published":1164,"createdAt":1165,"updatedAt":1165,"publishedAt":1166,"locale":14,"authorManual":570,"cover":1167,"tags":1208},55,"eo1j952t1xygbmby4oabhgyz","Let's Take a Look at the Windows 11 Insider Preview Passkey Features","\u003Cp>Updated: Jun 27, 2024\u003C\u002Fp>\n\u003Cp>On June 22, 2023, Microsoft released the implementation of the passkey function in the Insider Preview (Dev channel) of Windows 11.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fblogs.windows.com\u002Fwindows-insider\u002F2023\u002F06\u002F22\u002Fannouncing-windows-11-insider-preview-build-23486\u002F\">Announcing Windows 11 Insider Preview Build 23486 | Windows Insider Blog\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This time, let&#39;s see how the passkey function was implemented on Windows. Please understand that it may be difficult to understand because it includes a little technical content.\u003C\u002Fp>\n\u003Cp>I will omit how to install the Insider Preview version of Windows 11. Insider Preview has multiple channels (Dev, Beta, etc.), but this time the passkey function is added to the Dev channel.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_windows_11_insider_preview_passkey_features_1_beb3455039.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Since this is an experimental build, I recommend using an environment where there is no problem even if it breaks, and do not install it on the PC you usually use.\u003C\u002Fp>\n\u003Cp>In addition, in my environment, the passkey-related implementation was not found immediately after the change to the Dev channel. I was going through trial and error, thinking that there might be a reason such as the hardware conditions not being met. After a few days without any clues, I rebooted the machine for other works and it popped up. I recommend that you wait patiently.\u003C\u002Fp>\n\u003Cp>From here, I will proceed with the experiment while quoting the information from the Windows Insider Blog presented at the beginning. For the experiment, I will use \u003Ca href=\"http:\u002F\u002FWebAuthn.io\">&quot;WebAuthn.io&quot;\u003C\u002Fa> that I have used before.\u003C\u002Fp>\n\u003Cp>&quot;WebAuthn.io&quot;\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwebauthn.io\u002F\">https:\u002F\u002Fwebauthn.io\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Let&#39;s read the Windows Insider Blog.\u003C\u002Fp>\n\u003Ch2>■ Registration and use of passkey\u003C\u002Fh2>\n\u003Cblockquote>\n\u003Cp>Enroll and use passkey to sign into apps and websites\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>It was written as you can now do new things, but in fact, this itself was available in the current Windows 11 and even Windows 10. As I wrote in my previous blog (\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-1?lang=en\">What are Passkeys? (Part 1)\u003C\u002Fa>), the word &quot;passkey&quot; in a broad sense refers to the existing technology &quot;WebAuthn&quot;, which itself has been implemented in previous versions of Windows. Once again, it seems that they are saying this with the implication that &quot;We also support passkeys.&quot;.\u003C\u002Fp>\n\u003Cp>However, in this blog, there is also a description of the past that has not been implemented in Windows until now. That is the point below.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Sign in using passkeys saved on your phone\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This is the &quot;Hybrid authentication&quot; introduced in the previous blog. As I mentioned in the previous blog post, this was already implemented in Google Chrome, and it was also implemented in Edge, which uses Chrome&#39;s browser engine (Chromium). However, the new thing is that this part was implemented in the OS instead of the browser this time.\u003C\u002Fp>\n\u003Cp>I think some people may have a hard time understanding what it means to have a passkey implemented in the OS. Windows has a mechanism called &quot;Windows Hello&quot;, which comprehensively handles various authentications such as Windows logon or WEB authentication. Hybrid authentication was implemented this time in the Windows Hello part. By implementing Hybrid authentication in Windows Hello, it will be possible to use Hybrid authentication in applications that use Windows Hello, in addition to WEB authentication. I think this is technically an important point.\u003C\u002Fp>\n\u003Cp>I&#39;m going to explain the changes in the screen on the WEB, but I need another explanation for that. Let me explain the &quot;Special Instructions&quot; section a little further on the Windows Insider Blog.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>On Microsoft Edge or Google Chrome, if you see the browser’s passkey UI, choose “Windows Hello or external security key” to get the Windows native experience. Try Google Chrome Canary for the latest experience there. As Microsoft Edge is Chromium-based, experiences in Chrome Canary will roll up into Microsoft Edge as well over time.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>&quot;Browser&#39;s passkey UI(*)&quot; is the screen that was displayed when using WebAuthn until now.\u003C\u002Fp>\n\u003Cp>(*)UI: User Interface. It is a mechanism for interacting with the user, but in the case of applications, it often refers to the display parts of the screen, appearance, operation method, operability, etc.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_windows_11_insider_preview_passkey_features_2_49fdc3721b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>As I wrote a note in the image, in the case of Windows Chrome, when you click &quot;Windows Hello...&quot; Windows Hello is called and for Hybrid authentication, the Hybrid authentication screen implemented by the browser is displayed. Until now, Windows Hello has not implemented Hybrid authentication, so the browser-side program is in charge of that. And since this selection screen is implemented in the browser, it will not change even if Insider Preview is introduced. The need to try the Canary build of Chrome to try out the latest UI seems to be necessary to skip this selection screen and call Windows Hello directly.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>​\u003C\u002Ftd>\n\u003Ctd>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>The screen movement used to be like this, and the UI was not very user-friendly.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Choose Windows Hello authentication or Hybrid authentication. (For Hybrid authentication, go directly to the Hybrid authentication screen of the browser).\u003C\u002Fli>\n\u003Cli>For Windows Hello authentication, select the type of authenticator (PIN, fingerprint, face, security key).\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>The latest Windows 11 Insider Preview version and Chrome Canary are as follows.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_windows_11_insider_preview_passkey_features_3_98d4562916.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The Windows Hello internal authenticator (PIN) screen appears, and the authentication of other devices is the item &quot;Use another device&quot;. In the experimental environment, the device has no fingerprint or face authentication, so the screen looks like this, but if it has, fingerprint and face will probably be displayed on this screen. Click &quot;Use another device&quot; to move to the following screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_windows_11_insider_preview_passkey_features_4_f20a9a27a6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>&quot;KYV46&quot; is the model name of my smartphone, and it has already been connected once with Hybrid authentication. The next item &quot;iPhone...&quot; is Hybrid authentication using a QR code, and the &quot;Security key&quot; is authentication by a FIDO device. The last &quot;This Windows device&quot; seems to return to the first screen. From these situations, it seems that the first screen probably uses Windows Hello&#39;s internal authenticator, and the next screen allows you to use Hybrid authentication and FIDO security keys. Regarding the first screen (internal authenticator) and the next screen ( external authenticator), the last used screen is remembered, and when the Windows Hello screen opens next time, the screen used at last time will open.\u003C\u002Fp>\n\u003Cp>Looking at it this way, from the engineer&#39;s point of view, the content is that Hybrid authentication has been incorporated into Windows Hello, but from the user&#39;s point of view, the UI for passkey authentication on Windows has been organized.\u003C\u002Fp>\n\u003Ch2>■ Passkey management\u003C\u002Fh2>\n\u003Cp>Next, let&#39;s take a look at the following parts of the Windows Insider Blog:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Manage passkeys saved to your Windows device\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The latest version of iOS and Android have made it possible to manage passkeys, but in Windows, there has been no equivalent until now. Passkeys were only stored internally and could not be checked or deleted. It seems that a screen to check and delete them has been implemented.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_windows_11_insider_preview_passkey_features_5_9ca0060204.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>An item called &quot;Passkey settings&quot; has been added to the Windows Accounts settings screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_windows_11_insider_preview_passkey_features_6_76464d5e39.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The setting screen is relatively simple, with a search box and a list of registered passkeys. Each passkey item is a domain name and a user name, and there seems to be no further information. I would appreciate it if there was a registration date and last use date and time.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_windows_11_insider_preview_passkey_features_7_36324e0db5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you click &quot;...&quot; on the right side of the passkey, only the item &quot;Delete Passkey&quot; will be displayed. Unlike passwords, it is not rewritten, so it is simple, but the fact that the menu is open format may increase the number of items in the future.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_windows_11_insider_preview_passkey_features_8_c800f14e6e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you try to delete it, you will be warned that &quot;You won&#39;t be able to sign in anymore&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_windows_11_insider_preview_passkey_features_9_563a104732.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you try to delete it, you will be prompted to enter the password for the Windows account you are logged on to. In addition, I was able to select a PIN from &quot;Others&quot;, so it seems that fingerprint\u002Fface authentication of Windows Hello is probably possible.\u003C\u002Fp>\n\u003Cp>That&#39;s about all you can do with this setting screen. Since it is still an Insider Preview version, it seems that there may be more things that can be done with feedback, etc.\u003C\u002Fp>\n\u003Ch2>■ About Multi-device FIDO Credential\u003C\u002Fh2>\n\u003Cp>In the previous blog (\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-2?lang=en\">What are Passkeys? (Part 2)\u003C\u002Fa>), I also explained passkeys in the narrow sense, Multi-device FIDO Credentials (MDC). So far, there is no description of MDC implementation in the contents of the Windows Insider Blog, and since the expression &quot;this device&quot; was often seen on the screens, it seems that MDC is not implemented at this time. However, like Apple and Google, Microsoft also has a Microsoft account, so MDC using that account may be implemented in the future. I would like to share on the blog, etc. if there is information on how to proceed in the future.\u003C\u002Fp>\n\u003Cp>(*) Currently, Multi-device FIDO Credentials have been unified under the name &quot;synced passkeys&quot;. And credentials on devices will also be standardized under the name&quot;device-bound passkeys&quot;. From now on, we will use these unified names in our blogs.\u003C\u002Fp>\n\u003Ch2>■ Summary\u003C\u002Fh2>\n\u003Cp>This time, we sent you a preview version of the Windows passkey implementation. It&#39;s still an Insider Preview Dev channel, so it may take a little longer to incorporate it into the actual product built, but it feels like the three major OS vendors have finally completed their passkey implementations. We hope that we can contribute to the popularization of this, as passkey support on the service provider side is also processing.\u003C\u002Fp>\n\u003Cp>We provide a service called YubiOn FIDO2 Server for service providers who want to incorporate passkey authentication into their services. If you are interested, please feel free to contact us.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffido2-server\">Authentication strengthening service that can be used without construction YubiOn FIDO2 Server | YubiOn\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">Contact\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch2>■ Reference link\u003C\u002Fh2>\n\u003Cp>[Experimental site]\u003C\u002Fp>\n\u003Cp>WebAuthn.io\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwebauthn.io\u002F\">https:\u002F\u002Fwebauthn.io\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[Microsoft public information]\u003C\u002Fp>\n\u003Cp>Announcing Windows 11 Insider Preview Build 23486 | Windows Insider Blog\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fblogs.windows.com\u002Fwindows-insider\u002F2023\u002F06\u002F22\u002Fannouncing-windows-11-insider-preview-build-23486\u002F\">https:\u002F\u002Fblogs.windows.com\u002Fwindows-insider\u002F2023\u002F06\u002F22\u002Fannouncing-windows-11-insider-preview-build-23486\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[SoftGiken link]\u003C\u002Fp>\n\u003Cp>YubiOn FIDO2 Server\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffido2-server\">https:\u002F\u002Fwww.yubion.com\u002Ffido2-server\u003C\u002Fa>\u003C\u002Fp>\n","windows-11-insider-preview-passkey-features","2023-07-05","2026-04-28T06:40:56.828Z","2026-04-28T06:40:59.855Z",{"id":1168,"documentId":1169,"name":1170,"alternativeText":20,"caption":20,"focalPoint":20,"width":22,"height":1171,"formats":1172,"hash":1204,"ext":25,"mime":29,"size":1205,"url":1206,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1207,"updatedAt":1207,"publishedAt":1207},580,"dr68x4xfojds9lhhj9b54ro8","blog-windows-11-insider-preview-passkey-features-1.png",768,{"large":1173,"small":1180,"medium":1188,"thumbnail":1196},{"ext":25,"url":1174,"etag":1175,"hash":1176,"mime":29,"name":1177,"path":20,"size":1178,"width":32,"height":50,"sizeInBytes":1179},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_windows_11_insider_preview_passkey_features_1_beb3455039.png","7e8f65c65468dca93b4bc447f7a07f95","large_blog_windows_11_insider_preview_passkey_features_1_beb3455039","large_blog-windows-11-insider-preview-passkey-features-1.png",177.91,177906,{"ext":25,"url":1181,"etag":1182,"hash":1183,"mime":29,"name":1184,"path":20,"size":1185,"width":41,"height":1186,"sizeInBytes":1187},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_windows_11_insider_preview_passkey_features_1_beb3455039.png","b139ee99030c8ecb1a4fc3f5d06586cd","small_blog_windows_11_insider_preview_passkey_features_1_beb3455039","small_blog-windows-11-insider-preview-passkey-features-1.png",64.28,375,64277,{"ext":25,"url":1189,"etag":1190,"hash":1191,"mime":29,"name":1192,"path":20,"size":1193,"width":50,"height":1194,"sizeInBytes":1195},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_windows_11_insider_preview_passkey_features_1_beb3455039.png","e515227d865cfc8176c2521eebabd740","medium_blog_windows_11_insider_preview_passkey_features_1_beb3455039","medium_blog-windows-11-insider-preview-passkey-features-1.png",118.41,563,118406,{"ext":25,"url":1197,"etag":1198,"hash":1199,"mime":29,"name":1200,"path":20,"size":1201,"width":1202,"height":59,"sizeInBytes":1203},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_windows_11_insider_preview_passkey_features_1_beb3455039.png","5d13df219ddd673e15a4fe0eac43c181","thumbnail_blog_windows_11_insider_preview_passkey_features_1_beb3455039","thumbnail_blog-windows-11-insider-preview-passkey-features-1.png",17.47,208,17466,"blog_windows_11_insider_preview_passkey_features_1_beb3455039",36.05,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_windows_11_insider_preview_passkey_features_1_beb3455039.png","2026-04-28T06:40:09.263Z",[1209,1210],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":1212,"documentId":1213,"title":1214,"content":1215,"slug":1216,"published":1217,"createdAt":1218,"updatedAt":1218,"publishedAt":1219,"locale":14,"authorManual":570,"cover":1220,"tags":1263},125,"ucj2nbgbi4a52933nca7tda5","YubiOn FIDO Logon Client Software Installation Automation","\u003Cp>With today&#39;s (2023\u002F06\u002F13) YubiOn FIDO Logon update, you can now set the YubiOn FIDO Logon registration code using the CLI tool. It&#39;s a very plain update, but by using this, it became possible for the administrator to collectively perform everything from the automatic distribution of software in an Active Directory environment to the setting of registration codes. And I would like to share how to do this.\u003C\u002Fp>\n\u003Cp>This article is recommended for the following:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Those who are considering installing YubiOn FIDO Logon in an environment where Active Directory (or MDM tool, etc.) has already been installed.\u003C\u002Fli>\n\u003Cli>Administrators who want to install software and register products all at once.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_1_60a71cac62.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Note that the method I will introduce from now on is just an example, and depending on the settings of your AD environment, there may be cases where it cannot be applied as it is. Please use the method that matches your environment&#39;s AD configuration and policy settings.\u003C\u002Fp>\n\u003Ch2>Silent Installation\u003C\u002Fh2>\n\u003Cp>First, let&#39;s talk about automated software distribution. It was possible to do this before the repair, but since it is a general MSI installer, it supports automatic software installation with AD policies and silent installation with command line options. This time, we have also prepared a \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fguide\u002Fen\u002Fadvanced\u002Fsilent_install\u002F\">manual\u003C\u002Fa> according to the renovation, so please refer to that as well.\u003C\u002Fp>\n\u003Cp>First, open &quot;Group Policy Management&quot; on the domain controller machine and create a new &quot;Group Policy Object&quot; (GPO) for the domain to be set.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_2_7fb9273ce5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_3_f23b4e643a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select &quot;Edit...&quot; from the right-click menu of the created GPO to open the Group Policy Management Editor, and open &quot;Computer Configuration&quot; - &quot;Policies&quot; - &quot;Software Settings&quot; - &quot;Software installation&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_4_9c8cb91a2f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select &quot;New&quot; - &quot;Package...&quot; from the right-click menu, and a dialog for selecting a Windows installer package (MSI installer) will be displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_5_2558a21bf3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>At this time, the selected file must be on the network. The installation will also fail if it cannot be referenced due to authority or authentication issues. First of all, if you are talking about a trial, you can share the directory on the DC machine, put the installer there, display the directory via the network, and select the installer. Of course, when officially distributing within an organization, it is recommended to place it in an appropriate location according to the operation method within the organization.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_6_fd148db396.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Leave the option settings as default and click &quot;OK&quot; with &quot;Assigned&quot; selected.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_7_cd76373e2c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>At this point, first, the GPO has been created. Go back to the Group Policy Management window and assign GPO. This time, I will try to apply it to the entire domain, but this part should also be assigned according to the organization&#39;s AD usage, such as assigning it to an OU if necessary. This time right click on the domain and select &quot; Link an Existing GPO...&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_8_2f265edab3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select the GPO you just created and click &quot;OK&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_9_1e4eb057b2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The setting is complete if the link to the GPO created earlier is generated directly under the domain. The YubiOn FIDO Logon client software will be installed automatically when you sign in to your domain account on a domain-joined machine.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_10_b9c2221450.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch2>Set Registration Code\u003C\u002Fh2>\n\u003Cp>Next, we will make settings to automatically set the registration code. We will use the CLI tool added in this update. We have also created a new \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fguide\u002Fen\u002Fadvanced\u002Fcli_tool\u002Fcli_register_code\u002F\">manual\u003C\u002Fa> this time, so please refer to it as well.\u003C\u002Fp>\n\u003Cp>This time, the user&#39;s logon script will run the command for automatic registration. Assuming that after setting the registration code, the setting tool is started and the user registered the logon key, the setting tool is started when the registration code setting is successful.\u003C\u002Fp>\n\u003Cp>First, prepare a batch file to execute the above flow. This time, first create &quot;fls_register.bat&quot; on the DC desktop. The contents should be as follows. (Enter your registration code in the &quot;XXXXX-XXXXX-XXXXX-XXXXX&quot; part).\u003C\u002Fp>\n\u003Cpre>\u003Ccode>&quot;c:\\Program Files\\YubiOn\\Fls\\FlsCliTool\\FlsCliTool.exe&quot; register XXXXX-XXXXX-XXXXX-XXXXX\nif %errorlevel% equ 0 (\n\t&quot;c:\\Program Files\\YubiOn\\Fls\\FlsAdministrateTool\\FlsAdministrateTool.exe&quot;\n)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>The content in the &quot;if&quot; command is the content to be executed when the registration is successful. In the above example, the YubiOn FIDO Logon configuration tool is launched, but depending on the customer flow, it is possible to devise ways such as launching a security key setup (PIN or fingerprint settings, etc.). Security key setup can be started with the command &quot;start ms-settings:signinoptions-launchsecuritykeyenrollment&quot; in Windows 11. ( On Windows 10, the above command will display the &quot;Sign-in options&quot; screen.)\u003C\u002Fp>\n\u003Cp>If the above is specified as a logon script, the above batch file will be called at every logon. However, once the above script is executed and the registration code has been set, a registered error (return value: 10) will be returned and nothing will be executed.\u003C\u002Fp>\n\u003Cp>Now, when the above batch file is ready, set it as a logon script. We will add the logon script settings to the GPO for installation that we created earlier. Select &quot;Edit...&quot; from the right-click menu of the GPO again to open the Group Policy Management Editor, and this time select &quot;User Configuration&quot; -&quot;Policies&quot;- &quot;Windows Settings&quot; - &quot;Scripts (Logon\u002FLogoff)&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_11_8d7093d0fd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Double-click &quot;Logon&quot; to open the Logon Scripts setting screen. Click &quot;Add...&quot; to open the Add Script window, then press the &quot;Browse...&quot; button to open a file selection dialog.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_12_b6623b4908.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The file selection dialog opened here has a few caveats. Instead of selecting the batch file you created earlier in this dialog, you need to bring the batch file you created earlier to the default folder of the dialog that opens. This time, I created a batch file on the desktop earlier, so copy the file from the desktop to the file selection dialog by dragging and dropping it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_13_b30613d136.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After copying the file, click &quot;Open&quot; while the file is selected to confirm. Click &quot;OK&quot; on the Add Script window and &quot;OK&quot; on the Logon Properties window to complete the operation.\u003C\u002Fp>\n\u003Cp>With the above operation, the specified batch file will be executed at logon. Let&#39;s check how it works on a PC that joins AD.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_14_228b26c6ca.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When you log on with an AD-joined PC, the registration code is automatically set and the setting tool is started.\u003C\u002Fp>\n\u003Ch2>Summary\u003C\u002Fh2>\n\u003Cp>Not only YubiOn FIDO Logon but also YubiOn Portal, we have received many requests and consultations for the collective installation of software, especially from medium to large-scale customers. YubiOn Portal also provides a mechanism for batch registration according to PC kitting, but this time YubiOn FIDO Logon also enables automatic setup in an environment where PC management such as an AD environment is possible, and we believe that customers have more options.\u003C\u002Fp>\n\u003Cp>Please feel free to contact us from the \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">contact form\u003C\u002Fa> for consultation on introduction.\u003C\u002Fp>\n","automate-yubion-fido-logon-client-install","2023-06-13","2026-04-28T07:32:35.364Z","2026-04-28T07:32:38.135Z",{"id":1221,"documentId":1222,"name":1223,"alternativeText":20,"caption":20,"focalPoint":20,"width":1224,"height":991,"formats":1225,"hash":1258,"ext":25,"mime":29,"size":1259,"url":1260,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1261,"updatedAt":1261,"publishedAt":1262},1045,"vn34paptnwi2cvlfezhq0rym","blog-automate-yubion-fido-logon-client-install-1.png",3142,{"large":1226,"small":1234,"medium":1242,"thumbnail":1250},{"ext":25,"url":1227,"etag":1228,"hash":1229,"mime":29,"name":1230,"path":20,"size":1231,"width":32,"height":1232,"sizeInBytes":1233},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_automate_yubion_fido_logon_client_install_1_60a71cac62.png","afc9dbf02e314924759f7d4769860c5f","large_blog_automate_yubion_fido_logon_client_install_1_60a71cac62","large_blog-automate-yubion-fido-logon-client-install-1.png",97.18,640,97179,{"ext":25,"url":1235,"etag":1236,"hash":1237,"mime":29,"name":1238,"path":20,"size":1239,"width":41,"height":1240,"sizeInBytes":1241},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_automate_yubion_fido_logon_client_install_1_60a71cac62.png","b67c8c9282d272ddaa0fe59af1a96777","small_blog_automate_yubion_fido_logon_client_install_1_60a71cac62","small_blog-automate-yubion-fido-logon-client-install-1.png",32.49,320,32486,{"ext":25,"url":1243,"etag":1244,"hash":1245,"mime":29,"name":1246,"path":20,"size":1247,"width":50,"height":1248,"sizeInBytes":1249},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_automate_yubion_fido_logon_client_install_1_60a71cac62.png","7787ddfaafa0e32fb593958ea3618870","medium_blog_automate_yubion_fido_logon_client_install_1_60a71cac62","medium_blog-automate-yubion-fido-logon-client-install-1.png",60.65,480,60649,{"ext":25,"url":1251,"etag":1252,"hash":1253,"mime":29,"name":1254,"path":20,"size":1255,"width":1256,"height":59,"sizeInBytes":1257},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_automate_yubion_fido_logon_client_install_1_60a71cac62.png","6f6740f3f217f56c44502c7e0ba1e359","thumbnail_blog_automate_yubion_fido_logon_client_install_1_60a71cac62","thumbnail_blog-automate-yubion-fido-logon-client-install-1.png",12.17,244,12171,"blog_automate_yubion_fido_logon_client_install_1_60a71cac62",132.84,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_automate_yubion_fido_logon_client_install_1_60a71cac62.png","2026-04-28T07:31:24.766Z","2026-04-28T07:31:24.767Z",[1264,1265,1266],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":154,"documentId":155,"name":156,"slug":20,"createdAt":157,"updatedAt":157,"publishedAt":158},{"id":1089,"documentId":1090,"name":1091,"slug":20,"createdAt":1092,"updatedAt":1092,"publishedAt":1093},{"id":1268,"documentId":1269,"title":1270,"content":1271,"slug":1272,"published":1273,"createdAt":1274,"updatedAt":1274,"publishedAt":1275,"locale":14,"authorManual":570,"cover":1276,"tags":1318},91,"ijvpjtc1leleyn6o3r8gvqus","Two-factor Authentication Using Passkeys Experiment","\u003Cp>\u003Cstrong>Passkeys\u003C\u002Fstrong> are gradually becoming more popular, as evidenced by a news article stating that &quot;Passkeys can be used!&quot; to log in to the services of major companies.\u003C\u002Fp>\n\u003Cp>However, there are still few people who have used it, right?\u003C\u002Fp>\n\u003Cp>YubiOn FIDO Logon, our PC login security-enhanced product, can use passkeys, so I will introduce specific operating procedures to answer the question \u003Cstrong>&quot;How can we use passkeys?&quot;\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>However, the passkey can be used when logging in to the FIDO Logon management web screen, not for PC login authentication.\u003C\u002Fp>\n\u003Cp>So, I will introduce \u003Cstrong>how to log in\u003C\u002Fstrong> to the management Web screen of FIDO Logon \u003Cstrong>with a passkey\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Table of Contents\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-cih0b\">About passkey\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-5pfbt\">How to use the passkey\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-9g5vk\">Example when using on an iPad\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-be7c3\">Passkey registration\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-2g543\">Authenticate with passkey\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-bir0g\">Supplement (Operation on iPad browser)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-1883a\">Example when using on an Android smartphone\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-35nv1\">Passkey registration\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-8ec9t\">Authenticate with passkey\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-jakk\">Supplement (Operation on Android smartphone browser)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-c0fjs\">Summary\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>About passkey\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>A passkey is an authentication method that replaces a password, and what was originally called &quot;WebAuthn&quot; has come to be collectively called &quot;passkey&quot; in recent years. It&#39;s a little confusing for those who have known FIDO for a long time, but I think that rather than using the term &quot;WebAuthn&quot;, the intention is to spread a more acceptable term for the general public.\u003C\u002Fp>\n\u003Cp>Please refer to other blogs for detailed information about passkeys.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-1?lang=en\">What are Passkeys? (Part 1)\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-2?lang=en\">What are Passkeys? (Part 2)\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This time, I will try \u003Cstrong>a passkey that puts secret information on the cloud\u003C\u002Fstrong> using an iPad without using an external authentication device such as a YubiKey. As for which cloud to use, there is Apple as a famous place that can be used now, so I would like to try it.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>How to use the passkey\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch2>\u003Cstrong>■ Example when using on an iPad\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>I tried the method using AppleID, but unfortunately, I don&#39;t have an iPhone, so I tried using an iPad instead.\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>Tried environment\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Login target: Log in to the FIDO Logon management Web screen\u003C\u002Fp>\n\u003Cp>PC: Laptop\u003C\u002Fp>\n\u003Cp>※ The method to try this time uses the Bluetooth function, so it must be a model that can use Bluetooth.\u003C\u002Fp>\n\u003Cp>OS: Windows 11 22H2\u003C\u002Fp>\n\u003Cp>Browser: Edge (Version: 111.0.1661.54)\u003C\u002Fp>\n\u003Cp>iPad Pro: iPadOS 16.2\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_1_e3fb1c53df.png\" alt=\"AppleIDを利用する\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>・Passkey registration\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Just like when using Android, register to use the passkey.\u003C\u002Fp>\n\u003Cp>Open Edge on your PC.\u003C\u002Fp>\n\u003Cp>Log in to the \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fapp\u002F\">FIDO Logon management Web screen\u003C\u002Fa> and open &quot;User Settings&quot; from the name display on the upper right.\u003C\u002Fp>\n\u003Cp>Click the plus button on the top right to start the add operation.\u003C\u002Fp>\n\u003Cp>Click &quot;OK&quot; on the confirmation message.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_2_403ff6a4d2.png\" alt=\"セットアップ開始\">\u003C\u002Fp>\n\u003Cp>YubiOn FIDO Logon will by default show a security key setup popup, but this time we don&#39;t use a device, so click Cancel.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_3_6667790910.png\" alt=\"セキュリティキーキャンセル\">\u003C\u002Fp>\n\u003Cp>The passkey creation method selection is displayed.\u003C\u002Fp>\n\u003Cp>Select &quot;A different device&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_4_9c34c120b5.png\" alt=\"別のデバイス選択\">\u003C\u002Fp>\n\u003Cp>A QR code for registration will be displayed on the screen.\u003C\u002Fp>\n\u003Cp>Scan this QR code with your iPad.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_5_4ad19450b5.png\" alt=\"QRコード表示\">\u003C\u002Fp>\n\u003Cp>Scan with your iPad&#39;s standard camera app.\u003C\u002Fp>\n\u003Cp>When you scan, a message will be displayed at the top, so touch it to proceed.\u003C\u002Fp>\n\u003Cp>※ Since the iPad&#39;s standard camera app has a QR code reading function, you don&#39;t need to use a separate app.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_6_6dadddb70d.png\" alt=\"iPadカメラアプリ\">\u003C\u002Fp>\n\u003Cp>You will be asked to sign in with AppleID, so authenticate with TouchID and proceed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_7_12457a4cc2.png\" alt=\"TouchID\">\u003C\u002Fp>\n\u003Cp>Authentication of the TouchID on the iPad was successful.\u003C\u002Fp>\n\u003Cp>At this point, \u003Cstrong>the passkey private information is stored in Apple&#39;s cloud\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>When you return to your browser on your PC, you will see a successful registration pop-up.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_8_a6e56e585c.png\" alt=\"登録完了\">\u003C\u002Fp>\n\u003Cp>Enter a name for the registered information.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_9_0c9c3f83a3.png\" alt=\"割り当てに名前を付ける\">\u003C\u002Fp>\n\u003Cp>Passkey registration is now complete.\u003C\u002Fp>\n\u003Cp>Next, try to log in with the registered passkey.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>・Authenticate with passkey\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Log out from the management Web screen once and display the login screen.\u003C\u002Fp>\n\u003Cp>On the login screen, enter your email address and click the confirm button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_10_e38fb4e177.png\" alt=\"ログイン画面\">\u003C\u002Fp>\n\u003Cp>The security key request is displayed by default, so click Cancel.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_11_751033799a.png\" alt=\"セキュリティキー呼び出し\">\u003C\u002Fp>\n\u003Cp>In the case of the iPad, it does not appear in the list, so select &quot;A different device&quot; here as well.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_12_3fdbf6a9cc.png\" alt=\"別のデバイスを選択\">\u003C\u002Fp>\n\u003Cp>A QR code will be displayed, so read it again with your iPad.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_13_eb7f53d46f.png\" alt=\"QRコード読み取り\">\u003C\u002Fp>\n\u003Cp>Launch the camera app on your iPad and scan the QR code.\u003C\u002Fp>\n\u003Cp>After reading, tap &quot;Sign in with passkey&quot; displayed at the top.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_14_8e5e5539d8.png\" alt=\"iPadでQRコード読み取り\">\u003C\u002Fp>\n\u003Cp>Authenticate with Touch ID.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_15_27935bfdb1.png\" alt=\"Apple認証操作\">\u003C\u002Fp>\n\u003Cp>After the authentication of the smartphone, the login is successful.\u003C\u002Fp>\n\u003Cp>Authentication using the passkey was successful on the iPad as well.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>・Supplement (Operation on iPad browser)\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>I will also check the operation on the browser of the iPad.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When registering on the iPad browser\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>I opened Safari on my iPad and tried to register from the YubiOn FIDO Logon Management Website.\u003C\u002Fp>\n\u003Cp>As a result, I was unable to register.\u003C\u002Fp>\n\u003Cp>When I try to register, there is a selection for registration with the iPad, so I choose it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_16_1a4aa97b7f.png\" alt=\"Safariで登録\">\u003C\u002Fp>\n\u003Cp>Next, a QR code is displayed, but since the QR code is displayed on the iPad, it is not possible to read the screen of the iPad itself and proceed further. It would be nice to be able to launch another app in this state, but it&#39;s canceled when pressing the home button, so there&#39;s nothing I can do about it...\u003C\u002Fp>\n\u003Cp>There may be some way, but I couldn&#39;t register this time.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_17_0d0d87dd29.png\" alt=\"QRコード表示\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When logging in on the iPad browser\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you have already registered, you will automatically be prompted to log in using your passkey when you log in.\u003C\u002Fp>\n\u003Cp>You can log in by TouchID.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_18_05a229f727.png\" alt=\"ログイン操作\">\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■ Example when using on an Android smartphone\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>In the case of Android smartphones, due to the impact of our company&#39;s implementation method and the relationship between Android versions, etc., \u003Cstrong>there is no way to check if private information is stored on the cloud or not currently\u003C\u002Fstrong>. ※ It is expected that it will be supported in the future version upgrade.\u003C\u002Fp>\n\u003Cp>However, the operation itself is almost the same as the iPad, so I will also introduce this pattern.\u003C\u002Fp>\n\u003Cp>This time I tried in the following environment.\u003C\u002Fp>\n\u003Cp>※ Please note that the display may change depending on the conditions when trying (browser account login status, etc.).\u003C\u002Fp>\n\u003Ch4>\u003Cstrong>Tried environment\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Login target: Log in to the FIDO Logon management Web screen\u003C\u002Fp>\n\u003Cp>PC: Laptop\u003C\u002Fp>\n\u003Cp>※ The method to try this time uses the Bluetooth function, so it must be a model that can use Bluetooth.\u003C\u002Fp>\n\u003Cp>OS: Windows 11 22H2\u003C\u002Fp>\n\u003Cp>Browser: Edge (Version: 111.0.1661.54)\u003C\u002Fp>\n\u003Cp>Do this while logged into your Google account.\u003C\u002Fp>\n\u003Cp>Android smartphone: Android 13\u003C\u002Fp>\n\u003Cp>Use a smartphone that is registered with the same Google account that you used on your PC.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>・Passkey registration\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>First, let&#39;s register to use the passkey.\u003C\u002Fp>\n\u003Cp>Open Edge on your PC.\u003C\u002Fp>\n\u003Cp>※ At this time, you are logged into your Google account.\u003C\u002Fp>\n\u003Cp>Log in to the \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002Fapp\u002F\">FIDO Logon management Web screen\u003C\u002Fa> and open &quot;User Settings&quot; from the name display on the upper right.\u003C\u002Fp>\n\u003Cp>On this screen, you can set two-factor authentication for logging in to the management Web screen.\u003C\u002Fp>\n\u003Cp>By the way, authentication devices such as YubiKey can also be set here.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_19_9b68083156.png\" alt=\"個人設定\">\u003C\u002Fp>\n\u003Cp>Click the plus button on the top right to start the add operation.\u003C\u002Fp>\n\u003Cp>Click &quot;OK&quot; on the confirmation message.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_2_403ff6a4d2.png\" alt=\"セットアップ開始\">\u003C\u002Fp>\n\u003Cp>YubiOn FIDO Logon will by default show a security key setup popup, but this time we don&#39;t use a device, so click Cancel.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_3_6667790910.png\" alt=\"セキュリティキーキャンセル\">\u003C\u002Fp>\n\u003Cp>The passkey creation method selection is displayed.\u003C\u002Fp>\n\u003Cp>Select &quot;A different device&quot;.\u003C\u002Fp>\n\u003Cp>※ This time I&#39;m trying on Edge. Chrome and Edge have this option, but Firefox doesn&#39;t seem to.\u003C\u002Fp>\n\u003Cp>※ If you have already registered a smartphone device, the device name will be displayed in the list. In this case, you can skip scanning the next QR code and proceed to the registration operation.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_4_9c34c120b5.png\" alt=\"別のデバイス選択\">\u003C\u002Fp>\n\u003Cp>A QR code for registration will be displayed on the screen.\u003C\u002Fp>\n\u003Cp>Scan this QR code with your smartphone.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_5_4ad19450b5.png\" alt=\"QRコード表示\">\u003C\u002Fp>\n\u003Cp>Read the QR code with an app that can read it.\u003C\u002Fp>\n\u003Cp>If your standard camera has a QR code reading function, you can use it without any problem.\u003C\u002Fp>\n\u003Cp>The behavior after reading changes depending on the application.\u003C\u002Fp>\n\u003Cp>※ In the case of the QR code reading application (standard camera app) that I am using, after reading, select &quot;Open in browser&quot; to proceed to the next step.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_20_98dd014e98.jpeg\" alt=\"QRコード読み取り\">\u003C\u002Fp>\n\u003Cp>A confirmation message is displayed.\u003C\u002Fp>\n\u003Cp>Tap &quot;Allow&quot; to proceed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_21_4a5ad039d8.jpeg\" alt=\"QRコード読み取り後のスマホ\">\u003C\u002Fp>\n\u003Cp>At this time, the smartphone authentication operation (fingerprint, pattern, etc.) is performed.\u003C\u002Fp>\n\u003Cp>Proceed after authentication succeeds.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_22_cf39fb76fb.jpeg\" alt=\"デバイスの接続\">\u003C\u002Fp>\n\u003Cp>The authentication on the smartphone was successful.\u003C\u002Fp>\n\u003Cp>This time, since I used the latest Android version, the private information of the passkey is saved in Google&#39;s cloud. But in the case of the older versions, the private information will be saved on Android, although the registration operation is the same.\u003C\u002Fp>\n\u003Cp>Also, it seems that the information of the smartphone device is also registered in the Google account of Chrome (or Edge), and the next time, the name of the registered smartphone will be displayed in the list.\u003C\u002Fp>\n\u003Cp>Therefore, it was not displayed when operating Chrome (or Edge) in guest mode.\u003C\u002Fp>\n\u003Cp>When you return to your browser on your PC, you will see a successful registration pop-up.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_8_a6e56e585c.png\" alt=\"登録完了\">\u003C\u002Fp>\n\u003Cp>Enter a name for the registered information.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_23_61d79cda96.png\" alt=\"割り当てに名前を付ける\">\u003C\u002Fp>\n\u003Cp>Passkey registration is now complete.\u003C\u002Fp>\n\u003Cp>Next, try to log in with the registered passkey.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>・Authenticate with passkey\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Log out from the management Web screen once and display the login screen.\u003C\u002Fp>\n\u003Cp>On the login screen, enter your email address and click the confirm button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_10_e38fb4e177.png\" alt=\"ログイン画面\">\u003C\u002Fp>\n\u003Cp>The security key request is displayed by default, so click Cancel.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_11_751033799a.png\" alt=\"セキュリティキー呼び出し\">\u003C\u002Fp>\n\u003Cp>Since the registered smartphone name is displayed, select it.\u003C\u002Fp>\n\u003Cp>※ This option is not available when you are not logged in to your Google account, such as in Chrome guest mode.\u003C\u002Fp>\n\u003Cp>Even in that case, you can proceed with authentication by selecting &quot;A different device&quot; and reading the QR code in the same way as when registering.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_24_d991e956f7.png\" alt=\"デバイス選択\">\u003C\u002Fp>\n\u003Cp>You will then see a message that a notification has been sent to your smartphone.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_25_4ff78bbcb0.png\" alt=\"デバイスに通知\">\u003C\u002Fp>\n\u003Cp>When you check your smartphone, there is a notification.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_26_7bf3433d5c.jpeg\" alt=\"スマホ側の通知\">\u003C\u002Fp>\n\u003Cp>If you open the notification and proceed to the next step, the smartphone will ask for authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_22_cf39fb76fb.jpeg\" alt=\"スマホと接続中\">\u003C\u002Fp>\n\u003Cp>After the authentication of the smartphone, the login is successful.\u003C\u002Fp>\n\u003Cp>Authentication using the passkey is now successful.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>・Supplement (Operation on Android smartphone browser)\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>I logged in to YubiOn FIDO Logon with a PC browser, but I will also touch on the case of logging in with the Android smartphone&#39;s own browser.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When registering on the smartphone browser\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When registering using a smartphone browser, the passkey cannot be registered because the registration of another device does not appear in the selection.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_27_2d9965dafc.jpeg\" alt=\"セキュリティキーの選択\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>When logging in on the smartphone browser\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you open the browser and log in with a smartphone that has already been registered from a PC, it is possible to authenticate with a passkey.\u003C\u002Fp>\n\u003Cp>This varies depending on the implementation on the service (RP) side, but in the case of YubiOn FIDO Logon, the security key is displayed with priority. However, in the case of Android smartphones, even if you cancel the security ley selection, a different device selection will not be displayed, so you cannot register anything other than the security key.\u003C\u002Fp>\n\u003Cp>However, if the passkey has been registered, the passkey is automatically selected, so you can authenticate with the passkey during authentication.\u003C\u002Fp>\n\u003Cp>I think this is a difficult point to uns\\derstand because the behavior changes depending on the implementation on the RP side and the device (browser) used. I tried it and got very confused.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>By using an iPad or smartphone, I was able to log in to the YubiOn FIDO Logon management Web screen using a passkey.\u003C\u002Fp>\n\u003Cp>This was an example of logging in to our service, but if the service you are using supports passkeys, please give it a try. Since \u003Cstrong>the passkey does not use a password\u003C\u002Fstrong>, there is less time and effort to type, and \u003Cstrong>the security strength can be increased\u003C\u002Fstrong>, so I think it is especially easy to use if you do not have a security device.\u003C\u002Fp>\n\u003Cp>The adoption rate of paskeys is expected to increase in the future, and it is expected that they will be used in various services and sites without users being aware of it.\u003C\u002Fp>\n\u003Cp>However, at the moment, there are parts of the OSes and browsers that have not been unified yet, and the display may change depending on the operation method, so we need to be careful until the specifications around here are solidfied.\u003C\u002Fp>\n\u003Cp>As a member of the FIDO Alliance, we would like to continue to provide passkey information to everyone, so please continue to support us.\u003C\u002Fp>\n\u003Cp>For details on the YubiOn FIDO Logon introduces this time, please check \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Ffidologon\">the product introduction page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Thanks for reading until the end.\u003C\u002Fp>\n","how-to-use-passkeys-with-yubion-fido-logon","2023-03-28","2026-04-28T07:12:48.419Z","2026-04-28T07:12:51.457Z",{"id":1277,"documentId":1278,"name":1279,"alternativeText":20,"caption":20,"focalPoint":20,"width":1280,"height":1281,"formats":1282,"hash":1314,"ext":25,"mime":29,"size":1315,"url":1316,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1317,"updatedAt":1317,"publishedAt":1317},853,"xxu246cztvd2wffyka1hwc00","blog-how-to-use-passkeys-with-yubion-fido-logon-1.png",1178,545,{"large":1283,"small":1291,"medium":1299,"thumbnail":1307},{"ext":25,"url":1284,"etag":1285,"hash":1286,"mime":29,"name":1287,"path":20,"size":1288,"width":32,"height":1289,"sizeInBytes":1290},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_how_to_use_passkeys_with_yubion_fido_logon_1_e3fb1c53df.png","25fd132bfd489fcf6cd7fc263b50efe9","large_blog_how_to_use_passkeys_with_yubion_fido_logon_1_e3fb1c53df","large_blog-how-to-use-passkeys-with-yubion-fido-logon-1.png",66.27,463,66270,{"ext":25,"url":1292,"etag":1293,"hash":1294,"mime":29,"name":1295,"path":20,"size":1296,"width":41,"height":1297,"sizeInBytes":1298},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_how_to_use_passkeys_with_yubion_fido_logon_1_e3fb1c53df.png","c57eabd55ac71609129920ccdb95ce89","small_blog_how_to_use_passkeys_with_yubion_fido_logon_1_e3fb1c53df","small_blog-how-to-use-passkeys-with-yubion-fido-logon-1.png",27.24,231,27244,{"ext":25,"url":1300,"etag":1301,"hash":1302,"mime":29,"name":1303,"path":20,"size":1304,"width":50,"height":1305,"sizeInBytes":1306},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_how_to_use_passkeys_with_yubion_fido_logon_1_e3fb1c53df.png","f99df5f637994dbfa2eb916c979a5ab3","medium_blog_how_to_use_passkeys_with_yubion_fido_logon_1_e3fb1c53df","medium_blog-how-to-use-passkeys-with-yubion-fido-logon-1.png",45.74,347,45740,{"ext":25,"url":1308,"etag":1309,"hash":1310,"mime":29,"name":1311,"path":20,"size":1312,"width":124,"height":562,"sizeInBytes":1313},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_how_to_use_passkeys_with_yubion_fido_logon_1_e3fb1c53df.png","1c5ae5aff1fd6555b5510a037baca8a3","thumbnail_blog_how_to_use_passkeys_with_yubion_fido_logon_1_e3fb1c53df","thumbnail_blog-how-to-use-passkeys-with-yubion-fido-logon-1.png",10.41,10413,"blog_how_to_use_passkeys_with_yubion_fido_logon_1_e3fb1c53df",14.87,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_passkeys_with_yubion_fido_logon_1_e3fb1c53df.png","2026-04-28T07:09:51.582Z",[1319,1320,1321,1322],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":154,"documentId":155,"name":156,"slug":20,"createdAt":157,"updatedAt":157,"publishedAt":158},{"id":1089,"documentId":1090,"name":1091,"slug":20,"createdAt":1092,"updatedAt":1092,"publishedAt":1093},{"id":1324,"documentId":1325,"title":1326,"content":1327,"slug":1328,"published":1329,"createdAt":1330,"updatedAt":1330,"publishedAt":1331,"locale":14,"authorManual":570,"cover":1332,"tags":1375},127,"wqsmsvj6egog03ftm2tdyawe","[YubiOn WindowsLogon Standalone] Aggegrate Event Viewer Logs to another PC","\u003Cp>Updated: Mar 22, 2023\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion\">\u003Cstrong>YubiOn WindowsLogon Standalone\u003C\u002Fstrong>\u003C\u002Fa> is a standalone Windows logon enhancement product that operates on a single PC with the software installed.\u003C\u002Fp>\n\u003Cp>The log at the time of logon can also be checked only on that PC. But we received a consultation about whether it is possible to transfer the logs and aggregate them in another location (AD server, etc.) for confirmation.\u003C\u002Fp>\n\u003Cp>Since this is a standalone product, it does not have a function to link with other servers. But the logs are output to the Application log of the event viewer of that PC.\u003C\u002Fp>\n\u003Cp>Using Windows functions to aggregate the events on another PC makes it possible to check the event log on another server.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_1_edbee6be9f.png\" alt=\"イベントログを転送する\">\u003C\u002Fp>\n\u003Cp>So, I will introduce how to aggregate Windows Event Viewer logs to another PC.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Table of Contents\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-a45be\">Environment\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-2k3c2\">Setup steps\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-1kb5g\">Processes on the source machine\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-8mvcp\">Prepare to collect logs\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-659kd\">Processes on the collector machine\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-1nb49\">Prepare to collect logs\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-a2n02\">S\u003C\u002Fa>et subscription\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-92q3p\">Confirm the events\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-b8rfg\">Summary\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Environment\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>I have tried the following settings:\u003C\u002Fp>\n\u003Cp>Transfer can also be performed in the workspace environment, but the steps are slightly increased, so we will set it up in the domain environment this time.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Collector machine (PC for collecting logs)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>OS: Windows Server 2022\u003C\u002Fp>\n\u003Cp>Active Directory\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Source machine (PC sending logs)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>OS: Windows 10\u003C\u002Fp>\n\u003Cp>Join the domain of the collector machine\u003C\u002Fp>\n\u003Cp>YubiOn WindowsLogon Standalone configured\u003C\u002Fp>\n\u003Cp>Assume an environment where \u003Cstrong>YubiOn WindowsLogon Standalone\u003C\u002Fstrong> is installed on the source machine. Set the event log (Application log) to be checked on the collect machine.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Setup steps\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>\u003Cstrong>■\u003C\u002Fstrong> \u003Cstrong>Processes on the source machine\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Ch4>**・**\u003Cstrong>Prepare to collect logs\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>We will use WinRM (Windows Remote Management) service to forward the events, so make it ready.\u003C\u002Fp>\n\u003Cp>Log on to the source machine with an administrator account, run PowerShell as an administrator, and execute the following command.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>winrm quickconfig\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You will be asked to confirm the execution, so enter &quot;y&quot; to execute.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>PS C:\\Windows\\system32&gt; winrm quickconfig\nWinRM is not set up to receive requests on this machine.\nThe following changes must be made:\n\nStart the WinRM service.\nSet the WinRM service type to delayed auto start.\n\nMake these changes [y\u002Fn]? y\n\nWinRM has been updated to receive requests.\n\nWinRM service type changed successfully.\nWinRM service started.\nWinRM is not set up to allow remote access to this machine for management.\nThe following changes must be made:\n\nEnable the WinRM firewall exception.\nConfigue the LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.\nMake these changes [y\u002Fn]? y\n\nWinRM has been updated for remote management.\n\nWinRM firewall exception enabled.\nConfiged LocalAccountTokenFilterPolicy to grant administrative rights remotely to local users.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You have successfully set it.\u003C\u002Fp>\n\u003Cp>※ If your network is public, you cannot set the firewall. In that case, change to a domain or private network.\u003C\u002Fp>\n\u003Cp>Then add the collector machine&#39;s account to the Event Log Readers group on the source machine.\u003C\u002Fp>\n\u003Cp>Open &quot;Local Users and Groups&quot; in Windows and open &quot;Event Log Readers&quot; in &quot;Groups&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_2_3e3f50d531.png\" alt=\"ローカルユーザーとグループ設定\">\u003C\u002Fp>\n\u003Cp>Click &quot;Add&quot;.\u003C\u002Fp>\n\u003Cp>By default, computer accounts cannot be added, so click &quot;Object Types...&quot;, check &quot;Computers&quot; and return by &quot;OK&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_3_21c76d5a6d.png\" alt=\"オブジェクトの種類\">\u003C\u002Fp>\n\u003Cp>Enter the computer name of the collector machine into the &quot;Enter the object names to select&quot; input field and confirm with &quot;OK&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_4_0c0c91bdec.png\" alt=\"ホスト名を入力\">\u003C\u002Fp>\n\u003Cp>The computer name of the collector machine has been added to &quot;Members&quot;.\u003C\u002Fp>\n\u003Cp>Close with &quot;OK&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_5_1d80b46173.png\" alt=\"Event Log Readers設定\">\u003C\u002Fp>\n\u003Cp>※ This time, it is not necessary because it is a domain environment, but when set in a workgroup environment, add an account with administrator privileges.\u003C\u002Fp>\n\u003Cp>Next, we move on to processes on the collector machine.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>■\u003C\u002Fstrong> \u003Cstrong>Processes on the collector machine\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Ch4>**・**\u003Cstrong>Prepare to collect logs\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Log on to the collector machine with an administrator account, run PowerShell as an administrator, and execute the following command.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>wecutil quick-config\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>You will be asked to confirm the execution, so enter &quot;y&quot; to execute.す。\u003C\u002Fp>\n\u003Cpre>\u003Ccode>The service startup mode will be changed to Delay-Start. Would ou like to proceed ( Y- yes or N- no)? y\n\nWindows Event Collector service was configured successfully.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>**・**\u003Cstrong>Set subscription\u003C\u002Fstrong>\u003C\u002Fh4>\n\u003Cp>Define what kind of event logs to transfer using the subscription function.\u003C\u002Fp>\n\u003Cp>Launch Event Viewer on the collector machine.\u003C\u002Fp>\n\u003Cp>Select &quot;Subscriptions&quot; under &quot;Application and Service Logs&quot;.\u003C\u002Fp>\n\u003Cp>Click &quot;Create Subscription...&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_6_0266557ad0.png\" alt=\"サブスクリプションの作成\">\u003C\u002Fp>\n\u003Cp>Enter any &quot;Subscription name&quot; and &quot;Description&quot; and click &quot;Select Computers...&quot;.\u003C\u002Fp>\n\u003Cp>Select from the pulldown to change the destination log.\u003C\u002Fp>\n\u003Cp>We will use the default &quot;Forwarded Events&quot; this time.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_7_70c6839a4a.png\" alt=\"サブスクリプションのプロパティ\">\u003C\u002Fp>\n\u003Cp>Specify the source machine.\u003C\u002Fp>\n\u003Cp>Click &quot;Add Domain Computers...&quot; under &quot;Collector initiated&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_8_8274ebd145.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter the computer name of the target source machine and click &quot;OK&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_9_d0af453ba9.png\" alt=\"コンピュータ名を入力\">\u003C\u002Fp>\n\u003Cp>If you want to register multiple PCs, register the PCs one after the other.\u003C\u002Fp>\n\u003Cp>And, you can check that you can access the target PC by clicking the &quot;Test&quot; button.\u003C\u002Fp>\n\u003Cp>Click &quot;Select Events...&quot;.\u003C\u002Fp>\n\u003Cp>Here you specify the logs you want to send as events.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiOn WindowsLogon Standalone\u003C\u002Fstrong> logs are output to the Application log, so specify to transfer all Application logs.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_10_01faba4cfe.png\" alt=\"クエリフィルター\">\u003C\u002Fp>\n\u003Cp>Click &quot;Advanced...&quot; to confirm.\u003C\u002Fp>\n\u003Cp>Leave the defaults here, select &quot;Machine Account&quot; for &quot;User Account&quot;, and select &quot;Normal&quot; for &quot;Event Delivery Optimization&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_11_c91c49804e.png\" alt=\"サブスクリプションの詳細設定\">\u003C\u002Fp>\n\u003Cp>Your subscription has been added.\u003C\u002Fp>\n\u003Cp>Make sure the status is active.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_12_8e99e16a2a.png\" alt=\"サブスクリプション追加\">\u003C\u002Fp>\n\u003Cp>The settings for collecting events are now complete.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Confirm the events\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Now let&#39;s confirm that the event logs are transferred.\u003C\u002Fp>\n\u003Cp>First, log on to the \u003Cstrong>source machine\u003C\u002Fstrong> using \u003Cstrong>YubiOn WindowsLogon Standalone\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Screen lock the source machine once and log on using the YubiKey.\u003C\u002Fp>\n\u003Cp>This printed a log for the &quot;YubiOnWindowsLogonStandalone&quot; source in the Application log.\u003C\u002Fp>\n\u003Cp>Here is the log when the logon is successful.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_13_adc88264ff.png\" alt=\"ソースマシン側のイベントビューアー\">\u003C\u002Fp>\n\u003Cp>Event Viewer on the source machine\u003C\u002Fp>\n\u003Cp>The logon account name and the PublicID (identification ID) of the YubiKey used are output.\u003C\u002Fp>\n\u003Cp>Next, let&#39;s check the Event Viewer of the \u003Cstrong>collector machine\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Log on to the collector machine and open &quot;\u003Cstrong>Windows Logs\u003C\u002Fstrong>&quot; \u003Cstrong>&gt; &quot;Forwarded Events\u003C\u002Fstrong>&quot; in Event Viewer.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_14_69ba5f54c6.png\" alt=\"コレクトマシン側のイベントビューアー\">\u003C\u002Fp>\n\u003Cp>Event Viewer on the collector machine\u003C\u002Fp>\n\u003Cp>YubiOn&#39;s successful logon log was transferred to the collector machine.\u003C\u002Fp>\n\u003Cp>※ It may take some time (about 15 minutes) to be transferred.\u003C\u002Fp>\n\u003Cp>If you have registered multiple PCs, you can identify them by computer name.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>By using the log transfer function of Windows, you can transfer the Event Viewer log output by \u003Cstrong>YubiOn WindowsLogon Standalone\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>This time, I set it to transfer all Application logs, but I think it would be easier to check the necessary logs by transferring only the necessary logs or using a filter.\u003C\u002Fp>\n\u003Cp>Also, this time I introduced the procedure to set the source machines one by one, but if there are many machines and it takes time and effort, it is possible to reduce the time and effort by using the AD group policy.\u003C\u002Fp>\n\u003Cp>Please refer to the \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion\">i\u003C\u002Fa>ntroduction page for details of the \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion\">\u003Cstrong>YubiOn WindowsLogon Standalone\u003C\u002Fstrong>\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Thank you for reading to the end.\u003C\u002Fp>\n","aggregate-yubion-windows-event-logs-another-pc","2023-02-21","2026-04-28T07:34:07.728Z","2026-04-28T07:34:11.402Z",{"id":1333,"documentId":1334,"name":1335,"alternativeText":20,"caption":20,"focalPoint":20,"width":1336,"height":1337,"formats":1338,"hash":1371,"ext":25,"mime":29,"size":1372,"url":1373,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1374,"updatedAt":1374,"publishedAt":1374},1059,"ki84rs8zk1b37ds5awi64ndv","blog-aggregate-yubion-windows-event-logs-another-pc-1.png",1596,864,{"large":1339,"small":1347,"medium":1355,"thumbnail":1363},{"ext":25,"url":1340,"etag":1341,"hash":1342,"mime":29,"name":1343,"path":20,"size":1344,"width":32,"height":1345,"sizeInBytes":1346},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_aggregate_yubion_windows_event_logs_another_pc_1_edbee6be9f.png","4e7eb5800d459a0a989033eba8def403","large_blog_aggregate_yubion_windows_event_logs_another_pc_1_edbee6be9f","large_blog-aggregate-yubion-windows-event-logs-another-pc-1.png",99.01,541,99009,{"ext":25,"url":1348,"etag":1349,"hash":1350,"mime":29,"name":1351,"path":20,"size":1352,"width":41,"height":1353,"sizeInBytes":1354},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_aggregate_yubion_windows_event_logs_another_pc_1_edbee6be9f.png","86e7e219b77f8ffb6d2a3ade8d0c3938","small_blog_aggregate_yubion_windows_event_logs_another_pc_1_edbee6be9f","small_blog-aggregate-yubion-windows-event-logs-another-pc-1.png",40.28,271,40275,{"ext":25,"url":1356,"etag":1357,"hash":1358,"mime":29,"name":1359,"path":20,"size":1360,"width":50,"height":1361,"sizeInBytes":1362},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_aggregate_yubion_windows_event_logs_another_pc_1_edbee6be9f.png","ecbea14dce133b092b9412cc39883f2d","medium_blog_aggregate_yubion_windows_event_logs_another_pc_1_edbee6be9f","medium_blog-aggregate-yubion-windows-event-logs-another-pc-1.png",68.09,406,68086,{"ext":25,"url":1364,"etag":1365,"hash":1366,"mime":29,"name":1367,"path":20,"size":1368,"width":124,"height":1369,"sizeInBytes":1370},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_aggregate_yubion_windows_event_logs_another_pc_1_edbee6be9f.png","507ef1e2eaebcdfc1edd92462a98d0a3","thumbnail_blog_aggregate_yubion_windows_event_logs_another_pc_1_edbee6be9f","thumbnail_blog-aggregate-yubion-windows-event-logs-another-pc-1.png",15.5,133,15498,"blog_aggregate_yubion_windows_event_logs_another_pc_1_edbee6be9f",30.39,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aggregate_yubion_windows_event_logs_another_pc_1_edbee6be9f.png","2026-04-28T07:32:53.378Z",[1376,1377,1378],{"id":297,"documentId":298,"name":299,"slug":20,"createdAt":300,"updatedAt":300,"publishedAt":301},{"id":333,"documentId":334,"name":335,"slug":20,"createdAt":336,"updatedAt":336,"publishedAt":337},{"id":1379,"documentId":1380,"name":1381,"slug":20,"createdAt":1382,"updatedAt":1382,"publishedAt":1383},102,"uqbg02l5gzj5wkl3gqtns0wx","SettingGuide","2026-04-28T06:46:52.463Z","2026-04-28T06:46:54.313Z",{"id":1385,"documentId":1386,"title":1387,"content":1388,"slug":1389,"published":1390,"createdAt":1391,"updatedAt":1391,"publishedAt":1392,"locale":14,"authorManual":570,"cover":1393,"tags":1435},109,"bb7r7m691c2qcsvrc25t0o9g","What are Passkeys? (Part 2)","\u003Cp>In \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-1?lang=en\">Part 1\u003C\u002Fa>, I introduced passkey &quot;in a broad sense&quot;, a mechanism originally called WebAuthn. This time, I will explain the passkey &quot;in the narrow sense&quot;. It will be the story of the &quot;?&quot; part in the figure below.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_1_a30245af38.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>(Click to enlarge)\u003C\u002Fp>\n\u003Ch3>■ Secret stash and its associated problems\u003C\u002Fh3>\n\u003Cp>In the passkey (WebAuthn) authentication introduced so far, the authentication factor (secret information) so not flow over the network, and only authentication information (result) is exchanged. That&#39;s not to say that there are no secrets, but there is data called a &quot;private key&quot; that is used when creating authentication information. The private key must be stored all the time for authentication. Let&#39;s draw a diagram of where the authentication method that has been explained so far is stored.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_2_6d34ea3e06.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>(Click to enlarge)\u003C\u002Fp>\n\u003Cp>In the case of in-device or smartphone authentication, secret information is stored in the TPM of the device. Also, the security key itself is like a TPM, so the secret information is stored in the key as it is. There are some minor differences, but what they all have in common is that they are all factors of &quot;\u003Cstrong>possession\u003C\u002Fstrong>&quot; and that &quot;\u003Cstrong>the private key stored inside cannot be taken out\u003C\u002Fstrong> (*1)&quot;.\u003C\u002Fp>\n\u003Cp>If you have a keen intuition, you may have guessed from the story so far, but with this mechanism, \u003Cstrong>re-registration of authentication is required\u003C\u002Fstrong> when replacing or buying a new device. As a method of re-registration, for example, you can add the authentication information of the new device by logging in with the device for which the authentication information is currently registered. However, regardless of the external security key, it is troublesome to prove that the login on the old device and the registration on the new device is the same users for PCs and smartphones with a built-in TPM in the device(*2). Also, in general, when replacing a smartphone, there are many cases where the old device is taken over and the new device is obtained, and at the same time, there may be cases where there is no time to have the old device and the new device.\u003C\u002Fp>\n\u003Cp>(*1) TPM (or security key) internally creates a &quot;private key&quot; and a &quot;public key&quot; used to verify whether the information is created with the private key when registering, and only the &quot;public key&quot; is returned as data. During authentication, the private key is used internally and only the authentication information is returned, so the private key is not extracted from the TPM.\u003C\u002Fp>\n\u003Cp>(*2) If hybrid authentication can be used, it is possible to perform Hybrid authentication using the old device from the new device, log in once, and then register the new device. If Hybrid authentication cannot be used, you can think of a method such as logging in with the old device and issuing a temporary URL for registering the new device.\u003C\u002Fp>\n\u003Ch3>■ Share private key between devices (multi-device FIDO credential)\u003C\u002Fh3>\n\u003Cp>All of the methods I&#39;ve talked about so far involve having the private key in some physical device. And, as a common problem, it turned out that there was a problem that re-registration was necessary when replacing the device.\u003C\u002Fp>\n\u003Cp>The mission of the FIDO Alliance, to which our company belongs, is to contribute to &quot;reducing the world&#39;s overdependence on passwords&quot;. But even if you create a strong authentication mechanism that replaces passwords, general users will not introduce it if its convenience is low. Therefore, we came up with a mechanism called &quot;\u003Cstrong>Multi-device FIDO Credential\u003C\u002Fstrong> (MDC)&quot; that shares the private key between devices. This is the &quot;\u003Cstrong>narrow sense\u003C\u002Fstrong>&quot; of the \u003Cstrong>passkey\u003C\u002Fstrong> that I have been talking about since part 1.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_3_d06ad879b8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>(Click to enlarge)\u003C\u002Fp>\n\u003Cp>As shown in the diagram above, the private key of MDC is stored on a server on the Internet. When there is an authentication request, the server on the cloud will output the authentication information as same as what was done by the TPM or security key in other examples. The company that provides this cloud-based mechanism is called a &quot;passkey provider&quot;.\u003C\u002Fp>\n\u003Cp>By doing this, the existing authentication can be used on new devices without complicated operations when replacing or buying new devices. Currently, Apple, Google, and Microsoft, which provide major OSs, are actively implementing MDC. On the other hand, because it is a new technology, many issues can be seen, and various discussions are underway centering on the FIDO Alliance.\u003C\u002Fp>\n\u003Ch3>■ Try the &quot;narrow sense&quot; passkey (Multi-device FIDO credential)\u003C\u002Fh3>\n\u003Cp>Apple products are one step ahead when it comes to implementing MDC. I would like to try MDC using a mac and iPad. Both are currently updated to the latest OS and logged in with the same AppleID. Both use Safari browser.\u003C\u002Fp>\n\u003Cp>Access \u003Ca href=\"https:\u002F\u002Fwebauthn.io\u002F\">webauthn.io\u003C\u002Fa> using Safari on your mac, enter your username in the same way as when you used PIN and click &quot;Register&quot;, you will be prompted for Touch ID. (The required authentication is different depending on the model and setting status.)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_4_7d173a915a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Follow the on-screen instructions to authenticate your fingerprint to complete the registration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_5_9e006fa735.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, open the \u003Ca href=\"https:\u002F\u002Fwebauthn.io\u002F\">webauthn.io\u003C\u002Fa> page in the same way with Safari on your iPad.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_6_a65137ef18.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Actually, it will remember the username you entered, so tap &quot;Authenticate&quot; without entering anything.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_7_fb2e1e6755.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Follow the on-screen instructions to perform fingerprint authentication with Touch ID.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_8_e14c39718e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_9_93927c15da.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>As you can see, the authentication information set on the mac side can be used on the iPad side beyond the boundaries of device.\u003C\u002Fp>\n\u003Ch3>■ Summary\u003C\u002Fh3>\n\u003Cp>So far, I have explained about &quot;passkey&quot;, but how was it? I think I was able to convey to some extent the form of evolution from &quot;password&quot; to &quot;passkey&quot;. Because it has not been long since the passkey was announced, there are still many issues to be addressed, such as the need to support OS, browsers, and WEB applications, the search for an easy-to-understand use interface, and the detailed examination of specifications. However, I feel that the goal of &quot;\u003Cstrong>A world without passwords\u003C\u002Fstrong>&quot; is just around the corner. I would like to accelerate this trend and aim for safer and easier-to-use authentication.\u003C\u002Fp>\n\u003Ch3>■ Digression: Regarding the definition of the word &quot;passkey&quot;\u003C\u002Fh3>\n\u003Cp>At this time, it is not clear what exactly the term &quot;passkey&quot; refers to. In this blog, I have selected and explained what I belive to be correct within the scope of the information I have. In this series of blog posts, we take the stance that &quot;passkey&quot; means &quot;WebAuthn&quot; or &quot;FIDO authentication&quot; in a broad sense, and &quot;multi-device FIDO credential (MDC)&quot; in a narrow sense. On the WEB, we often see cases where the Hybrid authentication part is called a &quot;passkey&quot;.\u003C\u002Fp>\n\u003Cp>Regarding the definition of this notation, the FIDO Alliance described it in \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fwhite-paper-multi-device-fido-credentials\u002F\">a white paper published in March 2022\u003C\u002Fa> as follows:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Note that some companies are calling FIDO credentials “passkeys” in their product implementations, in particular when those FIDO credentials may be multi\u0002device credentials.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cblockquote>\n\u003Cp>Note that any use of the term “passkey” in this document refers to such third-party usage of the term and is not a formal term of FIDO Alliance or its specifications.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>In other words, the FIDO Alliance does not define the terms Passkey or Passkeys. (If there is a story such as a clear definition in subsequent presentations, please let me know.)\u003C\u002Fp>\n\u003Cp>As a engineer like myself, I don&#39;t like words with vague definitions. But on the other hand, I think that the word &quot;passkey&quot; is very easy to understand as a term used to convey to many non-computer engineers that &quot;it&#39;s a new type of authentication that replaces passwords&quot;. We hope that the word &quot;passkey&quot; will spread FIDO authentication technology around the world, and we hope that we can help.\u003C\u002Fp>\n\u003Ch3>■ Reference link:\u003C\u002Fh3>\n\u003Cp>[Experimental site]\u003C\u002Fp>\n\u003Cp>WebAuthn.io\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwebauthn.io\u002F\">https:\u002F\u002Fwebauthn.io\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[FIDO Alliance]\u003C\u002Fp>\n\u003Cp>White Paper: Multi-Device FIDO Credentials (FIDO Alliance)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fwhite-paper-multi-device-fido-credentials\">https:\u002F\u002Ffidoalliance.org\u002Fwhite-paper-multi-device-fido-credentials\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[Each company&#39;s opinion]\u003C\u002Fp>\n\u003Cp>Security of Passkeys in the Google Password Manager (Google)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsecurity.googleblog.com\u002F2022\u002F10\u002FSecurityofPasskeysintheGooglePasswordManager.html\">https:\u002F\u002Fsecurity.googleblog.com\u002F2022\u002F10\u002FSecurityofPasskeysintheGooglePasswordManager.html\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>About the security of passkeys (Apple)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT213305\">https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT213305\u003C\u002Fa>\u003C\u002Fp>\n","what-are-passkeys-part-2","2023-02-15","2026-04-28T07:24:09.186Z","2026-04-28T07:24:12.431Z",{"id":1394,"documentId":1395,"name":1396,"alternativeText":20,"caption":20,"focalPoint":20,"width":1397,"height":991,"formats":1398,"hash":1431,"ext":25,"mime":29,"size":1432,"url":1433,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1434,"updatedAt":1434,"publishedAt":1434},976,"srvo14coid3co8e92fulibah","blog-what-are-passkeys-part-2-1.png",3830,{"large":1399,"small":1407,"medium":1415,"thumbnail":1423},{"ext":25,"url":1400,"etag":1401,"hash":1402,"mime":29,"name":1403,"path":20,"size":1404,"width":32,"height":1405,"sizeInBytes":1406},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_what_are_passkeys_part_2_1_a30245af38.png","26882b9f5c2ff29160b487d5b24e7115","large_blog_what_are_passkeys_part_2_1_a30245af38","large_blog-what-are-passkeys-part-2-1.png",119.63,525,119631,{"ext":25,"url":1408,"etag":1409,"hash":1410,"mime":29,"name":1411,"path":20,"size":1412,"width":41,"height":1413,"sizeInBytes":1414},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_what_are_passkeys_part_2_1_a30245af38.png","2e41093ff41bc527075a12004cb54cd6","small_blog_what_are_passkeys_part_2_1_a30245af38","small_blog-what-are-passkeys-part-2-1.png",47.94,263,47940,{"ext":25,"url":1416,"etag":1417,"hash":1418,"mime":29,"name":1419,"path":20,"size":1420,"width":50,"height":1421,"sizeInBytes":1422},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_what_are_passkeys_part_2_1_a30245af38.png","978b2b3a49500b2ef9acecd4e46a9abe","medium_blog_what_are_passkeys_part_2_1_a30245af38","medium_blog-what-are-passkeys-part-2-1.png",80.61,394,80612,{"ext":25,"url":1424,"etag":1425,"hash":1426,"mime":29,"name":1427,"path":20,"size":1428,"width":124,"height":1429,"sizeInBytes":1430},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_what_are_passkeys_part_2_1_a30245af38.png","1616f4fc70449be82588542b1d81899e","thumbnail_blog_what_are_passkeys_part_2_1_a30245af38","thumbnail_blog-what-are-passkeys-part-2-1.png",15.53,129,15527,"blog_what_are_passkeys_part_2_1_a30245af38",172.33,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_1_a30245af38.png","2026-04-28T07:23:06.811Z",[1436,1437,1438],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":232,"documentId":233,"name":234,"slug":20,"createdAt":235,"updatedAt":235,"publishedAt":236},{"id":1440,"documentId":1441,"title":1442,"content":1443,"slug":1444,"published":1445,"createdAt":1446,"updatedAt":1446,"publishedAt":1447,"locale":14,"authorManual":570,"cover":1448,"tags":1491},107,"cda39260upjqsfk6lby9ivzh","What are Passkeys? (Part 1)","\u003Cp>Updated: Mar 7, 2023\u003C\u002Fp>\n\u003Cp>Recently, words such as &quot;Passkeys&quot; can be seen in IT-related news. It&#39;s a hot topic in the security community, but I don&#39;t think the general public understands it. To be honest, I can&#39;t say that I understand the whole picture, but I would like to explain it with the meaning of the summary in my mind.\u003C\u002Fp>\n\u003Ch3>■ What is a passkey?\u003C\u002Fh3>\n\u003Cp>Passkey is a general term for \u003Cstrong>new WEB authentication technology that replaces passwords\u003C\u002Fstrong>. The word &quot;passkey&quot; itself has multiple scopes at the moment, and it&#39;s hard to understand, but the fact that what was called &quot;WebAuthn&quot; in the past came to be called &quot;\u003Cstrong>passkey\u003C\u002Fstrong>&quot; \u003Cstrong>in broad\u003C\u002Fstrong>. First of all, I think it would be quicker for you to experience the passkey (＝WebAuthn) in its broadest sense, so I would like to introduce the demo site and explain how it works.\u003C\u002Fp>\n\u003Cp>&quot;WebAuthn.io&quot;\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwebauthn.io\u002F\">https:\u002F\u002Fwebauthn.io\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can experience user registration and user authentication using WebAuthn on this site. Feel free to try it out.\u003C\u002Fp>\n\u003Ch3>■Try passkeys &quot;in the broadest sense&quot; (WebAuthn)\u003C\u002Fh3>\n\u003Cp>First, let&#39;s register. Enter your username, and click &quot;Register&quot; to display the registration popup. From this point onwards, the behavior will vary depending on the browser, OS, and OS login (logon) status, so please use this as an example only. I&#39;m using Windows 11, and Edge(the latest), and log on to Windows using my Microsoft account.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_1_0816a70caa.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In my case, I have three options:\u003C\u002Fp>\n\u003Col>\n\u003Cli>External security key or built-in sensor:\nAuthentication via FIDO2 security key or Windows Hello (on Windows).\u003C\u002Fli>\n\u003Cli>Smartphone name (Device logged in with another Chrome \u002F Android device connected with (3)):\nThis operation verification is mainly logged in with a work Google account, and the work profile is set only for the smartphone that is normally used. Probably for that reason, the name of the smartphone was displayed by default. If you select this, the operation of (3) will be performed without reading the QR code.\u003C\u002Fli>\n\u003Cli>A different device:\nThis is a method of using another smartphone as an external security key. Read the QR code on the screen with the camera and authenticate with the lock screen authentication on the smartphone side.\nTo use it, the smartphone must also support this function. I directly confirmed iOS15, Android13, or later. Even if the OS supports it, the authentication relay may not be possible depending on the camera application, so if it does not work, it is a good idea to try several camera applications.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>(1) corresponds to so-called FIDO2 authentication, (2) and (3) correspond to Hybrid authentication (formerly known as caBLE) in FIDO2 authentication. Hybrid authentication will be explained in an aside.\u003C\u002Fp>\n\u003Cp>For now, let&#39;s register with a PIN for Windows Hello, one of the FIDO2 authentication methods (You need to set the PIN in advance from Windows Settings → &quot;Accounts&quot; → &quot;Sign-in options&quot;). This corresponds to the actual movement of the explanation part of the PIN explained in the article &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifferences-between-password-and-pin?lang=en\">Differences Between Password and PIN\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_2_1e95356424.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;External security key or built-in sensor&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_3_0dc1dc41b4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the PIN input screen is displayed, enter the set PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_4_a0bb68bde1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Registration has been completed!\u003C\u002Fp>\n\u003Cp>Then let&#39;s try authentication. I think that the username is set at the time of registration, so click &quot;Authenticate&quot; as it is.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_5_fe8f402a1d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter your PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_6_fcceaf4dbe.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Authentication succeeded!\u003C\u002Fp>\n\u003Cp>The reason why these PINs are not sent to the server during registration and authentication is as explained in &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifferences-between-password-and-pin?lang=en\">Differences Between Password and PIN\u003C\u002Fa>&quot;. It transmits authentication information protected by a TPM (security chip), making it much more resistant to attacks over the network than password authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_7_7f9f64569a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>(quoted from &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifferences-between-password-and-pin?lang=en\">Differences Between Password and PIN\u003C\u002Fa>&quot;)\u003C\u002Fp>\n\u003Cp>This time, I tried registering and authenticating with a PIN as an example, but as you can see from the multiple options at the time of registration, &quot;passkey&quot; supports various authentication methods.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Various authentication supported by the OS (PIN, fingerprint, face authentication).\u003C\u002Fli>\n\u003Cli>External security key authentication (PIN\u002Ffingerprint authentication on the security side).\u003C\u002Fli>\n\u003Cli>Authentication by smartphone (PIN, fingerprint, face authentication on the smartphone side).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All of these authentications meet the requirements of multi-factor authentication, and as with the PIN example, authentication factors (the PIN itself, fingerprint information, etc.) do not flow over the network. So they are established as a sufficiently strong authentication mechanism.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_8_67b9d97d28.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>(Click to enlarge)\u003C\u002Fp>\n\u003Cp>These mechanisms that have been explained so far are no different from the technologies that have been implemented under the names of &quot;WebAuthn&quot; and &quot;FIDO2&quot;. At first, I explained that the word &quot;passkey&quot; has multiple meanings, but the explanation up to this point is only a &quot;broad sense&quot; of the passkey. Next time, I will explain the &quot;narrow meaning&quot; of the word &quot;passkey&quot; and the core part of passkey that OS vendors (Apple, Google, Microsoft) are implementing.\u003C\u002Fp>\n\u003Ch3>■ Digression ①: Phishing resistance\u003C\u002Fh3>\n\u003Cp>Originally, one of the mechanisms implemented in WebAuthn\u002FFIDO2 since the term &quot;passkey&quot; did not exist is called phishing resistance. I think many people have heard the word &quot;phishing scam&quot;, but to put it simply, it is &quot;a scam that leads you to a fake site with a similar URL and makes you enter your authentication information to steal your account, information, money, etc.&quot; called phishing.\u003C\u002Fp>\n\u003Cp>WebAuthn is resistant to such phishing attempts. Since the password is manually entered by the user, even if the URL (domain) of the fraudulent site is different, the password may be entered carelessly and the authentication factor (here, the password) may be passed to a malicious third party. However, WebAuthn always checks the domain name mechanically and passes the authentication information (result) only to the matching site. Your authentication factors, and also your authentication information is never passed to a third party.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_9_b34be37942.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Currently, the damage caused by phishing does not appear to decrease but with the spread of passkey, it is believed that account hijacking by fake sites will be considerably suppressed.\u003C\u002Fp>\n\u003Ch3>■ Digression ②: Hybrid authentication (former name: caBLE)\u003C\u002Fh3>\n\u003Cp>Hybrid authentication as briefly explained above, is a mechanism that uses another device such as a smartphone as an external security key. In the case of Google Chrome, there is authentication with an Android device logged in with the same Google account and device authentication using a QR code. As the word &quot;BLE&quot; is included in the old name, both methods ultimately connect devices via BLE (Bluetooth Low Energy) and exchange authentication information. Android device authentication for the same account is supported from Chrome version 94 (2021\u002F09\u002F21), and Hybrid authentication using a QR code is supported from version 100 (2022\u002F03\u002F29). You can use it not only on Android devices but also on third-party products such as iPhones by applying the latest updates.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fstatic.wixstatic.com\u002Fmedia\u002Fe87c25_306bb7981ba740f39576c104cc352f8b~mv2.png\u002Fv1\u002Ffill\u002Fw_49,h_26,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_avif,quality_auto\u002Fe87c25_306bb7981ba740f39576c104cc352f8b~mv2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When it comes to authentication on smartphones, one-time password authentication by SMS is often seen. But in the case of SMS authentication, there is a weakness in that the authentication can be broken if the attacker can check the SMS in some way because the one-time password can be delivered even if the smartphone is in a remote location. On the other hand, in this Hybrid authentication, the device to be authenticated and the smartphone that authenticates perform short-range communication via BLE. So it is possible to reliably satisfy the &quot;possession&quot; of the authentication factor, and the &quot;knowledge&quot; or &quot;inherence&quot; authentication factor is also confirmed by the authentication mechanism of the OS on the smartphone side. From there, you can have strong multi-factor authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_11_fe6ab63325.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Continue to \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-2?lang=en\">the next part\u003C\u002Fa>.\u003C\u002Fp>\n","what-are-passkeys-part-1","2023-02-14","2026-04-28T07:22:45.236Z","2026-04-28T07:22:48.120Z",{"id":1449,"documentId":1450,"name":1451,"alternativeText":20,"caption":20,"focalPoint":20,"width":1452,"height":1453,"formats":1454,"hash":1487,"ext":25,"mime":29,"size":1488,"url":1489,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1490,"updatedAt":1490,"publishedAt":1490},966,"zovq0i1aqht6lt22ngxz1qx3","blog-what-are-passkeys-part-1-1.png",1954,1046,{"large":1455,"small":1463,"medium":1471,"thumbnail":1479},{"ext":25,"url":1456,"etag":1457,"hash":1458,"mime":29,"name":1459,"path":20,"size":1460,"width":32,"height":1461,"sizeInBytes":1462},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_what_are_passkeys_part_1_1_0816a70caa.png","dfe943a1f15b57a023d5a50a229161e1","large_blog_what_are_passkeys_part_1_1_0816a70caa","large_blog-what-are-passkeys-part-1-1.png",255.45,535,255449,{"ext":25,"url":1464,"etag":1465,"hash":1466,"mime":29,"name":1467,"path":20,"size":1468,"width":41,"height":1469,"sizeInBytes":1470},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_what_are_passkeys_part_1_1_0816a70caa.png","ba4b92d0b5220f96135efb09e886111f","small_blog_what_are_passkeys_part_1_1_0816a70caa","small_blog-what-are-passkeys-part-1-1.png",81.26,268,81262,{"ext":25,"url":1472,"etag":1473,"hash":1474,"mime":29,"name":1475,"path":20,"size":1476,"width":50,"height":1477,"sizeInBytes":1478},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_what_are_passkeys_part_1_1_0816a70caa.png","9dc6568ffc61026f5b6e59895e824d68","medium_blog_what_are_passkeys_part_1_1_0816a70caa","medium_blog-what-are-passkeys-part-1-1.png",160.16,401,160157,{"ext":25,"url":1480,"etag":1481,"hash":1482,"mime":29,"name":1483,"path":20,"size":1484,"width":124,"height":1485,"sizeInBytes":1486},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_what_are_passkeys_part_1_1_0816a70caa.png","f96ce2b32fa7d3a0ef59a4185eafa890","thumbnail_blog_what_are_passkeys_part_1_1_0816a70caa","thumbnail_blog-what-are-passkeys-part-1-1.png",30.06,131,30057,"blog_what_are_passkeys_part_1_1_0816a70caa",150.28,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_1_0816a70caa.png","2026-04-28T07:21:47.052Z",[1492,1493,1494],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":148,"documentId":149,"name":150,"slug":20,"createdAt":151,"updatedAt":151,"publishedAt":152},{"id":232,"documentId":233,"name":234,"slug":20,"createdAt":235,"updatedAt":235,"publishedAt":236},{"id":1496,"documentId":1497,"title":1498,"content":1499,"slug":1500,"published":1501,"createdAt":1502,"updatedAt":1502,"publishedAt":1503,"locale":14,"authorManual":570,"cover":1504,"tags":1548},73,"y25ef9qpa8sxxwzki6sm1sk2","Protect Your Apple ID with a Security Key","\u003Cp>January 23rd (local time), Apple released the latest update for iOS, iPadOS, and macOS. This release supports physical authentication device security key as two-factor authentication for Apple ID. When signing in with Apple ID, after entering the password, a 6-digit verification code is displayed on the trusted device (iPhone, iPad, macOS device), and security was strengthened by entering the verification code.\u003C\u002Fp>\n\u003Cp>This time, I will introduce &quot;What is the advantage of using security keys?&quot;, &quot;What are the conditions of use?&quot;, &quot;What kind of security key should I choose?&quot;, &quot;How to set it?&quot;, &quot;How to authenticate?&quot;.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Table of Contents\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Ca href=\"#viewer-79vns\">\u003Cstrong>Precautions\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-cshbb\">\u003Cstrong>Advantages of using security keys\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-3422j\">\u003Cstrong>Conditions of use of security key\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-lm29\">\u003Cstrong>How to choose a security key\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-86md6\">\u003Cstrong>About FIDO Security Key\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-ehero\">\u003Cstrong>Set up the security key\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-c3m2j\">\u003Cstrong>How to set up the security key\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-49mtp\">\u003Cstrong>How to set up on iPhone or iPad\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-878s8\">\u003Cstrong>How to set up on Mac\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-dsoko\">\u003Cstrong>How to authenticate with a security key\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-3ifiv\">\u003Cstrong>FAQ\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Precautions\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Cstrong>About inquiry\u003C\u002Fstrong>\nFor inquiries about security keys, don&#39;t hesitate to get in touch with us using our \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">\u003Cstrong>contact form\u003C\u002Fstrong>\u003C\u002Fa>. If you have any questions about setting up your Apple ID, please contact Apple.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>About account recovery after setting the security key\u003C\u002Fstrong>\nWe recommend that you should register at least two security keys. One should be kept in a safe place as a backup, and you can use it in case your main key was lost. If you lose all your security keys, you could be locked out of your Apple ID account permanently.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disclaimer\u003C\u002Fstrong>\nWe do not guarantee any problems regarding the security key setting for Apple ID protection. Please make the settings at your own risk.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>Advantages of using security keys\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The bottom line is that using physical security keys for two-factor authentication can prevent a variety of attacks, including phishing attacks.\u003C\u002Fp>\n\u003Cp>Phishing attacks often use email or SMS to redirect users to fake sites to steal Apple IDs, passwords, and verification codes. If you use a security key as your second factor, you&#39;ll use the security key every time you authenticate, protecting you from attacks.\u003C\u002Fp>\n\u003Cp>Recently, it has become a convenient world where you can do anything with just a smartphone, but the number of cases of being victimized by such attacks is increasing. So it is recommended for those who want more robust security.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Conditions of use of security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>To use a security key as two-factor authentication for your Apple ID, the following conditions must be met.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Have at least two\u003C\u002Fstrong> FIDO® Certified* security keys for Apple devices.\n→ Details are explained in the &quot;\u003Ca href=\"#viewer-lm29\">\u003Cstrong>How to choose a security key\u003C\u002Fstrong>\u003C\u002Fa>&quot; section.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>iOS 16.3, iPadOS 16.3, or macOS Ventura 13.2 or later\u003C\u002Fstrong> installed on all devices that you sign in with your Apple ID.\n→ Refer to \u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT201222\">\u003Cstrong>here\u003C\u002Fstrong>\u003C\u002Fa> for details on compatible devices.\u003C\u002Fli>\n\u003Cli>You have set \u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT204915\">\u003Cstrong>Two-factor authentication for Apple ID\u003C\u002Fstrong>\u003C\u002Fa>.\nIf you have to enter a verification code when logging in with your Apple ID, it means two-factor authentication has already been set.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecifications\u002F\">\u003Cstrong>WebAuthn\u003C\u002Fstrong>\u003C\u002Fa>-compatible browsers such as Safari, Chrome, Edge, and Firefox can be used. (The latest version is recommended.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ Please check \u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT213154\">\u003Cstrong>here\u003C\u002Fstrong>\u003C\u002Fa> for which the security key cannot be used with an Apple ID.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>How to choose a security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>As introduced on Apple&#39;s official page, the security key used for two-factor authentication of Apple ID must be compatible with &quot;\u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecifications\u002F\">\u003Cstrong>FIDO\u003C\u002Fstrong>\u003C\u002Fa>&quot;. &quot;YubiKey (by Yubico)&quot;, which is also introduced on Apple&#39;s official page, supports FIDO and can be selected according to the interface of the Apple device to be used. We are an authorized reseller of Yubico and sell YubiKeys. If you are looking for it, please purchase it from the \u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">\u003Cstrong>YubiKey shop\u003C\u002Fstrong>\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">\u003Cstrong>Amazon\u003C\u002Fstrong>\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Click \u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT201736\">\u003Cstrong>here\u003C\u002Fstrong>\u003C\u002Fa> to find your Mac port.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>List of YubiKeys\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_1_b6374f1029.png\" alt=\"\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The upper YubiKey 5 series is a model that supports multiple protocols (OTP, PIV, OpenPGP, etc.) including FIDO. The Security Key series in the middle row is a relatively inexpensive model that supports the FIDO protocol only. The YubiKey Bio series at the bottom is the only biometric authentication model and supports the FIDO protocol.\u003C\u002Fp>\n\u003Cp>If you are using an iPhone, we recommend NFC-compatible ones (those with NFC in the product name). YubiKey 5Ci is recommended when connecting to an iPhone, iPad, or macOS device.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">\u003Cstrong>Buy at the YubiKey Shop\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">\u003Cstrong>Buy on Amazon\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>About FIDO Security Key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecifications\u002F\">\u003Cstrong>FIDO\u003C\u002Fstrong>\u003C\u002Fa> is a highly secure authentication method that uses public key cryptography and is characterized by its robust phishing resistance. I won&#39;t go into the detailed technical specifications here. Among the FIDO protocols, there are differences in security key operation depending on whether FIDO2 or FIDO U2F is supported, so I will briefly explain the differences.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FIDO U2F\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FIDO U2F is designed to act as a second factor of authentication. For example, after entering a password, it is used to confirm possession by a touch operation of the security key. However, it does not confirm the fingerprint-by-touch operation but confirms that you have it to the last.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FIDO2\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FIDO2 is designed to work as passwordless while remaining compatible with FIDO U2F. For example, after entering the ID, insert the security key and confirm the PIN or biometric. FIDO2 enables \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifference-between-2-step-verification-2-factor-authentication-and-multi-factor-authentication-mfa?lang=en\">\u003Cstrong>two-factor authentication\u003C\u002Fstrong>\u003C\u002Fa> based on possession and knowledge or inherence with a single security key.\u003C\u002Fp>\n\u003Cp>(All YubiKeys introduced in this article support FIDO2.)\u003C\u002Fp>\n\u003Cp>If you have a security key that supports FIDO2, please refer to the next section &quot;Set up the security key&quot; to add a PIN or enroll your fingerprint.\u003C\u002Fp>\n\u003Cp>※ When logging in with an Apple ID, the behavior changes depending on whether the PIN for the security key is set or not. Those with a PIN will work as FIDO2, and those without a PIN will only require the touch of the security key.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Set up the security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>FIDO2-compatible security key does not have a PIN set in the initial state. Please set the security key PIN based on the setting information below. You can enroll your fingerprint for the biometric key after setting the PIN.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If you are using a macOS device, please refer to the following page:\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting---fingerprint-setting-for-macos?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for macOS\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>If you are using a Windows device, please refer to the following page:\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for Windows\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ When logging in with an Apple ID, the behavior changes depending on whether the PIN for the security key is set or not. Those with a PIN will work as FIDO2, and those without a PIN will only require the touch of the security key.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>How to set up the security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Before setting the security key, prepare two security keys.\u003C\u002Fp>\n\u003Cp>※ For information on purchasing a security key, refer to \u003Ca href=\"#viewer-lm29\">\u003Cstrong>How to choose a security key\u003C\u002Fstrong>\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>About security key registration:\u003C\u002Fstrong>\nWhen registering a security key, if the registration process takes too long or the NFC response is poor, the error message &quot;This security key cannot be registered&quot; may appear. In that case, please try again.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>About using the verification code:\u003C\u002Fstrong>\nAfter setting a security key, the security key is required for two-factor authentication. You will no longer be able to authenticate with the verification code that you have been using. If all security keys are deleted, it will revert to verifying with a verification code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>About account recovery after security key setting:\u003C\u002Fstrong>\nWe recommend that you should register at least two security keys. One should be kept in a safe place as a backup, and you can use it in case your main key was lost. If you lose all your security keys, you could be locked out of your Apple ID account permanently.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>About security key reset:\u003C\u002Fstrong>\nThe FIDO2 security key will be locked if the PIN is incorrect 8 times in a row. In that case, you will need to \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">\u003Cstrong>reset the security key\u003C\u002Fstrong>\u003C\u002Fa>. After resetting, you will lose all the authentication information you have registered so far, so you will need to set it again.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The setting is explained according to the Apple device you are using.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-49mtp\">\u003Cstrong>How to set up on iPhone or iPad\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-878s8\">\u003Cstrong>How to set up on Mac\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>How to set up on iPhone or iPad\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>In this article, &quot;YubiKey 5 NFC&quot; and &quot;YubiKey 5Ci&quot; are used.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Open &quot;Settings&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_2_f167a2e813.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"2\">\n\u003Cli>Tap your username.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_3_db34abd43c.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Tap &quot;Password &amp; Security&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_4_d3d12cddc9.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"4\">\n\u003Cli>Tap &quot;Add Security Keys&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_5_12783d0e35.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"5\">\n\u003Cli>Tap &quot;Add Security Keys&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_6_1313e3a30f.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"6\">\n\u003Cli>Tap &quot;Continue&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_7_7f26ca38bb.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"7\">\n\u003Cli>Enter your iPhone passcode.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_8_098ec0d016.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"8\">\n\u003Cli>Connect your security key and touch the button. Or hold the NFC-compatible security key over it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_9_0c628cc299.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_10_10770c0acd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of using NFC\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_11_19ffb97db6.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of connecting\u003C\u002Fp>\n\u003Cp>※ In the case of YubiKey 5Ci, there are small metal parts on the left and right, and it reacts when touched there. Even with other security keys, the button part is blinking, so I think you won&#39;t get lost too much.\u003C\u002Fp>\n\u003Col start=\"9\">\n\u003Cli>Enter the &quot;PIN&quot; set for your security key.\n※ If your security key is not set a PIN, this process will be skipped and only the touch of the security key will be required. (See \u003Ca href=\"#viewer-86md6\">\u003Cstrong>About FIDO Security Key\u003C\u002Fstrong>\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_12_9f35b515ae.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"10\">\n\u003Cli>After entering the PIN, a message will be displayed. So touch your security again. Or hold your security key over it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>※ The message will not be displayed if the NFC is held up.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_13_ab956091a9.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"11\">\n\u003Cli>Enter any name for your security key.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_14_25a865290f.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"12\">\n\u003Cli>Since registration of the second key starts, connect your security key and touch the button. Or hold the NFC-compatible security key over it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_15_3cf82a2e15.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_10_10770c0acd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of using NFC\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_11_19ffb97db6.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of connecting\u003C\u002Fp>\n\u003Cp>※ In the case of YubiKey 5Ci, there are small metal parts on the left and right, and it reacts when touched there. Even with other security keys, the button part is blinking, so I think you won&#39;t get lost too much.\u003C\u002Fp>\n\u003Col start=\"13\">\n\u003Cli>Enter the &quot;PIN&quot; set for your security key.\n※ If your security key is not set a PIN, this process will be skipped and only the touch of the security key will be required. (See \u003Ca href=\"#viewer-86md6\">\u003Cstrong>About FIDO Security Key\u003C\u002Fstrong>\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_12_9f35b515ae.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"14\">\n\u003Cli>After entering the PIN, a message will be displayed. So touch your security again. Or hold your security key over it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_16_0971bbc3d4.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"15\">\n\u003Cli>Enter any name for your security key and proceed to the next step.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_17_9c2f54a10a.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"16\">\n\u003Cli>Finally, check the device associated with your Apple ID and select one of the following:\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>Stay signed in to all devices.\u003C\u002Fli>\n\u003Cli>Select devices that you don&#39;t want to continue to have access to your account and sign out of them.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_18_aeb86d889e.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"17\">\n\u003Cli>Click &quot;Done&quot; to finish the operation.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_19_1fcc804804.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The security key setting is complete.\u003C\u002Fp>\n\u003Cp>For the authentication method, please check the &quot;\u003Cstrong>How to authenticate the security key\u003C\u002Fstrong>&quot; section.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>How to set up on Mac\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This article uses &quot;YubiKey 5Ci&quot; and &quot;YubiKey Bio - FIDO Edition&quot;. The first is registered by connecting YubiKey 5Ci and entering a PIN. And the second is registered by connecting YubiKey Bio - FIDO Edition and biometrics (fingerprint).\u003C\u002Fp>\n\u003Cp>※ This time, for the sake of explanation, we are testing a pattern of PIN and biometrics (fingerprint).\u003C\u002Fp>\n\u003Col>\n\u003Cli>Click &quot;System Settings...&quot; from the Apple menu.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_20_3645f65c30.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"2\">\n\u003Cli>Click your username, and click &quot;Password &amp; Security&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_21_00b3b18f25.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Click &quot;Add...&quot; on the right side of the Security Keys component.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_22_75abbcf1fa.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"4\">\n\u003Cli>Click &quot;Add Security Keys&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_23_2fbff82b82.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"5\">\n\u003Cli>Click &quot;Continue&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_24_3d38c2a15c.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"6\">\n\u003Cli>Enter your Mac passcode.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_25_7c434134b4.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"7\">\n\u003Cli>Click &quot;Continue&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_26_8c01763548.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"8\">\n\u003Cli>Connect your security key, and touch the button.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_27_1fabef7d6c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_28_a2d053421d.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of non-bio\u003C\u002Fp>\n\u003Cp>※ In the case of YubiKey 5Ci, there are small metal parts on the left and right, and it reacts when touched there. Even with other security keys, the button part is blinking, so I think you won&#39;t get lost too much.\u003C\u002Fp>\n\u003Col start=\"9\">\n\u003Cli>Enter the &quot;PIN&quot; set for your security key.\n※ If your security key is not set a PIN, this process will be skipped and only the touch of the security key will be required. (See \u003Cstrong>About FIDO Security Key\u003C\u002Fstrong>)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>※ If you are using a biometric (fingerprint) key, there is no need to enter a PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_29_b65c751d36.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"10\">\n\u003Cli>After entering PIN, the following message will be displayed, so touch the button of the connected security key.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_30_109c42ae4e.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"11\">\n\u003Cli>Enter any name for your security key and click &quot;Continue&quot;.\n　※ Proceed to the next step after pressing the Return key in the input field.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_31_77afb63d75.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"12\">\n\u003Cli>Click &quot;Continue&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_32_5d0d6c1e73.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"13\">\n\u003Cli>Connect your security key, and touch the button.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>※ The second key registration is described as a biometric (fingerprint) key registration. If you are using a non-biometric key, the operation is the same as the first registration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_33_14441f22cd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_34_a33c18d80e.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of biometric\u003C\u002Fp>\n\u003Cp>※ For the YubiKey Bio, touch the fingerprint sensor in the middle (you should touch the fingerprint sensor and its edge ring).\u003C\u002Fp>\n\u003Col start=\"14\">\n\u003Cli>Enter any name for your security key and click &quot;Continue&quot;.\n　※ Proceed to the next step after pressing the Return key in the input field.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_35_d2936de2c0.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"15\">\n\u003Cli>Finally, check the device associated with your Apple ID and select one of the following:\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>Stay signed in to all devices.\u003C\u002Fli>\n\u003Cli>Select devices that you don&#39;t want to continue to have access to your account and sign out of them.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_36_f7d0744a39.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"16\">\n\u003Cli>Once completed, you will see the message below. Click &quot;Done&quot; to finish the operation.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_37_b0fc3c0cfd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The security key setting is complete.\u003C\u002Fp>\n\u003Cp>For the authentication method, please check the &quot;\u003Ca href=\"#viewer-dsoko\">\u003Cstrong>How to authenticate with a security key\u003C\u002Fstrong>\u003C\u002Fa>&quot; section.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>How to authenticate with a security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>This time, I will use an iPhone and take an iCloud login as an example.\u003C\u002Fp>\n\u003Cp>(The authentication flow is the same for Mac.)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Authentication may fail if the authentication operation takes a long time. Specifically, if it takes a long time to complete the authentication operation (touch operation, PIN input, fingerprint confirmation) after the security key is requested, authentication may fail.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Col>\n\u003Cli>Enter your Apple ID end password.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_38_ba1405b13b.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"2\">\n\u003Cli>Tap &quot;Continue&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_39_f49726eae1.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Connect your security key and touch the button. Or hold the NFC-compatible security key over it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_40_bc8eebae6b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_41_088a3e7bc7.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of using NFC\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_42_99ef4803ba.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of connecting\u003C\u002Fp>\n\u003Col start=\"4\">\n\u003Cli>Enter the &quot;PIN&quot; set for your security key.\n※ If your security key is not set a PIN, this process will be skipped and only the touch of the security key will be required. (See \u003Ca href=\"#viewer-86md6\">\u003Cstrong>About FIDO Security Key\u003C\u002Fstrong>\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>※ If you are using a biometric (fingerprint) key, there is no need to enter a PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_43_0ecb177118.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"5\">\n\u003Cli>Touch your security button again. Or hold the NFC-compatible security key over it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_44_19f3e94288.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"6\">\n\u003Cli>Choose whether to trust the browser or not.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>Don&#39;t trust:\nRequire two-factor authentication every time.\u003C\u002Fli>\n\u003Cli>Trust:\nIf you trust it, it won&#39;t require two-factor authentication when you log in on that device for 30 days.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_45_29b4c2a678.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"7\">\n\u003Cli>Login completed.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_46_a651de4740.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>FAQ\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cstrong>Why is &quot;Add Security Keys&quot; not displayed in &quot;Password &amp; Security&quot;?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please check &quot;Conditions of use of security key&quot;. If the setting items are not displayed even though the conditions are met, please contact Apple.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>An error message is displayed when registering the security key and registration is not completed. What should I do now?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When registering a security key, if the registration process takes too long or the NFC response is poor, the error message &quot;This security key cannot be registered&quot; may appear. In that case, please try again.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What is the maximum number of security keys that can be set?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Up to 6 keys can be registered.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Can I go back to using the verification code?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By deleting all security keys, it is possible to return to verification code authentication.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>My security key is blocked. What should I do?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FIDO2 security keys will be blocked if the PIN is incorrect 8 times in a row. In that case, you will need to reset your security key. After resetting, you will lose all the authentication information you have registered so far, so you will need to set it again. For security key setting, see &quot;Set up the security key&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What happens if I lose all my security keys?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you lose all your security keys, Apple cannot help you access your account. So keep your backup key safe.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Authentication using the security key fails. What should I do?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>There are several reasons for authentication failure, please check below:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The authentication operation is taking too long:\nSpecifically, if it takes a long time to complete the authentication operation (touch operation, PIN input, fingerprint confirmation) after the security key is requested, authentication may fail.\u003C\u002Fli>\n\u003Cli>Check if the security key is connected halfway.\u003C\u002Fli>\n\u003Cli>If you are using a USB hub, try connecting it directly to your device and check.\u003C\u002Fli>\n\u003Cli>Your security key is blocked:\nAfter 8 consecutive failed PIN attempts, the security key will be blocked. Please check &quot;My security key is blocked. What should I do?&quot;.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>I forgot my security key PIN. What should I do?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you forgot your PIN, you will need to reset your security key. As a precaution, after you reset your security key, all authentication information will be lost, so you will need to set it up again. For security key setting, see &quot;Set up the security key&quot;.\u003C\u002Fp>\n","protect-apple-id-with-security-key","2023-02-06","2026-04-28T06:55:32.176Z","2026-04-28T06:55:35.816Z",{"id":1505,"documentId":1506,"name":1507,"alternativeText":20,"caption":20,"focalPoint":20,"width":1508,"height":1509,"formats":1510,"hash":1543,"ext":25,"mime":29,"size":1544,"url":1545,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1546,"updatedAt":1546,"publishedAt":1547},676,"tg200evgo3cemibw9zhql8ey","blog-protect-apple-id-with-security-key-1.png",1060,680,{"large":1511,"small":1519,"medium":1527,"thumbnail":1535},{"ext":25,"url":1512,"etag":1513,"hash":1514,"mime":29,"name":1515,"path":20,"size":1516,"width":32,"height":1517,"sizeInBytes":1518},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_protect_apple_id_with_security_key_1_b6374f1029.png","2f2712999247d96a51eff01c83185db2","large_blog_protect_apple_id_with_security_key_1_b6374f1029","large_blog-protect-apple-id-with-security-key-1.png",134.07,642,134065,{"ext":25,"url":1520,"etag":1521,"hash":1522,"mime":29,"name":1523,"path":20,"size":1524,"width":41,"height":1525,"sizeInBytes":1526},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_protect_apple_id_with_security_key_1_b6374f1029.png","84961bcd5277885c15b36e50aa5a03a3","small_blog_protect_apple_id_with_security_key_1_b6374f1029","small_blog-protect-apple-id-with-security-key-1.png",45.73,321,45729,{"ext":25,"url":1528,"etag":1529,"hash":1530,"mime":29,"name":1531,"path":20,"size":1532,"width":50,"height":1533,"sizeInBytes":1534},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_protect_apple_id_with_security_key_1_b6374f1029.png","bacd389230706e1614b2e04a8e33b8b7","medium_blog_protect_apple_id_with_security_key_1_b6374f1029","medium_blog-protect-apple-id-with-security-key-1.png",86.47,481,86472,{"ext":25,"url":1536,"etag":1537,"hash":1538,"mime":29,"name":1539,"path":20,"size":1540,"width":1541,"height":59,"sizeInBytes":1542},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_protect_apple_id_with_security_key_1_b6374f1029.png","c16e86ded06ad7d4c1d7505c81da077f","thumbnail_blog_protect_apple_id_with_security_key_1_b6374f1029","thumbnail_blog-protect-apple-id-with-security-key-1.png",15.83,243,15826,"blog_protect_apple_id_with_security_key_1_b6374f1029",37.99,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_1_b6374f1029.png","2026-04-28T06:51:38.674Z","2026-04-28T06:51:38.675Z",[1549,1550,1551],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":550,"documentId":551,"name":552,"slug":20,"createdAt":553,"updatedAt":553,"publishedAt":554},{"id":967,"documentId":1552,"name":1553,"slug":20,"createdAt":1554,"updatedAt":1554,"publishedAt":1555},"nyxtb4vjpdejk3vwhn6u6or0","Apple","2026-04-28T06:55:27.357Z","2026-04-28T06:55:29.195Z",{"id":1557,"documentId":1558,"title":1559,"content":1560,"slug":1561,"published":1562,"createdAt":1563,"updatedAt":1563,"publishedAt":1564,"locale":14,"authorManual":570,"cover":1565,"tags":1605},25,"i66ur4ae6up4ek8n271o1ny2","Differences Between Password and PIN","\u003Cp>Both passwords and PINs are secret words (or numbers) that only you know. And, you have to enter text for both. A PIN is shorter and uses fewer types of characters. So at first glance PIN tends to be considered &quot;weak&quot;, but Microsoft and others say that &quot;PIN is more secure than password&quot;. I&#39;m sure you&#39;ve seen this during the initial setup of Windows (10, 11), but why?\u003C\u002Fp>\n\u003Cp>The big difference between a password and a PIN is how the characters you type are handled.\u003C\u002Fp>\n\u003Cp>The password is used for authentication, but the PIN is &quot;not used for authentication&quot;.\u003C\u002Fp>\n\u003Cp>Writing it might lead to misunderstandings, so I&#39;m going to give you an example and explain it in a little more detail.\u003C\u002Fp>\n\u003Cp>We will proceed with the discussion assuming access to a WEB service that supports login by password and login by PIN(*1) on a PC.\u003C\u002Fp>\n\u003Cp>(*1) From a technical point of view, we assume a WEB service that supports login using &quot;WebAuthn&quot;.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Password\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>When you log in by entering your ID and password, the entered character information is sent to the WEB service server as is. The server receives the ID and password, checks whether the password matches or not, and allows logging in if there is no problem.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_differences_between_password_and_pin_1_c6cbb4ed57.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>PIN\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>If you log in by entering your ID and PIN, first your PIN is used to access the security chip called &quot;TPM&quot; (*2) in your computer. A TPM creates a credential that only the TPM can create. The ID and the credential created by the TPM are sent to the server, and if the server determines that there is no problem, login is permitted.\u003C\u002Fp>\n\u003Cp>(*2) A precise explanation of the TPM will be lengthy, so I will omit it, but please think of it here as a chip that can create much stronger encryption than a password.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_differences_between_password_and_pin_2_6ea1c1494d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Earlier, I wrote that the PIN is &quot;not used for authentication&quot;, but to be precise, it is &quot;used for TPM authentication&quot;. However, since the TPM is in the PC at hand, the PIN itself will not flow over the network.\u003C\u002Fp>\n\u003Cp>With the content so far, I think that the characteristics of the PIN have become a little clearer. There are two major differences from the password:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>・PIN does not low over the network.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>・PIN authentication cannot be performed without a PC and a PIN.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>From these features, I think you can see that it is strong against attacks such as eavesdropping on the network, and has \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifference-between-2-step-verification-2-factor-authentication-and-multi-factor-authentication-mfa?lang=en\">two-factor authentication\u003C\u002Fa> of knowledge (PIN) and possession (PC), which is much stronger than a password.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Finally\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>This time, I used a PC as an example, but in fact, not only PCs but also smartphones and tablets have similar mechanisms. In addition, the FIDO2 security keys that we sell are used in combination with PCs and smartphones, but they can play the role of the TPM that came out in this story. It&#39;s like an external TPM.\u003C\u002Fp>\n\u003Cp>We are also developing solutions using security keys, so if you are interested, please take a look at our solutions and blogs. If you are looking for an authentication device, you can buy it from the link below.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKeyShop Authorized Reseller\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">https:\u002F\u002Fykey.yubion.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Amazon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&amp;marketplaceID=A1VC38T7YXB528\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Thanks for reading until the end.\u003C\u002Fp>\n","differences-between-password-and-pin","2023-02-01","2026-04-28T06:20:44.983Z","2026-04-28T06:20:47.749Z",{"id":1421,"documentId":1566,"name":1567,"alternativeText":20,"caption":20,"focalPoint":20,"width":934,"height":1568,"formats":1569,"hash":1601,"ext":25,"mime":29,"size":1602,"url":1603,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1604,"updatedAt":1604,"publishedAt":1604},"qvxf989g1upcg0zehb2ez401","blog-differences-between-password-and-pin-1.png",1525,{"large":1570,"small":1577,"medium":1585,"thumbnail":1593},{"ext":25,"url":1571,"etag":1572,"hash":1573,"mime":29,"name":1574,"path":20,"size":1575,"width":32,"height":316,"sizeInBytes":1576},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_differences_between_password_and_pin_1_c6cbb4ed57.png","7b8d7a5dc4930cde187a0a04cb43c31d","large_blog_differences_between_password_and_pin_1_c6cbb4ed57","large_blog-differences-between-password-and-pin-1.png",74.43,74433,{"ext":25,"url":1578,"etag":1579,"hash":1580,"mime":29,"name":1581,"path":20,"size":1582,"width":41,"height":1583,"sizeInBytes":1584},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_differences_between_password_and_pin_1_c6cbb4ed57.png","4be33089e7d26fd1e53ad1eebf112557","small_blog_differences_between_password_and_pin_1_c6cbb4ed57","small_blog-differences-between-password-and-pin-1.png",28.88,194,28876,{"ext":25,"url":1586,"etag":1587,"hash":1588,"mime":29,"name":1589,"path":20,"size":1590,"width":50,"height":1591,"sizeInBytes":1592},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_differences_between_password_and_pin_1_c6cbb4ed57.png","98782ee5969d9219e060fc9f667d910b","medium_blog_differences_between_password_and_pin_1_c6cbb4ed57","medium_blog-differences-between-password-and-pin-1.png",49.66,291,49655,{"ext":25,"url":1594,"etag":1595,"hash":1596,"mime":29,"name":1597,"path":20,"size":1598,"width":124,"height":1599,"sizeInBytes":1600},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_differences_between_password_and_pin_1_c6cbb4ed57.png","eb3a4fac749bad4ddc63a3beccc1a0e7","thumbnail_blog_differences_between_password_and_pin_1_c6cbb4ed57","thumbnail_blog-differences-between-password-and-pin-1.png",11.07,95,11066,"blog_differences_between_password_and_pin_1_c6cbb4ed57",138.43,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_differences_between_password_and_pin_1_c6cbb4ed57.png","2026-04-28T06:20:34.441Z",[1606],{"id":232,"documentId":233,"name":234,"slug":20,"createdAt":235,"updatedAt":235,"publishedAt":236},{"id":1608,"documentId":1609,"title":1610,"content":1611,"slug":1612,"published":1613,"createdAt":1614,"updatedAt":1614,"publishedAt":1615,"locale":14,"authorManual":570,"cover":1616,"tags":1656},23,"mvmpui47dd0yz47118fgsh7k","Difference Between 2-step Verification, 2-factor Authentication and Multi-factor Authentication(MFA)","\u003Cp>Many Web services use &quot;password&quot; authentication. However, due to various attacks in recent years, it is no longer possible to guarantee security strength with only &quot;password&quot; authentication. &quot;\u003Cstrong>Two-step verification\u003C\u002Fstrong>&quot;, &quot;\u003Cstrong>Two-factor authentication\u003C\u002Fstrong>&quot;, and &quot;\u003Cstrong>Multi-factor authentication (MFA)\u003C\u002Fstrong>&quot; are authentication methods that have emerged to increase the strength of authentication. This time, I would like to explain the differences between them.\u003C\u002Fp>\n\u003Ch2>Table of Contents\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-44hqb\">3 factors of authentication\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-dgl0b\">Two-step verification\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-369dv\">Two-factor authentication\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-fa4ac\">Multi-factor authentication\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-9qcn7\">Finally\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>3 factors of authentication\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Before getting into the main topic, let me explain the important &quot;3 factors of authentication&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The factors of authentication are roughly divided into three: &quot;Knowledge Information&quot;, &quot;Possession Information&quot;, and &quot;Inherence Information&quot;.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Authentication by Knowledge Information\u003C\u002Fstrong>\nA method of authenticating with knowledge information known only to the user, such as a password, PIN, secret question, etc. Password-based authentication is relatively easy to introduce, but it has its disadvantages. There is a risk of unauthorized use due to brute force attacks that attempt passwords many times and phishing attacks that steal passwords. There is also the risk of expanding the damage by using the same password on multiple sites. In this way, it is no longer possible to guarantee security strength with authentication using only passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Authentication by Possession Information\u003C\u002Fstrong>\nA method of authenticating information held by the user, such as an IC card (such as an employee ID card), a security key for a physical device, or a smartphone. In authentication by IC card, the information in the card is read and authenticated. Security key authentication supports multiple authentication formats (one-time password, FIDO, etc.). With authentication by smartphone, it is possible to authenticate with an app or receive a code by SMS. Although it depends on the form of authentication, it is not shared like a password, so it is a relatively strong authentication method. However, you need to be careful as there is a risk of loss or theft.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Authentication by Inherence Information\u003C\u002Fstrong>\nA method of authentication using the user&#39;s physical characteristics such as fingerprints, face, or veins. By using biometrics, there is no need to remember passwords or forget the authentication device, enabling highly convenient and secure authentication. However, this authentication method does not authenticate with 100% accuracy. It may not be possible to identify due to changes in the body due to aging or damage to the body due to an accident. In addition, if biometric information is fraudulently forged in some way, there is a risk of unauthorized access to the biometric login system.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These are the 3 factors of authentication. The authentication methods described below are methods of increasing security strength while compensating for the disadvantages of each authentication factor by dividing authentication into multiple times or combining authentication factors.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Two-step verification\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>An authentication method that authenticates by dividing one of the three factors of authentication into two times.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_verification_vs_2_factor_authentication_mfa_2_2a1d48a4a2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>As a common one, after entering &quot;ID &amp; password (knowledge)&quot;, by entering the &quot;confirmation code (knowledge)&quot; received by e-mail, etc., two-step verification is performed in which the &quot;knowledge information&quot; is authenticated in two steps. By using this authentication method, even if password authentication is broken by a third party, authentication cannot be performed without knowing the confirmation code. This authentication has a higher security strength than password-only authentication.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Two-factor authentication\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>An authentication method that combines two different authentication factors out of the three authentication factors of &quot;knowledge information&quot;, &quot;possession information&quot;, and &quot;inherence information&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_verification_vs_2_factor_authentication_mfa_3_7c20222f81.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A familiar example is ATM authentication. By inserting a &quot;cash card (possession)&quot; into an ATM and entering a &quot;PIN code (knowledge)&quot;, two-factor authentication based on possession and knowledge is completed, and you can withdraw money. Web services and applications also implement two-factor authentication by asking for an authentication device after entering &quot;ID &amp; password&quot;. Even if one of the pieces of information is stolen, it cannot be authenticated without the two pieces of information. Compared to single-factor authentication and two-step verification introduced so far, it is an authentication method with a higher security strength.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Multi-factor authentication (MFA)\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>An authentication method that combines two or more of the three authentication factors of &quot;knowledge information&quot;, &quot;possession information&quot; and &quot;inherence information&quot;. By this definition, two-factor authentication is also included in multi-factor authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_verification_vs_2_factor_authentication_mfa_4_b6e1b23a2b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>To give a specific example of MFA, when logging in to a Web service such as Salesforce using the security key of a biometric authentication device, after entering &quot;ID &amp; password (knowledge)&quot;, &quot;security key (possession)&quot; is required, and &quot;fingerprint (inherence)&quot; is verified for identity verification. Here, multi-factor authentication is realized by verifying everything including two or more factors of &quot;knowledge&quot;, &quot;possession&quot;, and &quot;inherence&quot;. Since authentication includes two or more different factors, it is an authentication method with high-security strength.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Finally\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>SNS or web services such as Google and Twitter, which are used for business and private purposes, also have &quot;multi-factor authentication (MFA)&quot; settings, so we recommend setting MFA to prevent account hijacking. We also handle security keys used for MFA, which can be purchased from the following site. For a quote, please contact us using the contact form.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKeyShop Authorized Reseller\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">https:\u002F\u002Fykey.yubion.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Amazon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&amp;marketplaceID=A1VC38T7YXB528\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contact\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Thanks for reading until the end.\u003C\u002Fp>\n","2-step-verification-vs-2-factor-authentication-mfa","2023-01-23","2026-04-28T06:20:14.548Z","2026-04-28T06:20:17.314Z",{"id":1617,"documentId":1618,"name":1619,"alternativeText":20,"caption":20,"focalPoint":20,"width":934,"height":1620,"formats":1621,"hash":1651,"ext":25,"mime":29,"size":1652,"url":1653,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1654,"updatedAt":1654,"publishedAt":1655},390,"rhl05wqdhq2acvwrzhmvtary","blog-2-step-verification-vs-2-factor-authentication-mfa-1.png",1181,{"large":1622,"small":1629,"medium":1635,"thumbnail":1643},{"ext":25,"url":1623,"etag":1624,"hash":1625,"mime":29,"name":1626,"path":20,"size":1627,"width":32,"height":1063,"sizeInBytes":1628},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42.png","47e88ade77577f575f038f46b115516b","large_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42","large_blog-2-step-verification-vs-2-factor-authentication-mfa-1.png",69.2,69196,{"ext":25,"url":1630,"etag":1631,"hash":1632,"mime":29,"name":1633,"path":20,"size":550,"width":41,"height":911,"sizeInBytes":1634},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42.png","cd680b409676ccc4edd31d89f722259f","small_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42","small_blog-2-step-verification-vs-2-factor-authentication-mfa-1.png",28003,{"ext":25,"url":1636,"etag":1637,"hash":1638,"mime":29,"name":1639,"path":20,"size":1640,"width":50,"height":1641,"sizeInBytes":1642},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42.png","3d9f8a469e0374bcd056c81726d6375e","medium_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42","medium_blog-2-step-verification-vs-2-factor-authentication-mfa-1.png",46.03,225,46034,{"ext":25,"url":1644,"etag":1645,"hash":1646,"mime":29,"name":1647,"path":20,"size":1648,"width":124,"height":1649,"sizeInBytes":1650},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42.png","16499245474c648dc92b5ade9fdf3c84","thumbnail_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42","thumbnail_blog-2-step-verification-vs-2-factor-authentication-mfa-1.png",10.47,74,10468,"blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42",147.77,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42.png","2026-04-28T06:19:52.520Z","2026-04-28T06:19:52.521Z",[1657],{"id":232,"documentId":233,"name":234,"slug":20,"createdAt":235,"updatedAt":235,"publishedAt":236},{"id":1659,"documentId":1660,"title":1661,"content":1662,"slug":1663,"published":1664,"createdAt":1665,"updatedAt":1665,"publishedAt":1666,"locale":14,"authorManual":570,"cover":1667,"tags":1709},89,"k77fgn8dswsmm62bou2hu49b","Two-factor Authentication Login to Twitter with YubiKey","\u003Cp>Updated: Mar 6, 2023\u003C\u002Fp>\n\u003Cp>I think that many people use Twitter, both individuals, and corporations. But have you ever paid attention to the security of the Twitter account to prevent the account from being hijacked by leaking the password?\u003C\u002Fp>\n\u003Cp>Twitter supports \u003Cstrong>two-factor authentication\u003C\u002Fstrong>, so by setting up two-factor authentication, you can take measures against unauthorized access such as hijacking.\u003C\u002Fp>\n\u003Cp>If you haven&#39;t set it yet, we recommend that you should do so.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Table of Contents\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-b5esu\">About Twitter&#39;s two-factor authentication\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-45a29\">How does it compare to other authentication methods?\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-a8i2p\">About the device to use\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-1dbqg\">How to set up two-factor authentication\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-frq52\">a. When setting on a PC\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-bcj91\">b. When setting on a smartphone\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-1sj29\">How to log in\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-462r6\">a. For PC\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-9leqf\">b. For smartphone\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-6ptb7\">Summary\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>About Twitter\u003C\u002Fstrong>\u003Cstrong>&#39;s two-factor authentication\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_1_6e809df973.png\" alt=\"Twitterの2要素認証\">\u003C\u002Fp>\n\u003Cp>Twitter&#39;s two-factor authentication supports the following three types:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>・Text message (SMS)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>・Application app (TOTP)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>・Security key (FIDO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>As described on Twitter&#39;s help center page, of the three methods, if you set the \u003Cstrong>&quot;Security key&quot;\u003C\u002Fstrong>, you don&#39;t need any other backup method. So, if you can use the security key, I recommend you set it up.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fhelp.twitter.com\u002Fja\u002Fmanaging-your-account\u002Ftwo-factor-authentication\">https:\u002F\u002Fhelp.twitter.com\u002Fen\u002Fmanaging-your-account\u002Ftwo-factor-authentication\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If you add security keys to add extra protection to your two-factor authentication, you no longer need to use other backup methods to add extra protection. A security key can be used as the only authentication method, with other authentication methods turned off.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>In this article, I will introduce how to set a &quot;\u003Cstrong>Security key\u003C\u002Fstrong>&quot; using &quot;\u003Cstrong>YubiKey 5 NFC&quot;.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>How does it compare to other authentication methods?\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>A little extra on the benefits of choosing a security key.\u003C\u002Fp>\n\u003Cp>Both text message (SMS) and authentication app (TOTP) are two-factor authentication methods for enhancing security, but both are for entering letters and numbers notified (or displayed in the app). So, it is challenging to prevent man-in-the-middle attacks such as phishing.\u003C\u002Fp>\n\u003Cp>Even though you have set up two-factor authentication to improve security, it turns out that the security is not as high as you thought.\u003C\u002Fp>\n\u003Cp>Security key uses the \u003Cstrong>FIDO\u003C\u002Fstrong> protocol, which \u003Cstrong>prevents man-in-the-middle attacks such as phishing\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Therefore, you can get a high-security strength compared to other methods.\u003C\u002Fp>\n\u003Cp>Also, entering the text from SMS and TOTP is quite troublesome...\u003C\u002Fp>\n\u003Cp>If you set up a YubiKey, you will able to log in by touching the YubiKey without having to enter characters that are notified or displayed in the app each time.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>About the device to use\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>This time, I wanted to use Twitter on both my PC and my smartphone, and I wanted to use NFC on my smartphone, so I used the &quot;YubiKey 5 NFC&quot;, which has an NFC function.\u003C\u002Fp>\n\u003Cp>You can insert it into a USB port when using it on a PC, and authenticate via NFC when using it on a smartphone.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_2_99a6330fab.jpeg\" alt=\"YubiKey 5 NFC\">\u003C\u002Fp>\n\u003Cp>Any \u003Cstrong>FIDO-compatible key\u003C\u002Fstrong> can be used as a security key, so if you have a FIDO device other than the YubiKey, you can try the same setting.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■\u003C\u002Fstrong> \u003Cstrong>How to set up two-factor authentication\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>You can set up two-factor authentication on your PC or smartphone.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>a.\u003C\u002Fstrong> \u003Cstrong>When setting on a PC\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>From the Twitter menu, select &quot;Settings and privacy&quot;, then select &quot;Security&quot; under &quot;Security and account access&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_3_3e0a786475.png\" alt=\"Twitterの設定メニュー\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_4_3c66fb0872.png\" alt=\"Twitterの設定メニュー\">\u003C\u002Fp>\n\u003Cp>Select &quot;Two-factor authentication&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_5_8fa05ecf1c.png\" alt=\"2要素認証を選択\">\u003C\u002Fp>\n\u003Cp>From &quot;Two-factor authentication&quot;, check &quot;Security key&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_6_debc603a68.png\" alt=\"2要素認証 - セキュリティキー選択\">\u003C\u002Fp>\n\u003Cp>You will be asked for a password when you change the settings for the first time, so enter your password and select &quot;Confirm&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_7_b6f5c3e5be.png\" alt=\"パスワード入力\">\u003C\u002Fp>\n\u003Cp>The security key enrollment sequence begins. Select &quot;Add key&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_8_f5e161bb43.png\" alt=\"セキュリティキー登録開始\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_9_e7e5574a8d.png\" alt=\"セキュリティキーを追加\">\u003C\u002Fp>\n\u003Cp>Connect the YubiKey to your PC.\u003C\u002Fp>\n\u003Cp>Since the YubiKey 5 NFC is a FIDO2-compatible device, you will be prompted for a PIN.\u003C\u002Fp>\n\u003Cp>Enter your PIN and click OK.\u003C\u002Fp>\n\u003Cp>※ If your device supports U2F (in short, FIDO1), you will not be asked to enter the PIN because there is no PIN.\u003C\u002Fp>\n\u003Cp>Added on 2023\u002F3\u002F6:\u003C\u002Fp>\n\u003Cp>※ Even if your device supports FIDO2, you will not be asked to enter the PIN \u003Cstrong>if the PIN is not set on your device\u003C\u002Fstrong>, such as a new key or after resetting the PIN. Please note that the behavior changes depending on the setting state of the device.\u003C\u002Fp>\n\u003Cp>Also, PIN entry is required only during registration, and PIN entry is not required during authentication (when logging in), regardless of whether you are using a FIDO2-compatible device or a U2F device.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_10_213d576c68.png\" alt=\"PIN入力\">\u003C\u002Fp>\n\u003Cp>Touch your Yubikey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_11_4ee7108f01.png\" alt=\"セキュリティキータッチ\">\u003C\u002Fp>\n\u003Cp>After successful registration, you will be presented with an input field to name your key.\u003C\u002Fp>\n\u003Cp>Arbitrarily set a descriptive name and click &quot;Next&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_12_6762e5e480.png\" alt=\"セキュリティキーの名前入力\">\u003C\u002Fp>\n\u003Cp>You have successfully registered your key.\u003C\u002Fp>\n\u003Cp>As mentioned in the message, it is a good idea to register multiple keys in advance if you have other keys in case of unexpected situations such as key loss.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_13_cfa16dbace.png\" alt=\"メッセージ表示\">\u003C\u002Fp>\n\u003Cp>The setup is complete.\u003C\u002Fp>\n\u003Cp>Click &quot;Get Backup Code&quot; to see your backup code.\u003C\u002Fp>\n\u003Cp>We recommend that you keep a backup code just in case you lose your key so that you can still log in.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_14_576f6ea4ec.png\" alt=\"キー登録完了\">\u003C\u002Fp>\n\u003Cp>When you return to the Two-factor authentication screen you can see that the &quot;Security key&quot; item is checked.\u003C\u002Fp>\n\u003Cp>If you want to register another security key, you can open &quot;Manage security keys&quot; and add another key.\u003C\u002Fp>\n\u003Cp>If you want to cancel the two-factor authentication of the security key, it will be canceled by removing this check.\u003C\u002Fp>\n\u003Cp>At that time, the registered YubiKey information will also be cleared, so if you want to set up two-factor authentication again, you will need to register the key again.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_15_cf9900ebd0.png\" alt=\"セキュリティキーにチェック済み\">\u003C\u002Fp>\n\u003Cp>After the setting, you will need the security key when you log in. However, once logged in, the logged-in state is maintained, so it seems that it is not necessary every time you open Twitter.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>b.\u003C\u002Fstrong> \u003Cstrong>When setting on a smartphone\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>You can also register the security key from your smartphone. However, it seems that it cannot be done from the Twitter application, and a message is displayed to set from the browser.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fstatic.wixstatic.com\u002Fmedia\u002Fe87c25_76f45aa249544b7caa1e113ac6629917~mv2.jpg\u002Fv1\u002Ffill\u002Fw_147,h_301,al_c,q_80,usm_0.66_1.00_0.01,blur_2,enc_avif,quality_auto\u002Fe87c25_76f45aa249544b7caa1e113ac6629917~mv2.jpg\" alt=\"ブラウザへの誘導\">\u003C\u002Fp>\n\u003Cp>Open Twitter in your browser and proceed with the settings.\u003C\u002Fp>\n\u003Cp>Open &quot;Security and account access&quot; of Settings and select &quot;Security&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_17_122b78e12a.jpeg\" alt=\"セキュリティとアカウントアクセス\">\u003C\u002Fp>\n\u003Cp>Select &quot;Two-factor authentication&quot;.\u003C\u002Fp>\n\u003Cp>Select &quot;Security key&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_18_56b5309723.jpeg\" alt=\"セキュリティ - 2要素認証\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_19_1f800e91f8.jpeg\" alt=\"セキュリティキーを選択\">\u003C\u002Fp>\n\u003Cp>You will be asked for a password when setting up for the first time. Enter and continue.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_20_447d847b80.png\" alt=\"パスワード入力\">\u003C\u002Fp>\n\u003Cp>The security key registration sequence will start, so follow the instruction on the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_21_ba1a84ec5a.jpeg\" alt=\"登録開始\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_22_5626f56684.jpeg\" alt=\"セキュリティキー追加開始\">\u003C\u002Fp>\n\u003Cp>The security key registration will start.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_23_b6c28ba3ee.jpeg\" alt=\"セキュリティキー登録開始\">\u003C\u002Fp>\n\u003Cp>Since I am using an NFC compatible key this time, select &quot;Use security with NFC&quot;. If you have a USB Type-C or Bluetooth compatible device, please select the corresponding method.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_24_a5a18c41bf.jpeg\" alt=\"NFC選択\">\u003C\u002Fp>\n\u003Cp>You will be asked for a security key.\u003C\u002Fp>\n\u003Cp>In order to use NFC this time, it is necessary to \u003Cstrong>turn on the NFC function of your smartphone\u003C\u002Fstrong> in advance.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_25_851cf664cc.jpeg\" alt=\"NFC登録\">\u003C\u002Fp>\n\u003Cp>Hold your YubiKey over your smartphone&#39;s NFC position.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_26_339bf3342f.jpeg\" alt=\"NFCにYubiKeyをかざす\">\u003C\u002Fp>\n\u003Cp>Registration has been completed. Move your YubiKey away from your smartphone.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_27_441054a887.png\" alt=\"デバイス登録完了\">\u003C\u002Fp>\n\u003Cp>After successful registration, you will be presented with an input field to name your key.\u003C\u002Fp>\n\u003Cp>Arbitrarily set a descriptive name and click Next.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_28_6c63a2247f.jpeg\" alt=\"名前を付ける\">\u003C\u002Fp>\n\u003Cp>Your key has been registered. As mentioned in the message, it is a good idea to register multiple keys in advance if you have other keys in case of unexpected situation such as key loss.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_29_c5fd519c05.jpeg\" alt=\"登録後のメッセージ表示\">\u003C\u002Fp>\n\u003Cp>Setup is complete.\u003C\u002Fp>\n\u003Cp>Click &quot;Get Backup Code&quot; to see your backup code.\u003C\u002Fp>\n\u003Cp>We recommend that you keep a backup code just in case you lose your key so that you can still log in.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_30_de1d2e7ce2.jpeg\" alt=\"登録完了\">\u003C\u002Fp>\n\u003Cp>After setting, you will need a security key when you log in. However, once logged in, the logged in state is maintained, so it seems that it is not necessary every time you open Twitter.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■\u003C\u002Fstrong> \u003Cstrong>How to log in\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Now that the two-factor authentication setting is complete, let&#39;s check the behavior when logging in.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>a.\u003C\u002Fstrong> \u003Cstrong>For PC\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Let&#39;s take a look at the case of PC first.\u003C\u002Fp>\n\u003Cp>Enter your login ID on the login screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_31_c8b3ed4a70.png\" alt=\"PCからTwitterにログイン\">\u003C\u002Fp>\n\u003Cp>Enter your password.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_32_58a76e64d3.png\" alt=\"パスワード入力\">\u003C\u002Fp>\n\u003Cp>If two-factor authentication is not set, login will be completed here, but since the security key has been set, you will be asked for the security key.\u003C\u002Fp>\n\u003Cp>Connect your YubiKey to your PC.\u003C\u002Fp>\n\u003Cp>The display changes to ask you touch the key.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_33_3d4239ff02.png\" alt=\"セキュリティキーの要求メッセージ\">\u003C\u002Fp>\n\u003Cp>The center of the YubiKey will light up, so touch it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_34_e773ab44f8.jpeg\" alt=\"YubiKeyにタッチ\">\u003C\u002Fp>\n\u003Cp>After successful authentication, login is completed.\u003C\u002Fp>\n\u003Cp>In this way, you can no longer log in without a YubiKey.\u003C\u002Fp>\n\u003Cp>It is pretty simple to operate, just plug it into a USB and touch it.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>b.\u003C\u002Fstrong> \u003Cstrong>For smartphone\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>Let&#39;s look at the login behavior on a smartphone in the same way.\u003C\u002Fp>\n\u003Cp>Afeter entering the password, the authenticator selection is displayed.\u003C\u002Fp>\n\u003Cp>If you select &quot;Use a security key&quot; and proceed to the next step, authentication of the security key will start.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_35_afba4ad59f.jpeg\" alt=\"認証選択\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_36_e906ed9446.jpeg\" alt=\"セキュリティキーの使用\">\u003C\u002Fp>\n\u003Cp>Since NFC is used this time, select &quot;Use security with NFC&quot;.\u003C\u002Fp>\n\u003Cp>A message will be displayed asking you to hold the security key over your smartphone.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_24_a5a18c41bf.jpeg\" alt=\"セキュリティ使用方法選択\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_25_851cf664cc.jpeg\" alt=\"セキュリティキーをかざすメッセージ\">\u003C\u002Fp>\n\u003Cp>Hold your YubiKey over your smartphone&#39;s NFC position.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_26_339bf3342f.jpeg\" alt=\"スマホにYubiKeyをかざす\">\u003C\u002Fp>\n\u003Cp>After successful authentication, login is completed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_27_441054a887.png\" alt=\"認証成功\">\u003C\u002Fp>\n\u003Cp>Even on smartphone, it was possible to restrict login without a YubiKey.\u003C\u002Fp>\n\u003Cp>By using NFC, you can easily log in with two-factor authentication without the need to connect into USB port.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>By using YubiKey for Twitter&#39;s two-factor authentication, \u003Cstrong>the security strength is higher\u003C\u002Fstrong> than other two-factor authentication methods, and itwas possible to log in with \u003Cstrong>a simpler operation\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Above all, because it is \u003Cstrong>a physical key\u003C\u002Fstrong>, it also has the advantage of being easy to manage.\u003C\u002Fp>\n\u003Cp>It is difficult to notice if the password is stolen, but one of the advantage of the physical key is that if it is lost, it will be noticed immediately.\u003C\u002Fp>\n\u003Cp>The YubiKey used this time can be used to enhance the security of various services other than Twitter, so please try using it in various places.\u003C\u002Fp>\n\u003Cp>You can buy YubiKeys and other authentication devices we handle from the following sites.\u003C\u002Fp>\n\u003Cp>For a quote, please contact us using the inquiry form.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKeyShop Authorized Reseller\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">https:\u002F\u002Fykey.yubion.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Amazon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&amp;marketplaceID=A1VC38T7YXB528\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contact\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Thanks for reading until the end.\u003C\u002Fp>\n","twitter-two-factor-authentication-yubikey","2023-01-19","2026-04-28T07:09:26.581Z","2026-04-28T07:09:29.596Z",{"id":1668,"documentId":1669,"name":1670,"alternativeText":20,"caption":20,"focalPoint":20,"width":1671,"height":1672,"formats":1673,"hash":1705,"ext":25,"mime":29,"size":1706,"url":1707,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1708,"updatedAt":1708,"publishedAt":1708},818,"f6oi0wty9qw1tvqpmb3v6y3z","blog-twitter-two-factor-authentication-yubikey-1.png",2372,1350,{"large":1674,"small":1681,"medium":1689,"thumbnail":1697},{"ext":25,"url":1675,"etag":1676,"hash":1677,"mime":29,"name":1678,"path":20,"size":1679,"width":32,"height":505,"sizeInBytes":1680},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_twitter_two_factor_authentication_yubikey_1_6e809df973.png","264727a1aca713bd6a3d45abf363d98d","large_blog_twitter_two_factor_authentication_yubikey_1_6e809df973","large_blog-twitter-two-factor-authentication-yubikey-1.png",107.48,107483,{"ext":25,"url":1682,"etag":1683,"hash":1684,"mime":29,"name":1685,"path":20,"size":1686,"width":41,"height":1687,"sizeInBytes":1688},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_twitter_two_factor_authentication_yubikey_1_6e809df973.png","c6920e91a2257791e00dd1b1cf0e32f2","small_blog_twitter_two_factor_authentication_yubikey_1_6e809df973","small_blog-twitter-two-factor-authentication-yubikey-1.png",39.73,285,39727,{"ext":25,"url":1690,"etag":1691,"hash":1692,"mime":29,"name":1693,"path":20,"size":1694,"width":50,"height":1695,"sizeInBytes":1696},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_twitter_two_factor_authentication_yubikey_1_6e809df973.png","13f6d525873029313638e15e11d12515","medium_blog_twitter_two_factor_authentication_yubikey_1_6e809df973","medium_blog-twitter-two-factor-authentication-yubikey-1.png",71.66,427,71661,{"ext":25,"url":1698,"etag":1699,"hash":1700,"mime":29,"name":1701,"path":20,"size":1702,"width":124,"height":1703,"sizeInBytes":1704},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_twitter_two_factor_authentication_yubikey_1_6e809df973.png","b9ebb952ff033f65a3e1d252cda7d48e","thumbnail_blog_twitter_two_factor_authentication_yubikey_1_6e809df973","thumbnail_blog-twitter-two-factor-authentication-yubikey-1.png",13.06,139,13060,"blog_twitter_two_factor_authentication_yubikey_1_6e809df973",69.54,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_1_6e809df973.png","2026-04-28T07:06:29.359Z",[1710,1711,1712,1713,1714],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":291,"documentId":292,"name":293,"slug":20,"createdAt":294,"updatedAt":294,"publishedAt":295},{"id":550,"documentId":551,"name":552,"slug":20,"createdAt":553,"updatedAt":553,"publishedAt":554},{"id":556,"documentId":557,"name":558,"slug":20,"createdAt":559,"updatedAt":559,"publishedAt":560},{"id":1715,"documentId":1716,"name":1717,"slug":20,"createdAt":1718,"updatedAt":1718,"publishedAt":1719},112,"vai4rak43g28bzg219a14a3d","Twitter","2026-04-28T07:09:21.731Z","2026-04-28T07:09:23.576Z",{"id":1721,"documentId":1722,"title":1723,"content":1724,"slug":1725,"published":1726,"createdAt":1727,"updatedAt":1727,"publishedAt":1728,"locale":14,"authorManual":570,"cover":1729,"tags":1771},17,"clcdm05jrld7dd1wf5pxzlr0","Deploy YubiOn Portal in Amazon WorkSpaces Environment","\u003Cp>Updated: Feb 6, 2023\u003C\u002Fp>\n\u003Cp>About 8 months ago, I published an \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdeploying-yubion-portal-in-the-citrix-virtual-apps-and-desktops-desktop-delivery-environment?lang=en\">article\u003C\u002Fa> about creating a Citrix desktop delivery environment in a lab environment and installing YubiOn Portal there. I haven&#39;t been able to experiment with this kind of virtual desktop environment for a while due to other development work. But this time, I had an opportunity to touch AWS WorkSpaces, so I would like to introduce YubiOn Portal there.\u003C\u002Fp>\n\u003Ch2>■ Configuration\u003C\u002Fh2>\n\u003Cp>As for the configuration, I think it can be said that it is a very general environment where you can say &quot;I tried Amazon WorkSpaces&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Last time, I built everything necessary for the lab environment, so you may have the impression that there were more things to do than the contents of the article. But cloud services are convenient in such cases. On the other hand, I&#39;m also nervous that it might end up with a high bill. This time, I tried to do it for free as much as possible. But I will explain the story of the price at the end.\u003C\u002Fp>\n\u003Ch2>■ Build your WorkSpaces\u003C\u002Fh2>\n\u003Cp>If you just want to try out Amazon WorkSpaces, you should be able to make the necessary settings according to the instructions provided by AWS.\u003C\u002Fp>\n\u003Ch3>① Build a directory\u003C\u002Fh3>\n\u003Cp>First, create a &quot;Directory&quot; to place WorkSpaces. This is the part corresponding to Active Directory in Windows.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_2_5d603585ba.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If it is just a trial, I think there is no problem with the &quot;Simple AD&quot; type. It seems that a compatible server called &quot;Samba 4 Active Directory Compatible Server&quot; is used instead of pure Microsoft AD.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.aws.amazon.com\u002Fdirectoryservice\u002Flatest\u002Fadmin-guide\u002Fdirectory_simple_ad.html\">Simple Active Directory - AWS Directory Service (amazon.com)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>&quot;AWS Managed Microsoft AD&quot; runs using pure Microsoft Windows Server 2019, so if you want to fully use the functions provided by Microsoft, you should use this.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.aws.amazon.com\u002Fdirectoryservice\u002Flatest\u002Fadmin-guide\u002Fdirectory_microsoft_ad.html\">AWS Managed Microsoft AD - AWS Directory Service (amazon.com)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>&quot;AD Connector&quot; is a bit different, and is an option for linking with AD in the existing intranet. I think that it will be used for purposes such as migrating things that were used locally in the company to the cloud.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.aws.amazon.com\u002Fdirectoryservice\u002Flatest\u002Fadmin-guide\u002Fdirectory_ad_connector.html\">Active Directory Connector - AWS Directory Service (amazon.com)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Next, enter the directory information.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_3_d163bed8d1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>It&#39;s a trial, so the size is small. Don&#39;t think too much about the organization name, DNS name, NetBIOS name, etc., end st them in the same way as a normal AD construction. If you forget the administrator password, you will not be able to manage it as AD, so please handle it strictly.\u003C\u002Fp>\n\u003Cp>Next, we will configure the network settings.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_4_10c3b4b8d3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Here too, there is no problem if you follow the instructions on the screen to create a virtual network that uses WorkSpaces. However, if you create a subnet as a private subnet, and you just create a VPC and 2 subnets according to the instructions on this screen, you will not be able to access the Internet from that space. I will explain this later, so for now I will create a VPC and 2 private subnets and allocate them.\u003C\u002Fp>\n\u003Cp>(We will cut the public subnet later, so please leave room for additional subnets in the VPC.)\u003C\u002Fp>\n\u003Cp>After setting up here, check the contents on the &quot;Review &amp; create&quot; screen and create the directory.\u003C\u002Fp>\n\u003Cp>As is often the case with AWS, after you click &quot;Create&quot;, you have to wait for a while as it will be created in the background.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_5_175694c329.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the status becomes &quot;Active&quot;, creation is complete. Finally, to use this directory with WorkSpaces, we need to &quot;Register&quot; it. (Select the directory → &quot;Action&quot; → &quot;Register&quot;)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_6_cf4f0e573f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Specify the subnet you set earlier and register it.\u003C\u002Fp>\n\u003Ch3>② Create WorkSpaces\u003C\u002Fh3>\n\u003Cp>Next, we will create WorkSpaces. Although it is called &quot;WorkSpaces&quot;, as far as the behavior is concerned, I think that one WorkSpace can be considered as one virtual machine. Not limited to this point, when using AWS, I think it is important to understand in your way what the specific terms of AWS refer to.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_7_ce63f29b47.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Create WorkSpaces with the &quot;Create WorkSpaces&quot; button on the above screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_8_be2cc854da.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select the created directory and click &quot;Next&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_9_718749c099.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>To create a new user, click &quot;Create additional user&quot; to move to the create screen. If you want to assign a user that already exists in the directory (such as deleting the previously created WorkSpaces and recreating it with the same user), you do not need to create a user here.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_10_0f631ed4f3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter your user information. You can create up to 5 people, but here I set only 1 person and click &quot;Next&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_11_cc027dca91.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once the user has been created, you will automatically proceed to the &quot;Identify Users&quot; screen. This screen is a little confusing. It means that WorkSpaces will be created for the specified number of users, rather than allowing the specified user to log in to 1 newly created WorkSpace. Since I want to create only 1 this time, select only the user created earlier and click &quot; Next&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_12_5e2a033e6d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Then proceed to the step &quot;Select Bundle&quot;. The &quot;bundle&quot; here is something like a template that is the base of WorkSpaces. The biggest difference is the OS, but there are other differences such as the presence or absence of Office and client protocol (communication protocol for actual remote operation).\u003C\u002Fp>\n\u003Cp>This time, select &quot;Standard with Windows 10 (Server 2019 based)&quot; with &quot;WSP&quot; as the client protocol. We will discuss the client protocol later.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_13_08d4db14a0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, set the running mode, etc. As explained on the screen, the power is always on as a virtual machine (AlwaysOn), or it automatically stops when not in use (AutoStop). If it is for the experiment, I think that there is no problem with AutoStop. For tags, make settings as necessary.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_14_6e0aed7342.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Then there are the customization options. In actual operation, encryption should be properly performed, and the user volume should be selected appropriately according to the usage, but since it is an experiment, I will leave it as the default.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_15_9fc1bbbd05.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Finally, review the settings. If there seems to be no problem, click &quot;Create WorkSpaces&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_16_4a1481edad.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Creating will start a background process as usual. It will take several tens of minutes to create these WorkSpaces, so please be patient. When creation is completed, an email saying &quot;WorkSpaces for you has been created&quot; will fly to the email address specified when creating an additional user.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_17_2dcb3eeb00.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>According to the contents of the email, set the user password, install the client application, and try to connect.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_18_440417c201.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_19_acc696862f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you can connect to WorkSpaces as in the above image, first of all, I think that it is over to the point of &quot;trying to run WorkSpaces&quot;.\u003C\u002Fp>\n\u003Ch2>■ Network settings\u003C\u002Fh2>\n\u003Cp>For now, I can access the virtual PC set up in WorkSpaces, but even \n if start the pre-installed Firefox on WorkSpaces, I can&#39;t connect to the Internet. Currently, the private part on the left side of the schematic diagram has been completed, and if you think about it in terms of a home LAN, it is in the stage of &quot;I tried building a LAN in my house&quot;. So, next, we will create the public part on the right, which is the part that corresponds to the Internet connection router in the image of the home LAN.\u003C\u002Fp>\n\u003Cp>(A typical home internet router includes a LAN side gateway and DHCP server, so it&#39;s a little different from the image,...)\u003C\u002Fp>\n\u003Cp>Everything is created on the &quot;VPC&quot; screen of the AWS management console.\u003C\u002Fp>\n\u003Ch3>③ Create an Internet gateway and attach it to VPC\u003C\u002Fh3>\n\u003Cp>First, create an Internet gateway. There is nothing too difficult here, just choose a name and create it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_20_4d6cafe6d7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once created, link it to an existing VPC. Select &quot;Attach to a VPC&quot; from the action menu to attach.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_21_9ba4d3a0d2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_22_729ba5d8fd.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>④ Create a public subnet\u003C\u002Fh3>\n\u003Cp>Create a subnet for access from the Internet side. Place the NAT gateway within this subnet. Public subnets are created in the same way as private subnets. Create by specifying an IPv4 CIDR block that is different from the existing private subnet within the range of your VPC.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_23_bbb4338b19.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>⑤ Create a NAT gateway\u003C\u002Fh3>\n\u003Cp>From the NAT gateway management screen, click &quot;Create NAT gateway&quot; to display the creation screen. As the subnet, specify the public subnet created earlier, set the connectivity type to the public, and assign an Elastic IP.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_24_65a9c31eca.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>⑥ Create a public route table\u003C\u002Fh3>\n\u003Cp>A set of virtual devices has been prepared, but as it stands, information about what route to take to get to the Internet is not set. Currently, I think that the same route table created by default is used for the 3 subnets, but it is necessary to specify different route information for the private side and the public side, so I will create 1 public route table. Select &quot;Create route table&quot; from the route table management screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_25_53d30cde6b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Name it whatever you like and specify the VPC you&#39;re currently using.\u003C\u002Fp>\n\u003Ch3>⑦ Set route table association for the public subnet\u003C\u002Fh3>\n\u003Cp>Select the public subnet from the subnet management screen and open the &quot;Route table&quot; tab.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_26_5dd7cb3cc1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;Edit rote table association&quot;, select the route table ID, set the public route table created earlier, and click &quot;Save&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_27_f6aae1da80.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>⑧ Configure routing for the public route table\u003C\u002Fh3>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_28_73fe95a923.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>From the route table management screen, select the created public route table, open the &quot;Routes&quot; tab, and click &quot;Edit routes&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_29_85ac2faa6a.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>By default, I think that the routing is set to go to local if it is within the VPC subnet range, but I will add a route that goes to the Internet gateway if it is &quot;0.0.0.0\u002F0&quot; and click &quot;Save changes&quot;.\u003C\u002Fp>\n\u003Ch3>⑨ Set the routing of the private route table\u003C\u002Fh3>\n\u003Cp>As in the previous section, edit the default route table route associated with the private subnet.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_30_fc3fc8cd76.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Here, add a route that goes to the NAT gateway if it is &quot;0.0.0.0\u002F0&quot;.\u003C\u002Fp>\n\u003Cp>With the settings up to this point, I think you will be able to access the Internet from WorkSpaces. Connect to your WorkSpaces again and try accessing the Internet with Firefox.\u003C\u002Fp>\n\u003Ch2>■ YubiOn Portal introduction and use in the logon section\u003C\u002Fh2>\n\u003Cp>Now I will install YubiOn Portal to the created WorkSpaces. Regarding the reuse of the main points when introducing Citrix products, the following points are almost common in virtual environments, especially in virtual environments with automatic logon to Windows.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Installation must be done for each WorkSpace.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently, account and YubiKey assignments also need to be done for each WorkSpace.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Forced YubiKey logon must be enabled in the policy.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If not enabled, the WorkSpaces authentication mechanism will skip the Windows logon part.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Cache logon, screen lock when YubiKey is removed, etc. cannot be used.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Both require YubiKey and USB communication, so they cannot be used in environments where USB is not directly connected.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>If you have multiple WorkSpaces, those machines must have different SIDs.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>YubiOn Portal identifies each terminal based on SID and does not support situations where there are multiple terminals with the same SID.\u003C\u002Fp>\n\u003Cp>After completing the setup, access from the WorkSpaces client.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_31_4123396e82.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After entering your WorkSpaces login information and signing in, the YubiOn Portal Windows logon screen will be displayed on the WorkSpaces screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_32_687faec987.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Here, you will be able to log on by entering your password + YubiKey. With WorkSpaces alone, the Windows logon part was omitted, but by introducing YubiOn Portal, it will be possible to enforce two-factor authentication when displaying the desktop.\u003C\u002Fp>\n\u003Ch2>■ Summary\u003C\u002Fh2>\n\u003Cp>The above is how to install YubiOn Portal for the Amazon WorkSpaces environment.\u003C\u002Fp>\n\u003Cp>As same as the previous introduction to Citrix products, I think there will be issues in terms of setup for large-scale use. Currently, I think that the method is to list the SIDs of the created WorkSpaces and install them using the kitting installation option, etc. However, we are looking for a way to automatically register from the created WorkSpaces with YubiOn Portal installed.\u003C\u002Fp>\n\u003Cp>There are 3 digressions below so I will write them together.\u003C\u002Fp>\n\u003Ch3>■ Digression ①: WorkSpaces client protocol\u003C\u002Fh3>\n\u003Cp>WorkSpaces has &quot;PCoIP&quot; and &quot;WSP&quot; as client protocols. Both are protocols for transferring input and output (video, audio, mouse operation, key input, etc.) of WorkSpaces terminals, but their origins are very different.\u003C\u002Fp>\n\u003Cp>① PCoIP (PC over IP)\u003C\u002Fp>\n\u003Cp>A protocol developed by Teradici Co. of Canada (acquired by HP Co. in 2021). In addition to Amazon WorkSpaces, it is also used by VMware&#39;s VMware Horizon.\u003C\u002Fp>\n\u003Cp>② WSP\u003C\u002Fp>\n\u003Cp>A protocol originally developed by Amazon, an abbreviation for &quot;WorkSpaces Streaming Protocol&quot;.\u003C\u002Fp>\n\u003Cp>The comparison between the two is detailed in AWS help.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.aws.amazon.com\u002Fworkspaces\u002Flatest\u002Fadminguide\u002Famazon-workspaces-protocols.html\">Protocols for Amazon WorkSpaces - Amazon WorkSpaces\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The reason why WorkSpaces supports two protocols is speculation. At first, PCoIP was adopted, but to deal with an unstable network environment and support cameras, it was necessary to reconsider the protocol itself and develop a separate WSP. Assuming such circumstances, I think that WSP will become mainstream in WorkSpaces in the future.\u003C\u002Fp>\n\u003Cp>In this procedure, I used WSP, but YubiOn Portal itself works normally even if PCoIP is used. However, when using PCoIP, there is a problem after entering the authentication information in the WorkSpaces client, we have to wait about 1 minute until the Windows logon screen is displayed. Presumably, in the case of PCoIP connections, I suspect there is a mechanism to wait for Windows to log on properly (or time to) using the credentials sent by the WorkSpaces client.\u003C\u002Fp>\n\u003Ch3>■ Digression ②: How FIDO Logon works in WorkSpaces\u003C\u002Fh3>\n\u003Cp>It is related to digression ①. When using the PCoIP protocol, a mechanism called USB transfer can be used.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.aws.amazon.com\u002Fworkspaces\u002Flatest\u002Fuserguide\u002Fusb-redirection.html\">WorkSpaces USB redirection - Amazon WorkSpaces\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In addition to the contents of the above help, in the other to use it, it is necessary to set USB transfer permission in the AD group policy. (I will omit that part this time.)\u003C\u002Fp>\n\u003Cp>I also experimented to see if FIDO Logon can be used. In conclusion, it is possible. However, there are some problems, and I think that it is not practical at the moment.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>As the problem mentioned in digression ① (waiting for about 1 minute until connection) is the same for FIDO Logon.\u003C\u002Fli>\n\u003Cli>YubiKey is the only device officially supported by Amazon and the flexibility of key selection for FIDO2 authentication is lost.\u003C\u002Fli>\n\u003Cli>It seems to be dependent on the environment, but when I tried it, there was a phenomenon that the WorkSpaces client could not recognize the device after removing and reinserting the device or reconnecting to WorkSpaces. (including supposed YubiKeys)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Technically speaking, it may be quite difficult to transfer USB device communication, which is usually exchanged in milliseconds, over the Internet in 100 milliseconds. In addition, there is also the idea that the FIDO mechanism itself is a requirement from the security point of view that the related devices are in the hands of the user. None of the USB\u002FNFC\u002FBLE supported by FIDO2 are originally designed to send communications to remote locations. DaaS authentication, including the pros and cons of transferring USB devices, may be an issue that the industry should continue to consider in the future.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_33_45a5132c79.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>■ Digression ③: Billing for AWS charges\u003C\u002Fh3>\n\u003Cp>The truth is that since it&#39;s just a trial, so if possible, I want to use it for free. However, the charges are as follows.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_34_b34baf3f0e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the &quot;Bundle&quot; settings, I chose the item &quot;Free tier eligible&quot;, so the &quot;Software&quot; portion is free. However, it seems that the operation of the instance and the user registration of the directory are not free. And, although it is not described in the above image, I think that parts other than WorkSpaces (such as VPC) are also charged.\u003C\u002Fp>\n","deploy-yubion-portal-in-amazon-workspaces","2022-12-27","2026-04-28T06:16:38.476Z","2026-04-28T06:16:41.441Z",{"id":1730,"documentId":1731,"name":1732,"alternativeText":20,"caption":20,"focalPoint":20,"width":1733,"height":1734,"formats":1735,"hash":1767,"ext":25,"mime":29,"size":1768,"url":1769,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1770,"updatedAt":1770,"publishedAt":1770},328,"fkb9803t2ai8tcwz9f8yn9b0","blog-deploy-yubion-portal-in-amazon-workspaces-1.png",4180,2453,{"large":1736,"small":1744,"medium":1751,"thumbnail":1759},{"ext":25,"url":1737,"etag":1738,"hash":1739,"mime":29,"name":1740,"path":20,"size":1741,"width":32,"height":1742,"sizeInBytes":1743},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145.png","a3e29b0d92865c4ce786e06a4f1199f6","large_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145","large_blog-deploy-yubion-portal-in-amazon-workspaces-1.png",99.98,587,99981,{"ext":25,"url":1745,"etag":1746,"hash":1747,"mime":29,"name":1748,"path":20,"size":1749,"width":41,"height":201,"sizeInBytes":1750},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145.png","73aa96676b546a80753286b807a384a2","small_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145","small_blog-deploy-yubion-portal-in-amazon-workspaces-1.png",38.88,38877,{"ext":25,"url":1752,"etag":1753,"hash":1754,"mime":29,"name":1755,"path":20,"size":1756,"width":50,"height":1757,"sizeInBytes":1758},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145.png","5b06cac1759ab7fdb67d3e7da0f21077","medium_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145","medium_blog-deploy-yubion-portal-in-amazon-workspaces-1.png",65.19,440,65187,{"ext":25,"url":1760,"etag":1761,"hash":1762,"mime":29,"name":1763,"path":20,"size":1764,"width":124,"height":1765,"sizeInBytes":1766},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145.png","e6ae459f8b60106ce39841dcb91c6c05","thumbnail_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145","thumbnail_blog-deploy-yubion-portal-in-amazon-workspaces-1.png",14.95,144,14948,"blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145",250.81,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145.png","2026-04-28T06:13:42.500Z",[1772,1778,1784,1790],{"id":1773,"documentId":1774,"name":1775,"slug":20,"createdAt":1776,"updatedAt":1776,"publishedAt":1777},20,"hww1z9wzs2ue2bz8z8aslu0x","YubiOnPortal","2026-04-28T04:15:58.811Z","2026-04-28T04:16:00.686Z",{"id":1779,"documentId":1780,"name":1781,"slug":20,"createdAt":1782,"updatedAt":1782,"publishedAt":1783},90,"n9u5mo7asrxetrc7s5uptn6z","AWS","2026-04-28T06:16:19.352Z","2026-04-28T06:16:21.281Z",{"id":1785,"documentId":1786,"name":1787,"slug":20,"createdAt":1788,"updatedAt":1788,"publishedAt":1789},92,"iyvx8lyirvmfur5dbvk7w5e8","AWSWorkSpaces","2026-04-28T06:16:26.772Z","2026-04-28T06:16:28.643Z",{"id":1791,"documentId":1792,"name":1793,"slug":20,"createdAt":1794,"updatedAt":1794,"publishedAt":1795},94,"joorjtxv4v5db878nos2772i","VirtualMachine","2026-04-28T06:16:33.917Z","2026-04-28T06:16:35.731Z",{"id":1797,"documentId":1798,"title":1799,"content":1800,"slug":1801,"published":1802,"createdAt":1803,"updatedAt":1803,"publishedAt":1804,"locale":14,"authorManual":570,"cover":1805,"tags":1840},65,"amr6cqnto39er0jdr6jhmfmh","Multi-factor Authentication Login to AWS Management Console with YubiKey","\u003Cp>Logging in to the AWS Management Console supports \u003Cstrong>multi-factor authentication (MFA)\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>One-time passwords (TOTP) that can be used on smartphones such as Google Authenticator are often used, but \u003Cstrong>authentication devices such as YubiKey\u003C\u002Fstrong> can also be used.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Click here to purchase a YubiKey\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">Purchase from YubiKey Shop (Authorized Reseller)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">Buy on Amazon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This article introduces \u003Cstrong>how to set up multi-factor authentication login to the AWS management console using YubiKey\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Unlike one-time passwords, you don&#39;t have to worry about entering passwords, so I think this is more convenient to use.\u003C\u002Fp>\n\u003Cp>Previously, only one device could be set per user, but now it is possible to set multiple devices.\u003C\u002Fp>\n\u003Cp>AWS has changed its specification over time.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Any authentication device that supports FIDO can be used\u003C\u002Fstrong>. Currently, FIDO2 is the latest standard when it comes to FIDO, but AWS uses U2F (FIDO1 in a nutshell) function among FIDO. Therefore, slightly older FIDO keys such as YubiKey 4 can also be used.\u003C\u002Fp>\n\u003Cp>I would like it to support FIDO2 if possible.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Table of Contents\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-a89bu\">\u003Cstrong>Prepare for Setting\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-3cr9k\">\u003Cstrong>Registration Setting Procedure\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-c7gg9\">\u003Cstrong>Login Confirmation Procedure\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-8bp2b\">\u003Cstrong>Register Other Authentication Devices\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-a3ajm\">\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Now let&#39;s set up multi-factor authentication.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Prepare for Setting\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Multi-factor authentication can be set by logging in to the AWS console and \u003Cstrong>setting it yourself\u003C\u002Fstrong>, or by \u003Cstrong>an administrator user setting for another user\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>This time, I will introduce the procedure to set it as an IAM user.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>To configure settings for another user, log in to the AWS console as a administrator user. Open &quot;User&quot; settings in &quot;IAM&quot;, select target user, amd click &quot;Muti-factor authentication (MFA)&quot; in &quot;Authentication information&quot; to set up authentication device registration in the same way as in the article.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For the setting, the operating IAM user must have \u003Cstrong>permission to set up multi-factor authentication\u003C\u002Fstrong>. If you do not have the authority, set the authority in advance as necessary.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Permission to register for multi-factor authentication\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>iam:EnableMFADevice\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Permission to delete registered multi-factor authentication\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>iam:DeactivateMFADevice\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Registration Setting Procedure\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The following steps are performed in the following environment.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Browser:\u003C\u002Fstrong> Edge 109.0.1518.70\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Authentication Device:\u003C\u002Fstrong> YubiKey 5 NFC\u003C\u002Fp>\n\u003Cp>First, log in to the AWS console as usual.\u003C\u002Fp>\n\u003Cp>After logging in, click your name in the top right, then \u003Cstrong>click &quot;Security credentials\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_1_74d6a07b39.png\" alt=\"セキュリティ認証情報を選択\">\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Assign MFA device\u003C\u002Fstrong>&quot; button under &quot;Multi-factor authentication (MFA)&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_2_0158c28cfc.png\" alt=\"MFAデバイスの割り当て設定\">\u003C\u002Fp>\n\u003Cp>Enter any device name, \u003Cstrong>select &quot;Security Key\u003C\u002Fstrong>&quot; and click &quot;\u003Cstrong>Next\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_3_316fdc4b83.png\" alt=\"MFAデバイスの設定\">\u003C\u002Fp>\n\u003Cp>Security key setup will start.\u003C\u002Fp>\n\u003Cp>Click &quot;OK&quot; to proceed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_4_96c152c92e.png\" alt=\"セキュリティーキーのセットアップポップアップ\">\u003C\u002Fp>\n\u003Cp>Then click &quot;OK&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_5_104b81510a.png\" alt=\"セットアップの続行ポップアップ\">\u003C\u002Fp>\n\u003Cp>If the YubiKey is not connected to USB, you will be prompted to do so.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_6_8c322fc95a.png\" alt=\"セキュリティキーの接続要求\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Connect your YubiKey to a USB port\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_7_adcd2147f6.jpeg\" alt=\"YubiKeyをUSBに接続\">\u003C\u002Fp>\n\u003Cp>After connecting the YubiKey, you will be prompted for a \u003Cstrong>PIN\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_8_d026389a4e.png\" alt=\"PINの入力\">\u003C\u002Fp>\n\u003Cpre>\u003Ccode>In the case of a fingerprint type authentication device, a fingerprint verification will be asked instead of PIN input.\nAlso, PIN input will not be displayed for FIDO authentication devices that do not support PIN or fingerprints(※).\n※ Slightly old devices that do not support FIDO2 (U2F only), such as YubiKey 4.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>A message will appear asking you to touch your YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_9_873fe2fefd.png\" alt=\"セキュリティキーのタッチ要求\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The letter\u003C\u002Fstrong> &quot;\u003Cstrong>Y\u003C\u002Fstrong>&quot; \u003Cstrong>of the connected YubiKey will light up, so touch it\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_10_3e970d2fa7.jpeg\" alt=\"YubiKeyにタッチ\">\u003C\u002Fp>\n\u003Cp>登録が完了するとこのようなメッセージが表示されます。\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_11_3d0671bea7.png\" alt=\"登録完了メッセージ\">\u003C\u002Fp>\n\u003Cp>Looking at the contents, it seems that \u003Cstrong>up to 8\u003C\u002Fstrong> authentication devices can be registered.\u003C\u002Fp>\n\u003Cp>※ After registering a maximum of 8 devices, the &quot;Assign MFA device&quot; button will be disabled.\u003C\u002Fp>\n\u003Cp>The added key will be displayed in the list.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_12_ac598c615b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When I thought: &quot;Where can I check the entered device name?&quot;, it was included in the &quot;Identifier&quot;.\u003C\u002Fp>\n\u003Cp>The setting is completed.\u003C\u002Fp>\n\u003Cp>You will now have \u003Cstrong>multi-factor authentication on your next login\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Login Confirmation Procedure\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Sign out once, and try to use the YubiKey when logging in.\u003C\u002Fp>\n\u003Cp>Display the login screen of the AWS console.\u003C\u002Fp>\n\u003Cp>Enter your username and password to sign in.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_13_6c2a1bb7f5.png\" alt=\"追加の検証としてセキュリティキーのタッチ要求\">\u003C\u002Fp>\n\u003Cp>You will be asked to connect a security key as \u003Cstrong>additional verification\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_14_d786c07b1f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When you connect the YubiKey to USB, you will be asked to touch your key.\u003C\u002Fp>\n\u003Cp>You \u003Cstrong>will not be asked to enter a PIN\u003C\u002Fstrong> when logging in. It&#39;s how U2F works.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_15_e770f6937d.png\" alt=\"追加の検証としてセキュリティキーのタッチ要求\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Touch your YubiKey.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_16_5bd15cbac5.jpeg\" alt=\"YubiKeyにタッチ\">\u003C\u002Fp>\n\u003Cp>If the authentication is successful, the console screen will open.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_17_b079913ceb.png\" alt=\"ログイン成功画面\">\u003C\u002Fp>\n\u003Cp>You were able to successfully \u003Cstrong>log in with multi-factor authentication using YubiKey\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Register Other Authentication Devices\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>I used YubiKey5 NFC in the procedure, but you \u003Cstrong>can use any authentication device that supports FIDO\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>I will try to register with other authentication devices sold by our company.\u003C\u002Fp>\n\u003Ch4>YubiKey Bio (Yubico)\u003C\u002Fh4>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_18_81776c087b.jpeg\" alt=\"YubiKey Bio\">\u003C\u002Fp>\n\u003Cp>※ My YubiKey Bio is Type C, but I don&#39;t have a Type C connection port on my PC, so I used a USB adapter.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKey Bio\u003C\u002Fstrong> is a device that can perform FIDO2 biometric authentication (fingerprint).\u003C\u002Fp>\n\u003Ch4>Idem Key (GoTrust)\u003C\u002Fh4>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_19_cd8bb28fbc.jpeg\" alt=\"IdemKey\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Idem Key\u003C\u002Fstrong> is an authentication device that sets a FIDO2 PIN, just like YubiKey5 NFC.\u003C\u002Fp>\n\u003Ch4>ATKey.Pro (AUTHENTREND)\u003C\u002Fh4>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_20_4e98084a94.jpeg\" alt=\"ATKey.Pro\">\u003C\u002Fp>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>ATKey.Pro\u003C\u002Fstrong> is an authentication device that can perform FIDO2 biometric authentication (fingerprint).\u003C\u002Fp>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>YubiKey4 (Yubico)\u003C\u002Fh4>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_21_b352f35f8b.jpeg\" alt=\"YubiKey4\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKey4\u003C\u002Fstrong> is a U2F device. ※ Currently not available.\u003C\u002Fp>\n\u003Cp>All of these authentication devices \u003Cstrong>could be used\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From here on, it&#39;s a small story level, but the operation at the time of registration and authentication differs slightly depending on the device.\u003C\u002Fp>\n\u003Cp>The authentication devices tested this time can be divided into the following types:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FIDO2 (PIN)\u003C\u002Fstrong> …YubiKey5 NFC, Idem Key, etc.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FIDO2 (biometric authentication)\u003C\u002Fstrong> …YubiKey Bio, ATKey.Pro, etc.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FIDO U2F\u003C\u002Fstrong> …YubiKey4, etc.\u003C\u002Fp>\n\u003Cp>And the behavior for each type is as follows:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>At registration:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FIDO2 (PIN): Touch after entering a PIN\u003C\u002Fp>\n\u003Cp>FIDO2 (biometric authentication): biometric check + touch\u003C\u002Fp>\n\u003Cp>FIDO U2F: touch only\u003C\u002Fp>\n\u003Cp>\u003Cstrong>At authentication:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FIDO2 (PIN): touch only\u003C\u002Fp>\n\u003Cp>FIDO2 (biometric authentication): biometric check + touch\u003C\u002Fp>\n\u003Cp>FIDO U2F: touch only\u003C\u002Fp>\n\u003Cp>Since the implementation on the AWS side is U2F, if the authentication device used is FIDO2, the behavior seems to change little by little.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>By setting up multi-factor authentication using YubiKey, you can log in \u003Cstrong>more securely and easily\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>As I wrote at the beginning, the one-time password (TOTP) is convenient because it can be used with a smartphone. But as the number of IDs to be used increases, it becomes difficult just to search for the right ID. And it is surprisingly troublesome to enter the TOTP each time. So authentication devices are more convenient to use, right?\u003C\u002Fp>\n\u003Cp>From the point of view of management, it is also easy to manage, since all you have to do is manage physical devices.\u003C\u002Fp>\n\u003Cp>If your company doesn&#39;t have company-issued smartphones, it&#39;s uneasy to put one-time password information on your smartphone from a security perspective. But if it&#39;s a physical device, it&#39;s possible to hand over the device to the user only when necessary.\u003C\u002Fp>\n\u003Cp>If you have a FIDO authentication device such as YubiKey, why not give it a try?\u003C\u002Fp>\n\u003Cp>You can purchase YubiKeys and other authentication devices we sell from the following sites.\u003C\u002Fp>\n\u003Cp>For a quote, please contact us using the inquiry form.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKey Shop (Authorized Reseller)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">https:\u002F\u002Fykey.yubion.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Amazon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&amp;marketplaceID=A1VC38T7YXB528\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contact\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Thank you for reading to the end.\u003C\u002Fp>\n","aws-mfa-login-with-yubikey","2022-12-21","2026-04-28T06:46:57.334Z","2026-04-28T06:47:00.614Z",{"id":1806,"documentId":1807,"name":1808,"alternativeText":20,"caption":20,"focalPoint":20,"width":1809,"height":1810,"formats":1811,"hash":1836,"ext":25,"mime":29,"size":1837,"url":1838,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1839,"updatedAt":1839,"publishedAt":1839},618,"z6x9jby29zdkc7glu1ypppi3","blog-aws-mfa-login-with-yubikey-1.png",866,958,{"small":1812,"medium":1820,"thumbnail":1828},{"ext":25,"url":1813,"etag":1814,"hash":1815,"mime":29,"name":1816,"path":20,"size":1817,"width":1818,"height":41,"sizeInBytes":1819},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_aws_mfa_login_with_yubikey_1_74d6a07b39.png","7b659bbb7d6322f501aa493057937e44","small_blog_aws_mfa_login_with_yubikey_1_74d6a07b39","small_blog-aws-mfa-login-with-yubikey-1.png",62.66,452,62664,{"ext":25,"url":1821,"etag":1822,"hash":1823,"mime":29,"name":1824,"path":20,"size":1825,"width":1826,"height":50,"sizeInBytes":1827},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_aws_mfa_login_with_yubikey_1_74d6a07b39.png","d31a24a67492d197b1242c69ab3d6eec","medium_blog_aws_mfa_login_with_yubikey_1_74d6a07b39","medium_blog-aws-mfa-login-with-yubikey-1.png",113.28,678,113279,{"ext":25,"url":1829,"etag":1830,"hash":1831,"mime":29,"name":1832,"path":20,"size":1833,"width":1834,"height":59,"sizeInBytes":1835},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_aws_mfa_login_with_yubikey_1_74d6a07b39.png","8011911071c31b6c471504f5e5a85d64","thumbnail_blog_aws_mfa_login_with_yubikey_1_74d6a07b39","thumbnail_blog-aws-mfa-login-with-yubikey-1.png",11.92,141,11919,"blog_aws_mfa_login_with_yubikey_1_74d6a07b39",28.11,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_1_74d6a07b39.png","2026-04-28T06:45:04.869Z",[1841,1842,1843,1844],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":550,"documentId":551,"name":552,"slug":20,"createdAt":553,"updatedAt":553,"publishedAt":554},{"id":1779,"documentId":1780,"name":1781,"slug":20,"createdAt":1782,"updatedAt":1782,"publishedAt":1783},{"id":1379,"documentId":1380,"name":1381,"slug":20,"createdAt":1382,"updatedAt":1382,"publishedAt":1383},{"id":1846,"documentId":1847,"title":1848,"content":1849,"slug":1850,"published":1851,"createdAt":1852,"updatedAt":1852,"publishedAt":1853,"locale":14,"authorManual":570,"cover":1854,"tags":1896},67,"od0ivtvg3vrogamhmge02vpx","[PPAP Measures] Ready-to-use file transfer service YubiOn SecureFileTransfer","\u003Cp>On November 30th, 2022, we released &quot;YubiOn SecureFileTransfer (beta version)&quot;, a file transfer cloud service that can be used for PPAP countermeasures.\u003C\u002Fp>\n\u003Cp>This time, I would like to introduce how actually to use &quot;YubiOn SecureFileTransfer&quot;, including the procedure.\u003C\u002Fp>\n\u003Cp>The first half is a rough overview, and the second half describes the actual procedure. So, if you want to know the outline, you can read only the first half.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-32f5\">[First half] YubiOn SecureFileTransfer Introduction\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-b4pl9\">[Second half] How to use YubiOn SecureFileTransfer\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ At the time of this article, the beta version was used, so please understand that the operation and specifications may change due to future product updates.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>[First half]\u003C\u002Fstrong> \u003Cstrong>YubiOn SecureFileTransfer\u003C\u002Fstrong> \u003Cstrong>Introduction\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>I will introduce the general features of YubiOn SecureFileTransfer.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-6a98s\">PPAP headed for repeal\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-cr270\">What can YubiOn SecureFileTransfer do?\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-3ggg0\">Overview of communication using YubiOn SecureFileTransfer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-eurq\">Advantages of YubiOn SecureFileTransfer\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>PPAP headed for repeal\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>We are introducing it under the name of PPAP countermeasure product, but I think some people may be wondering: \u003Cstrong>What exactly is PPAP?\u003C\u002Fstrong> So let me briefly explain this.\u003C\u002Fp>\n\u003Cp>For example, imagine a situation where you want to email someone a confidential file.\u003C\u002Fp>\n\u003Cp>If it&#39;s a regular file, you can attach it. But it&#39;s a confidential file, so you can&#39;t just attach it to an email. It is very dangerous if the e-mail is stolen, it will be a leakage of information.\u003C\u002Fp>\n\u003Cp>So, you compressed the file you want to send to a ZIP file with a password. Then, you attached the ZIP file to an email and send it. But you need to tell your recipient the decompression password. So you sent another email with only the password...\u003C\u002Fp>\n\u003Cp>I&#39;m sure many of you have used this method before.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616.jpeg\" alt=\"PPAPのパターン\">\u003C\u002Fp>\n\u003Cp>PPAP Pattern\u003C\u002Fp>\n\u003Cp>This method of telling the password after attaching the ZIP file with a password is commonly called \u003Cstrong>PPAP\u003C\u002Fstrong>. If you&#39;ve done it before, you&#39;ll know that this procedure is quite cumbersome. Moreover, it has been pointed out that it is not effective as a security measure. Certainly, suppose there is a risk of your e-mail being stolen. In that case, even if you send the password with a separate email, there is a high possibility that both of them will be stolen after all, and you can imagine that &quot;It may not be very effective?&quot;.\u003C\u002Fp>\n\u003Cp>The Japanese government is also shifting toward prohibiting PPAP, and after November 26th, 2020, the Cabinet Office and Cabinet Secretariat announced that PPAP will be abolished.\u003C\u002Fp>\n\u003Cp>The movement to abolish PPAP is also spreading among general companies. And it is expected to accelerate in the future. The use of password-protected ZIP files will become unusable for communication with those companies. Attaching a file to the email itself carries the risk of a computer virus, and in the future, if you attach a password-protected ZIP file, you may be scolded by your business partner as &quot;Insane!&quot;.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>What can YubiOn SecureFileTransfer do?\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>As mentioned above, PPAP and email attachments are becoming more and more discouraged. However, if you want to send a file in the middle of an email exchange, file attachments are very easy and convenient. If you can&#39;t use attachments, you may be in trouble.\u003C\u002Fp>\n\u003Cp>This is where YubiOn SecureFileTransfer finally comes into play. This is \u003Cstrong>a cloud service that allows you to send files\u003C\u002Fstrong> securely \u003Cstrong>without attaching them to emails\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Since it is not attached to the email,\u003C\u002Fstrong> it is \u003Cstrong>a PPAP countermeasure\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Let&#39;s take a look at an overview of the exchange.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Overview of communication using YubiOn SecureFileTransfer\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Suppose someone who wants to send a file (sender) sends an email to someone who will receive the file (recipient).\u003C\u002Fp>\n\u003Cp>※ The sender needs to register in advance to use YubiOn SecureFileTransfer, but here assume that registration has already been completed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_2_3489377912.png\" alt=\"1.ファイルをアップロード\">\u003C\u002Fp>\n\u003Col>\n\u003Cli>Upload file\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>First, \u003Cstrong>the sender\u003C\u002Fstrong> \u003Cstrong>uploads\u003C\u002Fstrong> the file he\u002Fshe wants to send to YubiOn SecureFileTransfer.\u003C\u002Fp>\n\u003Cp>At this time, he\u002Fshe can specify the recipient&#39;s email address and can restrict people other than the specified email address from downloading the file.\u003C\u002Fp>\n\u003Cp>※ You can choose not to specify an email address. In this case, there is no download limit; anyone can download the file.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_3_4f2cba3a1b.png\" alt=\"2.ダウンロードURLを通知\">\u003C\u002Fp>\n\u003Col start=\"2\">\n\u003Cli>Notify download URL\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>When the upload is complete, the download URL will be displayed, so \u003Cstrong>email the\u003C\u002Fstrong> \u003Cstrong>URL\u003C\u002Fstrong> to the person you want to send the file (recipient).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_4_189c40e05b.png\" alt=\"3.ファイルをダウンロード\">\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Download the file\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>The recipient\u003C\u002Fstrong> accesses the download URL and \u003Cstrong>downloads the file\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>At this time, if an email address is specified, its owner will be asked to log in. Only specified accounts can download. If no email address is specified, you can download the file without logging in.\u003C\u002Fp>\n\u003Cp>You have transferred the file successfully.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Advantages of\u003C\u002Fstrong> \u003Cstrong>YubiOn SecureFileTransfer\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>As you can see, exchanging files using YubiOn SecureFileTransfer \u003Cstrong>does not attach files to emails\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>In addition, you can specify an email address \u003Cstrong>to prevent unauthorized file downloads by third parties\u003C\u002Fstrong>. Therefore, even if a third party steals the content of the email, the file will not be.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Files are encrypted and stored in the cloud\u003C\u002Fstrong>. In addition, \u003Cstrong>the upload and download paths are encrypted with SSL\u002FTLS\u003C\u002Fstrong>, so files can be sent and received securely.\u003C\u002Fp>\n\u003Cp>As with other functions, you can know whether uploaded files have been downloaded, and you can also delete uploaded files. As a result, if you delete the uploaded file after confirming the recipient&#39;s download, you can operate more safely without exposing the file more than necessary.\u003C\u002Fp>\n\u003Cp>In the case of attaching to an email, if the destination email address or the attached file is incorrect, it may be irreversible. But if you use YubiOn SecureFileTransfer, you can delete the file. It also avoids the risk of these human errors.\u003C\u002Fp>\n\u003Cp>In addition, since files to be uploaded can be up to 1GB, it can be used even when sending files that are too large to be attached by email.\u003C\u002Fp>\n\u003Cp>You can use it free now, so please register and give it a try.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion-securefiletransfer\">https:\u002F\u002Fwww.yubion.com\u002Fyubion-securefiletransfer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In the second half, I will introduce the specific operation procedure.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>[Second half] How to use YubiOn SecureFileTransfer\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>YubiOn SecureFileTransfer is a cloud service that can be used immediately after registration.\u003C\u002Fp>\n\u003Cp>This section describes the procedure for actually using the service to send and receive files.\u003C\u002Fp>\n\u003Cp>The general flow of usage is as follows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-6mcvc\">[Sender] Register for YubiOn SecureFileTransfer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-8ejsq\">[Sender] Upload the file you want to send\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-90kmo\">[Sender] Notify the download URL to the recipient\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-1b31u\">[Recipient] Download the file\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Now I will explain the specific steps.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Register for\u003C\u002Fstrong> \u003Cstrong>YubiOn SecureFileTransfer\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Register an account to use YubiOn SecureFileTransfer.\u003C\u002Fp>\n\u003Cp>Click the &quot;Sign up&quot; button on the top of the product page.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion-securefiletransfer\">https:\u002F\u002Fwww.yubion.com\u002Fyubion-securefiletransfer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_5_7b601a94df.png\" alt=\"SecureFileTransferの利用開始\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_6_fda32be290.png\" alt=\"新規登録 - 注意事項\">\u003C\u002Fp>\n\u003Cp>After reading the &quot;Privacy Policy&quot; and &quot; Terms of Service&quot;, check the checkbox to agree and click the &quot;Next&quot; button.\u003C\u002Fp>\n\u003Cp>Next, we will register an account. There are 2 ways:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-47kkg\">If you have a Google account\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-1ktf4\">If you don&#39;t have a Google account\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>[If you have a Google account]\u003C\u002Fh4>\n\u003Cp>If you have a Google account, you can easily register with your Google account.\u003C\u002Fp>\n\u003Cp>Click the Google icon in &quot;Register using an external service account&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_7_f1c2202efb.png\" alt=\"ユーザー登録\">\u003C\u002Fp>\n\u003Cp>If you use multiple Google accounts, please select which account to use.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_8_83b6a45cc9.png\" alt=\"ユーザー登録完了\">\u003C\u002Fp>\n\u003Cp>Linking with Google is done and registration is complete.\u003C\u002Fp>\n\u003Cp>This method is fast, right?\u003C\u002Fp>\n\u003Ch4>[If you don&#39;t have a Google account]\u003C\u002Fh4>\n\u003Cp>If you don&#39;t have a Google, you will need to register your email address and confirm your email.\u003C\u002Fp>\n\u003Cp>Enter the name, email address, password, and confirmation password to be registered in &quot;Register by entering user information&quot; and click the register button at the bottom of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_9_83708bddc1.png\" alt=\"ユーザー登録 (手入力)\">\u003C\u002Fp>\n\u003Cp>Click &quot;OK&quot; on the confirmation message.\u003C\u002Fp>\n\u003Cp>The user&#39;s temporary registration screen will be displayed. At this time, a registration email will be sent to the email address you entered.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_10_72076494a9.png\" alt=\"仮登録画面\">\u003C\u002Fp>\n\u003Cp>Check the email with your email client and click the link in the content.\u003C\u002Fp>\n\u003Cp>The expiration time is 1 hour. If the expiration time has expired, you will have to start over from registration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_11_b7e180c7c8.png\" alt=\"ユーザー登録承認リクエストメール\">\u003C\u002Fp>\n\u003Cp>When you access the URL, an email address input screen opens\nEnter the registered email address, click the &quot;Confirm&quot; button, and enter the registered password to log in.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_12_c4847f66c7.png\" alt=\"メールアドレス確認画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_13_143ea58ca4.png\" alt=\"パスワード入力\">\u003C\u002Fp>\n\u003Cp>Enter the correct password to complete registration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_14_96b4effbe9.png\" alt=\"メールアドレス確認完了\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Upload the file you want to send\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Log in to YubiOn SecureFileTransfer with your registered email address.\u003C\u002Fp>\n\u003Cp>Select &quot;Upload&quot; from the left menu to open the Upload screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_15_09227e1c9f.png\" alt=\"アップロード画面へのリンク\">\u003C\u002Fp>\n\u003Cp>Enter the &quot;Outline&quot; items.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_16_3994cee952.png\" alt=\"アップロードの設定\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>From:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The sender&#39;s email address.\u003C\u002Fp>\n\u003Cp>If you have multiple email addresses, you can add your email address in advance on the setting screen. Then, you can select from the pull-down menu.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>To:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This setting determines whether to specify the destination (recipient) email address.\u003C\u002Fp>\n\u003Cp>If you select &quot;Unlimited&quot;, anyone who knows the URL will be able to download the file. The recipients can download without registering for YubiOn SecureFileTransfer.\u003C\u002Fp>\n\u003Cp>If you select &quot;Only the specified mail address&quot;, enter the recipient&#39;s email address. You can also specify multiple email addresses by clicking the plus icon.\u003C\u002Fp>\n\u003Cp>The recipient must log in to YubiOn SecureFileTransfer when downloading from the URL. ※ Registration is required if the recipient has not registered.\u003C\u002Fp>\n\u003Cp>Selecting &quot;Only the specified mail address&quot; provides higher security strength, so it is usually safer to specify.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Title:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The file title when the uploaded file is downloaded. Any name is OK.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Options:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you click the &quot;Open options&quot; button, the option settings will be displayed. But, since the setting value is fixed in the beta version, you cannot change it now.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_17_5b0c43766c.png\" alt=\"アップロードのオプション\">\u003C\u002Fp>\n\u003Cp>Specify the file to be uploaded by clicking the &quot;Select file&quot; button in the &quot;List of files in archive&quot; or by dragging and dropping the file.\u003C\u002Fp>\n\u003Cp>You can specify multiple files.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_18_618b240200.png\" alt=\"アップロードするファイルを選択\">\u003C\u002Fp>\n\u003Cp>Click the &quot;Upload&quot; button and click &quot;OK&quot; on the confirmation message.\u003C\u002Fp>\n\u003Cp>The file upload will start.\u003C\u002Fp>\n\u003Cp>Files are automatically zipped and uploaded.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_19_3537ac6c0d.png\" alt=\"アップロード完了画面\">\u003C\u002Fp>\n\u003Cp>When the upload is completed, a screen like this will be displayed.\u003C\u002Fp>\n\u003Cp>Send the download URL displayed here to the person you want to send the file.\u003C\u002Fp>\n\u003Cp>We will send an email this time.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Notify the download URL to the recipient\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>To tell the download URL to the recipient, open the mailer and write the email text.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_20_8083b0e37f.png\" alt=\"メール内容例\">\u003C\u002Fp>\n\u003Cp>Copy and paste the download URL in the text.\u003C\u002Fp>\n\u003Cp>The file download expiration date is set to 3 days by default, so write it just in case.\u003C\u002Fp>\n\u003Cp>Send the email.\u003C\u002Fp>\n\u003Cp>The sender operation is completed.\u003C\u002Fp>\n\u003Cp>From the next step onwards, we will look at the operations on the recipient side.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Download the file\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>From here, we will check the operation on the recipient side.\u003C\u002Fp>\n\u003Cp>An email has arrived from the sender, so click the download URL in the email text.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_21_57fb3c3b9f.png\" alt=\"受信したメール例\">\u003C\u002Fp>\n\u003Cp>When you access the URL, the YubiOn SecureFileTransfer login screen will be displayed.\u003C\u002Fp>\n\u003Cp>By the way, if the sender uploads without specifying an email address, the download screen will open directly instead of the login screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_22_8ef1e2c085.png\" alt=\"ログイン画面\">\u003C\u002Fp>\n\u003Cp>If you have registered for YubiOn SecureFileTransfer before, you will need to log in, but if you are using it for the first time, you will need to register by clicking the &quot;Sign up&quot; link.\u003C\u002Fp>\n\u003Cp>The registration operation is the same as the content of &quot;\u003Ca href=\"#viewer-6mcvc\">Register for YubiOn SecureFileTransfer\u003C\u002Fa>&quot; above, so I will omit it here. Please note that the registered email address must match the email address specified by the sender.\u003C\u002Fp>\n\u003Cp>If the registration is successful, the received file screen will be displayed after login.\u003C\u002Fp>\n\u003Cp>If the download screen is not displayed, open the received file screen from &quot;Inbox&quot; on the left menu.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_23_921c14b6ee.png\" alt=\"ダウンロード画面\">\u003C\u002Fp>\n\u003Cp>The contents of the files are displayed in the &quot;List of files in archive&quot;.\u003C\u002Fp>\n\u003Cp>Click the &quot;Download&quot; button.\u003C\u002Fp>\n\u003Cp>Click the &quot;Save&quot; button to download the file.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_24_abaacfe66d.png\" alt=\"ファイルをダウンロード\">\u003C\u002Fp>\n\u003Cp>The file name is the name specified by the sender in the &quot;Title&quot;.\u003C\u002Fp>\n\u003Cp>The files have been successfully sent.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Introduction of other functions\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>I would like to add \u003Cstrong>a function that allows the sender to check\u003C\u002Fstrong> after uploading.\u003C\u002Fp>\n\u003Cp>On the sender side, the information of the sent file is displayed in a list on the &quot;Outbox&quot; screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_25_90b27e8af6.png\" alt=\"送信ファイル一覧画面\">\u003C\u002Fp>\n\u003Cp>Click the title to view information about the uploaded file.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_26_a6044ecf9d.png\" alt=\"送信ファイル詳細画面\">\u003C\u002Fp>\n\u003Cp>When you open the detailed information, \u003Cstrong>you can check the URL of the download page again\u003C\u002Fstrong>, so please check from here if you failed to copy the URL.\u003C\u002Fp>\n\u003Cp>In addition, the number of times the file has been downloaded is displayed in the &quot;Number of downloads possible&quot;, so \u003Cstrong>you can check whether the file has been downloaded\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Currently, it is not possible to see who downloaded it, but we plan to make it possible to check detailed information in future updates.\u003C\u002Fp>\n\u003Cp>By the way, \u003Cstrong>if the download expiration date has passed, the file will be deleted\u003C\u002Fstrong> and will disappear from the list, so please be careful.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Cstrong>YubiOn SecureFileTransfer is a service that allows you to transfer files without attaching them to emails.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>It is a PPAP countermeasure because it does not attach files to the email.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Uploaded files are safe because you can limit who can download them.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>That was the introduction of YubiOn SecureFileTransfer.\u003C\u002Fp>\n\u003Cp>You can use it for free, so please take this opportunity to try it.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion-securefiletransfer\">https:\u002F\u002Fwww.yubion.com\u002Fyubion-securefiletransfer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>We will continue to update and aim to make the product even more convenient and easier to use.\u003C\u002Fp>\n\u003Cp>If you have any comments or impressions, such as things you noticed while using the service, to suggestions for ways to use it, please send them from the &quot;FeedBack&quot; form that appears when you click your name in the upper right corner of the login.\u003C\u002Fp>\n\u003Cp>We will use it as a reference for future updates.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_27_1196cd19c9.png\" alt=\"フィードバックへのリンク\">\u003C\u002Fp>\n\u003Cp>Thank you for reading to the end.\u003C\u002Fp>\n","how-to-use-yubion-securefiletransfer","2022-12-14","2026-04-28T06:49:41.409Z","2026-04-28T06:49:44.846Z",{"id":1855,"documentId":1856,"name":1857,"alternativeText":20,"caption":20,"focalPoint":20,"width":1858,"height":690,"formats":1859,"hash":1892,"ext":512,"mime":516,"size":1893,"url":1894,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1895,"updatedAt":1895,"publishedAt":1895},639,"q6641s85iues4plrwsgntpuq","blog-how-to-use-yubion-securefiletransfer-1.jpeg",2472,{"large":1860,"small":1868,"medium":1876,"thumbnail":1884},{"ext":512,"url":1861,"etag":1862,"hash":1863,"mime":516,"name":1864,"path":20,"size":1865,"width":32,"height":1866,"sizeInBytes":1867},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616.jpeg","68e9bd15821836bcc81ffd80edf069c8","large_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616","large_blog-how-to-use-yubion-securefiletransfer-1.jpeg",24.46,474,24462,{"ext":512,"url":1869,"etag":1870,"hash":1871,"mime":516,"name":1872,"path":20,"size":1873,"width":41,"height":1874,"sizeInBytes":1875},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616.jpeg","3ea3b156e3efb68ee897da44d47e565e","small_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616","small_blog-how-to-use-yubion-securefiletransfer-1.jpeg",10.6,237,10596,{"ext":512,"url":1877,"etag":1878,"hash":1879,"mime":516,"name":1880,"path":20,"size":1881,"width":50,"height":1882,"sizeInBytes":1883},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616.jpeg","3534fbf047b9cc34eee1ba5d94673d8b","medium_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616","medium_blog-how-to-use-yubion-securefiletransfer-1.jpeg",17.15,356,17145,{"ext":512,"url":1885,"etag":1886,"hash":1887,"mime":516,"name":1888,"path":20,"size":1889,"width":124,"height":1890,"sizeInBytes":1891},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616.jpeg","318fb5f8dd171a0aeaeb21c9bc1fce64","thumbnail_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616","thumbnail_blog-how-to-use-yubion-securefiletransfer-1.jpeg",4.38,116,4381,"blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616",77.66,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616.jpeg","2026-04-28T06:47:18.364Z",[1897],{"id":1898,"documentId":1899,"name":1900,"slug":20,"createdAt":1901,"updatedAt":1901,"publishedAt":1902},104,"k1gb1qbio0gpaudcqjphi8mc","PPAP","2026-04-28T06:49:36.593Z","2026-04-28T06:49:38.427Z",{"id":1904,"documentId":1905,"title":1906,"content":1907,"slug":1908,"published":1909,"createdAt":1910,"updatedAt":1910,"publishedAt":1911,"locale":14,"authorManual":570,"cover":1912,"tags":1950},35,"za1r8f0khw9v4j4lxasg8he8","FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for macOS","\u003Cp>You are using macOS or Linux(GUI), and you have bought a FIDO2 security key, but where to set the PIN? Or where to enroll the fingerprint? I think some people would be confused. This article describes how to set a PIN and fingerprint for a FIDO2-compatible security key for macOS or Linux users.\u003C\u002Fp>\n\u003Cp>There are 3 main patterns for setting FIDO2-compatible security keys.\u003C\u002Fp>\n\u003Cp>(Hereafter, FIDO2-compatible security keys are abbreviated as security keys.)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>Security key setup for Windows (10, 11)\u003C\u002Fstrong>\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting---fingerprint-setting-for-windows?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for Windows\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Setup using Chrome browser for macOS and Linux\u003C\u002Fstrong>\n→ Here is how to do it. Below are links to each section.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-f3jhj\">How to access the security key setup screen\u003C\u002Fa>\n\u003Ca href=\"#viewer-9tsdn\">How to register PIN\u003C\u002Fa>\n\u003Ca href=\"#viewer-8q4fj\">How to enroll fingerprints\u003C\u002Fa>\n　→ Please refer to these instructions to add another fingerprint too.\n\u003Ca href=\"#viewer-1t357\">How to remove fingerprints\u003C\u002Fa>\n\u003Ca href=\"#viewer-effk8\">How to change the PIN\u003C\u002Fa>\n\u003Ca href=\"#viewer-3iasv\">How to reset the security key\u003C\u002Fa>\n　→ If your security key has been blocked, please follow these steps to reset it.\n\u003Ca href=\"#viewer-s2gk\">Buy a security key\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Setup using tools provided by each authentication device vendor\u003C\u002Fstrong>\n→ Please check the website of each authentication device vendor.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>Environment Information\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Ch3>\u003Cstrong>PC\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>macOS Monterey (12.6)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Browser\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Chrome (version 90 or later)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Security Key\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>YubiKey 5 NFC (non-biometric)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>YubiKey Bio (biometric)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ The above security keys were used for the explanation, but the same operation is possible with other security keys.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Notes\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>Leaving the setup screen for too long\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The next operation may fail if the security key setup screen is left for too long.\u003C\u002Fli>\n\u003Cli>When you are asked to operate with the security key, if you leave it too long, it may fail due to timeout.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Information about PIN change\u003C\u002Fstrong>\nEven if you change the PIN of a security key that has already been registered on multiple websites, you can use it without any problems.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>About security key reset\u003C\u002Fstrong>\nIf you enter the wrong PIN 8 times in a row, you will be asked to reset your security key. After resetting, all the credentials that have been registered on websites and apps so far will also be removed.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>If the security key does not respond\u003C\u002Fstrong>\nPlease try the following operations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If it is connected via a USB hub, etc., try to connect it to the PC directly.\u003C\u002Fli>\n\u003Cli>If there is still no response after connecting to the PC directly, please try on another PC.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ If there is still no response after trying the above ways, please contact the vendor where you bought the security key. Please use the inquiry form to inquire about keys purchased from us.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Setting security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>When you buy a security key, by default it has no PIN or fingerprint.\u003C\u002Fp>\n\u003Cp>First, I will explain how to set a PIN.\u003C\u002Fp>\n\u003Cp>※ Fingerprint-enabled devices also require a PIN.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to access the security key setup screen ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>First, insert your security key into the USB port.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Open the Chrome browser, click the &quot;\u003Cstrong>︙\u003C\u002Fstrong>&quot; three-dot reader at the top right of the screen, and click &quot;\u003Cstrong>Settings\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_2_ddb8b9cb90.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;\u003Cstrong>Privacy and security\u003C\u002Fstrong>&quot; on the left side of the screen.\u003C\u002Fp>\n\u003Cp>※ Please note that it is not displayed in guest mode.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_3_2f555b76ed.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;\u003Cstrong>Security\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_4_197058f323.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Scroll to the bottom of the screen and click &quot;\u003Cstrong>Manage security keys\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>※ This item is not displayed on Windows machines.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_5_c45023ad95.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The security key management menu will be displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_6_5ac5552770.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to register PIN ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section explains how to register a PIN. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-f3jhj\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click &quot;\u003Cstrong>Create a PIN\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_7_a81a3fe807.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to touch your security key, so touch your security key button (a metal part, a biometric sensor, a part where the light is blinking, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_8_120eeab19b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_9_c10c359f7b.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter a new PIN in the \u003Cstrong>PIN\u003C\u002Fstrong> field and enter a confirmation PIN in the \u003Cstrong>Confirm PIN\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>※ PIN can be set from 4 to 63 characters (length range defined by FIDO2 specification).\u003C\u002Fp>\n\u003Cp>※ Click the eye icon to see what you are currently entering.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Save\u003C\u002Fstrong>&quot; button after entering.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_10_5cf5823e92.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button when you have finished creating your PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_11_eb2b0f89f5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The PIN setting is completed.\u003C\u002Fp>\n\u003Cp>For other settings, please refer to the following.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-effk8\">How to change the PIN\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-3iasv\">How to reset the security key\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please refer to &quot;\u003Ca href=\"#viewer-8q4fj\">How to enroll fingerprints\u003C\u002Fa>&quot; to enroll your fingerprint.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to enroll fingerprints ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>You must set a PIN before enrolling your fingerprints. If the PIN setting has not been completed yet, set a PIN by referring to &quot;\u003Ca href=\"#viewer-9tsdn\">How to register PIN\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003Cp>This section describes how to enroll your fingerprints to your security key. The explanation here assumes that the setting screen is displayed. (Please follow the steps here to add another fingerprint too.)\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-f3jhj\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click &quot;\u003Cstrong>Fingerprints\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_12_7f0aa469e0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to touch your security key, so touch your security key button (a metal part, a biometric sensor, a part where the light is blinking, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_13_238530e8a1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_14_5ae5941de6.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter the PIN set for the security key in the \u003Cstrong>PIN\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>After entering, click the &quot;\u003Cstrong>Continue\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_15_41f0b025a0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Add\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_16_3304cb9fa3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The following screen will be displayed, so repeatedly put your finger on the fingerprint sensor and release it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_17_8e887b25ec.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After enrolling your fingerprint, click the &quot;\u003Cstrong>Continue\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_18_f6c2099f19.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to enter the name of your fingerprint, so enter it in the \u003Cstrong>Name\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>After entering, click the &quot;\u003Cstrong>Continue\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_19_ad389cd522.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The setting is completed when the enrolled fingerprint is displayed.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Done\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>※ It is also possible to add another fingerprint from the &quot;\u003Cstrong>Add\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_20_c6d40859ca.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The fingerprint enrollment is completed.\u003C\u002Fp>\n\u003Cp>For other settings, please refer to the following.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-1t357\">How to remove fingerprints\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>[ How to remove fingerprints ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section describes how to remove fingerprint data from the security key. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-f3jhj\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click &quot;\u003Cstrong>Fingerprints\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_12_7f0aa469e0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to touch your security key, so touch your security key button (a metal part, a biometric sensor, a part where the light is blinking, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_13_238530e8a1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_14_5ae5941de6.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter the PIN set for the security key in the \u003Cstrong>PIN\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>After entering, click the &quot;\u003Cstrong>Continue\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_15_41f0b025a0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A list of enrolled fingerprints will be displayed, so click the &quot;\u003Cstrong>×\u003C\u002Fstrong>&quot; icon on the right of the fingerprint you want to delete.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_21_c2709f9637.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Done\u003C\u002Fstrong>&quot; button when the specified fingerprint is deleted.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_22_a3a5f07fa0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Fingerprint removal is complete.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to change the PIN ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section explains how to change the security key PIN. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-f3jhj\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click &quot;\u003Cstrong>Create a PIN\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_7_a81a3fe807.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to touch your security key, so touch your security key button (a metal part, a biometric sensor, a part where the light is blinking, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_8_120eeab19b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_9_c10c359f7b.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter the PIN currently set for the security key in the \u003Cstrong>Current PIN\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>Then enter a new PIN in the \u003Cstrong>PIN\u003C\u002Fstrong> field and a confirmation PIN in the \u003Cstrong>Confirm PIN\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>Finally, click the &quot;\u003Cstrong>Save\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_23_d24348bbd1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After changing the PIN, click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_24_beb5aac76f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The PIN change is complete.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to reset the security key ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section describes how to delete all security key settings and reset them to factory settings. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-f3jhj\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>About resetting a security key that is already in use\u003C\u002Fstrong>\nIf you reset a security key that has already been registered to a website or application, your authentication information will also be lost. If you want to use the reset security key, you will need to set your PIN and fingerprint and re-register to the website you are using.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Click &quot;\u003Cstrong>Reset your security key\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_25_93c420d0f3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Remove your security key from the USB port, insert it again, and then touch its button (a metal part, a part where the light is blinking, etc.)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_26_1cda469551.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A reset confirmation message will be displayed, so touch your security key button (a metal part, a part where the light is blinking, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_27_5c8d1766b9.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After resetting your security key, click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>After the reset is completed, the PIN and fingerprints that have been set up until now will be removed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_28_6fdd0e07cb.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Security key reset is completed.\u003C\u002Fp>\n\u003Cp>If you want to use the reset security key again, register your PIN or fingerprint, and register your authentication information to the website or application you are using.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ Buy a security key ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>We sell multiple FIDO2-compatible security keys. You can also buy from Amazon as the following.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">B\u003C\u002Fa>uy on Amazon\u003C\u002Fp>\n\u003Cp>※ Please contact us for bulk purchases.\u003C\u002Fp>\n","fido2-security-key-pin-fingerprint-setting-macos","2022-12-13","2026-04-28T06:29:19.595Z","2026-04-28T06:29:22.728Z",{"id":1007,"documentId":1913,"name":1914,"alternativeText":20,"caption":20,"focalPoint":20,"width":1915,"height":1916,"formats":1917,"hash":1946,"ext":512,"mime":516,"size":1947,"url":1948,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1949,"updatedAt":1949,"publishedAt":1949},"kuiymbtxa1a7qsg5285xebd2","blog-fido2-security-key-pin-fingerprint-setting-macos-1.jpeg",3000,2250,{"large":1918,"small":1925,"medium":1932,"thumbnail":1939},{"ext":512,"url":1919,"etag":1920,"hash":1921,"mime":516,"name":1922,"path":20,"size":1923,"width":32,"height":50,"sizeInBytes":1924},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4.jpeg","561e69d67f732666b77d32262d3a076d","large_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4","large_blog-fido2-security-key-pin-fingerprint-setting-macos-1.jpeg",135.4,135397,{"ext":512,"url":1926,"etag":1927,"hash":1928,"mime":516,"name":1929,"path":20,"size":1930,"width":41,"height":1186,"sizeInBytes":1931},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4.jpeg","cb4d56010c8fea58644cfa371fe7f035","small_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4","small_blog-fido2-security-key-pin-fingerprint-setting-macos-1.jpeg",35.85,35853,{"ext":512,"url":1933,"etag":1934,"hash":1935,"mime":516,"name":1936,"path":20,"size":1937,"width":50,"height":1194,"sizeInBytes":1938},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4.jpeg","924e7c4f981c78db4fe69d202d92c635","medium_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4","medium_blog-fido2-security-key-pin-fingerprint-setting-macos-1.jpeg",78.93,78925,{"ext":512,"url":1940,"etag":1941,"hash":1942,"mime":516,"name":1943,"path":20,"size":1944,"width":1202,"height":59,"sizeInBytes":1945},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4.jpeg","7900c009be0efe12dda5eb8977cb9ff0","thumbnail_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4","thumbnail_blog-fido2-security-key-pin-fingerprint-setting-macos-1.jpeg",6.9,6898,"blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4",839.02,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4.jpeg","2026-04-28T06:27:04.137Z",[1951,1952,1953],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":550,"documentId":551,"name":552,"slug":20,"createdAt":553,"updatedAt":553,"publishedAt":554},{"id":1954,"documentId":1955,"name":1956,"slug":20,"createdAt":1957,"updatedAt":1957,"publishedAt":1958},100,"x8cbynox70wdsuf5bhpewjr6","macOS","2026-04-28T06:29:14.725Z","2026-04-28T06:29:16.584Z",{"id":1960,"documentId":1961,"title":1962,"content":1963,"slug":1964,"published":1965,"createdAt":1966,"updatedAt":1966,"publishedAt":1967,"locale":14,"authorManual":570,"cover":1968,"tags":1992},33,"ju1ren8vp5464jkj9rwxdriq","FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for Windows","\u003Cp>Even if you buy a security key that supports FIDO2, it does not often come with an instruction manual. You want to use it on a FIDO2-compatible site or application, but where to set the PIN? Or where to enroll the fingerprint? I think some people would be confused. This article describes how to set the PIN and fingerprint of the FIDO2-compatible security key.\u003C\u002Fp>\n\u003Cp>There are 3 main patterns for setting FIDO2-compatible security keys.\u003C\u002Fp>\n\u003Cp>(Hereafter, FIDO2-compatible security keys are abbreviated as security keys.)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>Security key setup for Windows (10, 11)\u003C\u002Fstrong>\n→ Here is how to do it. Below are links to each section.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>\n\u003Ca href=\"#viewer-cim03\">How to register PIN\u003C\u002Fa>\n\u003Ca href=\"#viewer-14sfs\">How to enroll fingerprints\u003C\u002Fa>\n\u003Ca href=\"#viewer-5mm1n\">How to add another fingerprint\u003C\u002Fa>\n\u003Ca href=\"#viewer-125m2\">How to remove fingerprints\u003C\u002Fa>\n\u003Ca href=\"#viewer-cu9f3\">How to change the PIN\u003C\u002Fa>\n\u003Ca href=\"#viewer-4vltt\">How to reset the security key\u003C\u002Fa>\n　→ If your security key has been blocked, please follow these steps to reset it.\n\u003Ca href=\"#viewer-f3iqt\">Buy a security key\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Setup using Chrome browser for macOS and Linux\u003C\u002Fstrong>\n→ \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fhttps-www-yubion-com-post-fido2-pin-settings-for-mac\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for macOS\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Setup using tools provided by each authentication device vendor\u003C\u002Fstrong>\n→ Please check the website of each authentication device vendor.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This article describes how to set up a security key using a Windows PC.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Environment Information\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Ch3>\u003Cstrong>PC\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Windows 11\n※ Windows 11 was used for the explanation, but the same operation is possible for Windows 10.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Security Key\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>YubiKey 5 NFC (non-biometric)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>YubiKey Bio (biometric)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ The above security keys were used for the explanation, but the same operation is possible with other security keys.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Notes\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>Leaving the setup screen for too long\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The next operation may fail if the security key setup screen is left for too long.\u003C\u002Fli>\n\u003Cli>When you are asked to operate with the security key, if you leave it too long, it may fail due to timeout.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Information about PIN change\u003C\u002Fstrong>\nEven if you change the PIN of a security key that has already been registered on multiple websites, you can use it without any problems.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>About security key reset\u003C\u002Fstrong>\nIf you enter the wrong PIN 8 times in a row, you will be asked to reset your security key. After resetting, all the credentials that have been registered on websites and apps so far will also be removed.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>If the security key does not respond\u003C\u002Fstrong>\nPlease try the following operations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If it is connected via a USB hub, etc., try to connect it to the PC directly.\u003C\u002Fli>\n\u003Cli>If there is still no response after connecting to the PC directly, please try on another PC.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ If there is still no response after trying the above ways, please contact the vendor where you bought the security key. Please use the inquiry form to inquire about keys purchased from us.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Setting security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>When you buy a security key, by default it has no PIN or fingerprint.\u003C\u002Fp>\n\u003Cp>First, I will explain how to set a PIN.\u003C\u002Fp>\n\u003Cp>※ Fingerprint-enabled devices also require a PIN.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to access the security key setup screen ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>First, insert your security key into the USB port.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Then, \u003Cstrong>right-click on the Start menu ＞ &quot;Settings&quot; ＞ &quot;Account&quot; ＞ &quot;Sign-in options&quot;.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Click the \u003Cstrong>&quot;Security key&quot;\u003C\u002Fstrong>, then click the \u003Cstrong>&quot;Manage&quot;\u003C\u002Fstrong> button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_2_03a2f63a6b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to touch your security key, so touch your security key button (a metal part, a biometric sensor, a part where the light is blinking, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_3_50f93c33d5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_4_c033763a3a.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After the security key touch is successful, the security key setup screen will be displayed.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to register PIN ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section explains how to register a PIN. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Add\u003C\u002Fstrong>&quot; button below \u003Cstrong>Security Key PIN\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>※ If your device supports fingerprints, you will see the &quot;\u003Cstrong>Security Key Fingerprint\u003C\u002Fstrong>&quot; item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_5_afb376a843.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter a new PIN in the upper row and enter a PIN for confirmation in the lower row.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button after entering.\u003C\u002Fp>\n\u003Cp>※ PIN can be set from 4 to 63 characters (length range defined by FIDO2 specification).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_6_12ac4e9b16.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After the PIN registration is completed, the button below the \u003Cstrong>Security Key PIN\u003C\u002Fstrong> item will change to &quot;\u003Cstrong>Change\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_7_3c5cb8dc48.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The PIN setting is completed.\u003C\u002Fp>\n\u003Cp>For other settings, please refer to the following.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-cu9f3\">How to change the PIN\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-4vltt\">How to reset the security key\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please refer to &quot;\u003Ca href=\"#viewer-14sfs\">How to enroll fingerprints\u003C\u002Fa>&quot; to enroll your fingerprint.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to enroll fingerprints ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>You must set a PIN before enrolling your fingerprints. If the PIN setting has not been completed yet, set a PIN by referring to &quot;\u003Ca href=\"#viewer-cim03\">How to register PIN\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003Cp>This section describes how to enroll your fingerprints to your security key. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Set up\u003C\u002Fstrong>&quot; button under the \u003Cstrong>Security Key Fingerprint\u003C\u002Fstrong> item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_8_40ad5328ab.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to verify your identity, so enter the PIN set for the security key and click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_9_3f0d943d27.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After confirming your identity, you will be asked to touch the fingerprint sensor, so follow the instructions on the screen and touch the fingerprint sensor on the security key.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_10_d6332be90d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_11_7fb428b25e.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The following screen will be displayed, so repeatedly put your finger on the fingerprint sensor and release it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_12_7f1814c21a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After the fingerprint enrollment is completed, the completion screen will be displayed, so click the &quot;\u003Cstrong>Done\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_13_0f134cf4cd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When you return to the first screen, the &quot;\u003Cstrong>Add another\u003C\u002Fstrong>&quot; button and the &quot;\u003Cstrong>Remove\u003C\u002Fstrong>&quot; button are added under the \u003Cstrong>Security Key Fingerprint\u003C\u002Fstrong> item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_14_7598686a22.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The fingerprint enrollment is completed.\u003C\u002Fp>\n\u003Cp>For other settings, please refer to the following.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-5mm1n\">How to add another fingerprint\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-125m2\">How to remove fingerprints\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>[ How to add another fingerprint ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section describes how to add another fingerprint to a security key that has already enrolled at least 1 fingerprint. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Add another\u003C\u002Fstrong>&quot; button under the \u003Cstrong>Security Key Fingerprint\u003C\u002Fstrong> item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_15_033952f4b6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After that, you will be asked to enroll your fingerprint in the same procedure as &quot;\u003Ca href=\"#viewer-14sfs\">How to enroll fingerprints\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003Cp>That&#39;s all for how to add another fingerprint.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Addition\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>About another fingerprint enrollment\u003C\u002Fstrong>\nIf you use the fingerprint setting tool provided by each authentication device vendor, you may be able to name and manage registered fingerprints.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>[ How to remove fingerprints ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section describes how to remove fingerprint data from the security key. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>About security key fingerprint deletion\u003C\u002Fstrong>\nThe remove function under the Security Key Fingerprint item is to \u003Cstrong>remove all fingerprint information\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>※ If you use the fingerprint setting tool provided by each authentication device vendor, you may be able to delete the enrolled fingerprint information individually.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Click the &quot;\u003Cstrong>Remove\u003C\u002Fstrong>&quot; button under the \u003Cstrong>Security Key Fingerprint\u003C\u002Fstrong> item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_16_d3de753951.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to verify your identity, so enter the PIN set for the security key and click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_9_3f0d943d27.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After the fingerprint deletion is complete, the display under the \u003Cstrong>Security Key Fingerprint\u003C\u002Fstrong> switches to the &quot;\u003Cstrong>Set up\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_17_7c693bd763.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>That&#39;s all for removing fingerprints.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to change the PIN ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section explains how to change the security key PIN. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Change\u003C\u002Fstrong>&quot; button under \u003Cstrong>Security Key PIN\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_18_274c552cba.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter your current PIN in the top row and your new PIN in the middle row.\u003C\u002Fp>\n\u003Cp>Finally, enter the PIN for confirmation at the bottom row and click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_19_8943ca66d5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After changing the PIN, you will return to the first screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_7_3c5cb8dc48.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The PIN change is complete.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to reset the security key ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section describes how to delete all security key settings and reset them to factory settings. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>About resetting a security key that is already in use\u003C\u002Fstrong>\nIf you reset a security key that has already been registered to a website or application, your authentication information will also be lost. If you want to use the reset security key, you will need to set your PIN and fingerprint and re-register to the website you are using.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Click the &quot;\u003Cstrong>Reset\u003C\u002Fstrong>&quot; button under the \u003Cstrong>Reset Security Key\u003C\u002Fstrong> item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_20_2f5c40f85a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Proceed\u003C\u002Fstrong>&quot; button on the reset confirmation screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_21_89f53ed12a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to reinsert your security key, so remove your security key from the USB port and reinsert it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_22_92fa10ed5d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to touch your security key twice within 10 seconds, so touch your security key button (a metal part, a part where the light is blinking, etc.) twice.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_23_e31c42a68f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the \u003Cstrong>Reset Complete\u003C\u002Fstrong> screen is displayed, click the &quot;\u003Cstrong>Done\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_24_84e82fe124.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After the reset is completed, the PIN and fingerprints that have been set up until now will be removed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_25_7dde6ef6c4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Security key reset is completed.\u003C\u002Fp>\n\u003Cp>If you want to use the reset security key again, register your PIN or fingerprint, and register your authentication information to the website or application you are using.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ Buy a security key ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>We sell multiple FIDO2-compatible security keys. You can also buy from Amazon as the following.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">B\u003C\u002Fa>uy on Amazon\u003C\u002Fp>\n\u003Cp>※ Please contact us for bulk purchases.\u003C\u002Fp>\n","set-fido2-security-key-pin-fingerprint-windows","2022-12-07","2026-04-28T06:26:43.259Z","2026-04-28T06:26:46.987Z",{"id":1969,"documentId":1970,"name":1971,"alternativeText":20,"caption":20,"focalPoint":20,"width":1915,"height":1916,"formats":1972,"hash":1989,"ext":512,"mime":516,"size":1947,"url":1990,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":1991,"updatedAt":1991,"publishedAt":1991},431,"of7bgx13af5iqx4vp5mzrjwd","blog-set-fido2-security-key-pin-fingerprint-windows-1.jpeg",{"large":1973,"small":1977,"medium":1981,"thumbnail":1985},{"ext":512,"url":1974,"etag":1920,"hash":1975,"mime":516,"name":1976,"path":20,"size":1923,"width":32,"height":50,"sizeInBytes":1924},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30.jpeg","large_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30","large_blog-set-fido2-security-key-pin-fingerprint-windows-1.jpeg",{"ext":512,"url":1978,"etag":1927,"hash":1979,"mime":516,"name":1980,"path":20,"size":1930,"width":41,"height":1186,"sizeInBytes":1931},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30.jpeg","small_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30","small_blog-set-fido2-security-key-pin-fingerprint-windows-1.jpeg",{"ext":512,"url":1982,"etag":1934,"hash":1983,"mime":516,"name":1984,"path":20,"size":1937,"width":50,"height":1194,"sizeInBytes":1938},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30.jpeg","medium_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30","medium_blog-set-fido2-security-key-pin-fingerprint-windows-1.jpeg",{"ext":512,"url":1986,"etag":1941,"hash":1987,"mime":516,"name":1988,"path":20,"size":1944,"width":1202,"height":59,"sizeInBytes":1945},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30.jpeg","thumbnail_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30","thumbnail_blog-set-fido2-security-key-pin-fingerprint-windows-1.jpeg","blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30","https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30.jpeg","2026-04-28T06:24:57.171Z",[1993,1994],{"id":225,"documentId":226,"name":227,"slug":20,"createdAt":228,"updatedAt":228,"publishedAt":229},{"id":550,"documentId":551,"name":552,"slug":20,"createdAt":553,"updatedAt":553,"publishedAt":554},{"id":1996,"documentId":1997,"title":1998,"content":1999,"slug":2000,"published":2001,"createdAt":2002,"updatedAt":2002,"publishedAt":2003,"locale":14,"authorManual":570,"cover":2004,"tags":2037},13,"dj3os3id7ajsq1dq8jnigspx","Changes in Usage of Security Key due to Salesforce \u003CSummer '22> Release FIDO2 [Summer '22]","\u003Cp>Updated: Aug 17, 2022\u003C\u002Fp>\n\u003Cp>On June 12, 2022 (Japan Time), the Salesforce &lt;Summer &#39;22&gt; update was released, featuring the updated support for WebAuthn (FIDO 2). Now, while registering a new security key, the key will request the user to set up a PIN.\u003C\u002Fp>\n\u003Cp>Following these changes, countless inquiries have arisen regarding using the FIDO security key. Thus, this article aims to explain the differences due to the introduction of FIDO 2 by Salesforce.\u003C\u002Fp>\n\u003Cp>Previously, MFA with the FIDO security key was [U2F], but with the release, there has been a shift from U2F to FIDO2 that brings with it what is possibly the most significant change for users: the introduction of PINs.\u003C\u002Fp>\n\u003Cp>This PIN will be created during the set-up process and will be required for all subsequent device uses. In essence, this PIN then serves as a kind of proof of ownership of the device.\u003C\u002Fp>\n\u003Ch3>Contents\u003C\u002Fh3>\n\u003Ch5>●　\u003Ca href=\"#viewer-4vv6b\">\u003Cstrong>Asked for the PIN when you cannot recall setting it up\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh5>\n\u003Ch5>●　\u003Ca href=\"#viewer-5a2ic\">\u003Cstrong>Forgetting the PIN\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh5>\n\u003Ch5>●　\u003Ca href=\"#viewer-dvocf\">Key is locked\u003C\u002Fa>\u003C\u002Fh5>\n\u003Ch5>●　\u003Ca href=\"#viewer-a014a\">Changes to previously used keys\u003C\u002Fa>\u003C\u002Fh5>\n\u003Ch5>●　\u003Ca href=\"#viewer-cg3v2\">Changing the PIN\u003C\u002Fa>\u003C\u002Fh5>\n\u003Ch5>●　\u003Ca href=\"#viewer-2bida\">Resetting the key\u003C\u002Fa>\u003C\u002Fh5>\n\u003Cp>●　\u003Cstrong>Asked for the PIN when you cannot recall setting it up\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>According to FIDO 2, the PIN entry is required to access the key. This PIN is set up when you register the key for the first time, so this request may not be for PIN entry but instead for PIN setup.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_1_749123be99.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>●　\u003Cstrong>Forgetting the PIN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Upon repeatedly entering an incorrect PIN, the device may be locked.\u003C\u002Fp>\n\u003Cp>The initial request for PIN setup is often mistaken as a request for PIN entry, so if this is your first time using the key, the request is for PIN setup.\u003C\u002Fp>\n\u003Cp>If this is not your first time and you have simply forgotten your PIN, there are two options.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-cg3v2\">・\u003C\u002Fa>\u003Ca href=\"#viewer-cg3v2\">Changing the PIN\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-2bida\">・\u003C\u002Fa>\u003Ca href=\"#viewer-2bida\">Resetting the key\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The key will lock if an incorrect PIN is entered eight times in a row. If this occurs, reset the device and register it again as a new device.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_2_a130e4ccea.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_3_bf36893729.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_4_5583d27acf.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_5_8f106c9114.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>●　\u003Cstrong>Key is locked\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The key will lock if an incorrect PIN is entered eight times in a row. If this occurs, reset the device and register it again as a new device.\u003C\u002Fp>\n\u003Cp>●　\u003Cstrong>Changes to previously used keys\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Despite the update, continued use of the old U2F keys is possible; there is no need to set up a PIN.\u003C\u002Fp>\n\u003Cp>※Be careful while sharing a key; when a PIN is set for the key, everyone using the key will be required to enter the new PIN.\u003C\u002Fp>\n\u003Cp>※Also, if you reset the key, this will result in it being reset for all the other users as well. For more, read the \u003Ca href=\"#viewer-2bida\">Resetting the key\u003C\u002Fa> section.\u003C\u002Fp>\n\u003Cp>●　\u003Cstrong>Changing the PIN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The device will require the current PIN and a new PIN to replace it to change the existing PIN. Please note that if an incorrect PIN is entered eight times, the key will lock and need resetting.\u003C\u002Fp>\n\u003Cp>To change the password from your Windows settings, navigate to\u003C\u002Fp>\n\u003Cp>Windows Account Settings → Sign-in Options → Click &quot;Manage&quot; of &quot;Security Key&quot; → Click &quot;Change&quot; button\u003C\u002Fp>\n\u003Cp>Then enter the current PIN and new PIN to make the change.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_6_a0a46d17f5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_7_0f25bf544d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_8_59fcad5305.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>●　\u003Cstrong>Resetting the PIN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Here, it is essential to note that upon resetting the key, you will need to re-register all users, services, and the key.\u003C\u002Fp>\n\u003Cp>※The reset key will be different from the key used thus far.\u003C\u002Fp>\n\u003Cp>Windows Account Settings → Sign-in Options → Click &quot;Manage&quot; of &quot;Security Key&quot; → Click &quot;Reset&quot; button\u003C\u002Fp>\n\u003Cp>Following this, a warning will appear. Click Continue, then follow the on-screen instructions detailing inserting, touching, resetting the key, and so on.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_6_a0a46d17f5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_9_ea7684281a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_10_9114e2c4eb.png\" alt=\"\">\u003C\u002Fp>\n","salesforce-summer-22-fido2-security-key-changes","2022-06-28","2026-04-28T06:13:02.564Z","2026-04-28T06:13:05.112Z",{"id":2005,"documentId":2006,"name":2007,"alternativeText":20,"caption":20,"focalPoint":20,"width":774,"height":831,"formats":2008,"hash":2033,"ext":25,"mime":29,"size":2034,"url":2035,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2036,"updatedAt":2036,"publishedAt":2036},318,"m8hkfmth1g559uco4r1pktuw","blog-salesforce-summer-22-fido2-security-key-changes-1.png",{"small":2009,"medium":2017,"thumbnail":2025},{"ext":25,"url":2010,"etag":2011,"hash":2012,"mime":29,"name":2013,"path":20,"size":2014,"width":41,"height":2015,"sizeInBytes":2016},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99.png","5feac0c9f103ddaca732eeeb2140d472","small_blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99","small_blog-salesforce-summer-22-fido2-security-key-changes-1.png",30.96,363,30960,{"ext":25,"url":2018,"etag":2019,"hash":2020,"mime":29,"name":2021,"path":20,"size":2022,"width":50,"height":2023,"sizeInBytes":2024},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99.png","50a966023bd120bd198808f478d049b5","medium_blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99","medium_blog-salesforce-summer-22-fido2-security-key-changes-1.png",51.14,544,51144,{"ext":25,"url":2026,"etag":2027,"hash":2028,"mime":29,"name":2029,"path":20,"size":2030,"width":2031,"height":59,"sizeInBytes":2032},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99.png","ca72110d2ceeb52dea556fb8ce8c0fee","thumbnail_blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99","thumbnail_blog-salesforce-summer-22-fido2-security-key-changes-1.png",10.65,215,10645,"blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99",11.35,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_1_749123be99.png","2026-04-28T06:12:22.645Z",[],{"id":2039,"documentId":2040,"title":2041,"content":2042,"slug":2043,"published":2044,"createdAt":2045,"updatedAt":2045,"publishedAt":2046,"locale":14,"authorManual":359,"cover":2047,"tags":2087},19,"utgrkw5qu6myrr2ta1agero1","Deploying YubiOn Portal SSO on the Citrix StoreFront","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fcitrix-virtual-apps-and-desktops%E3%81%AE%E3%83%87%E3%82%B9%E3%82%AF%E3%83%88%E3%83%83%E3%83%97%E9%85%8D%E4%BF%A1%E7%92%B0%E5%A2%83%E3%81%AByubion-portal%E3%82%92%E5%B0%8E%E5%85%A5%E3%81%99%E3%82%8B\">previous article\u003C\u002Fa> introduced the Windows logon mechanism to the Citrix desktop delivery environment, a basic function of YubiOn Portal. This article will discuss the implementation of SSO for the first login to StoreFront when using Citrix Desktop Delivery and protecting StoreFront with two-factor authentication.\u003C\u002Fp>\n\u003Cp>Note: The Citrix Gateway may be in charge of authentication depending on the product configuration. StoreFront may not authenticate as long as the authentication has been completed at the Gateway. In that case, a different configuration method may be required.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Machine Configuration\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The machine configuration and authentication flow are as follows:\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Now, change the StoreFront login settings to look as follows:\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_2_fa71e25046.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Register SSO settings for YubiOn Portal and SAML authentication settings for the Citrix server.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>StoreFront HTTPS conversion\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Proceed with the installation of StoreFront, as StoreFront is running on HTTP instead of HTTPS. However, if the settings are changed from HTTP to HTTPS after setting up SSO, the integration setting of YubiOn Portal will require modification. Thus, it is recommended to change StoreFront to HTTPS first, then proceed with the HTTPS conversion according to the help on Citrix&#39;s website.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsupport.citrix.com\u002Farticle\u002FCTX200292\">How to Generate and Install an SSL Certificate on a StoreFront Server for HTTPS connections\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If HTTPS in IIS is first configured and StoreFront functionality is installed, all settings will be properly configured as HTTPS. Thus, it is recommended to delete StoreFront, configure HTTPS in IIS, and then reconfigure StoreFront.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>YubiOn Portal Settings\u003C\u002Fstrong>①\u003C\u002Fh2>\n\u003Cp>From this point on, working on the Citrix server is recommended because the main work is exchanging SSO metadata configuration files with the Citrix product. First, create one SSO App setting on the YubiOn Portal side.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_3_0188013620.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The information required as an IdP (IdP login URL, IdP entity ID, certificate, etc.) is determined. Eventually, SP information on YubiOn Portal will need to be registered, but for now, simply download the metadata as an IdP.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_4_5770fb81a2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This is all that needs to be done on YubiOn Portal at this point; after the Citrix product has been configured, it can be configured again on the YubiOn Portal.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Citrix StoreFront configuration\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The next step is configuring Citrix StoreFront, either in the StoreFront tree of Citrix Studio or in the Citrix StoreFront Settings application, to use SAML authentication. Here, Citrix Studio one is used.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_5_7e4486d76f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click on &quot;Manage Authentication Methods&quot; in the appropriate store.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_6_83c207fed8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the Manage Authentication Method window opens, check the &quot;SAML Authentication&quot; checkbox and click OK.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_7_d593aad428.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The user can proceed if &quot;SAML Authentication&quot; is added to the &quot;Authentication Method&quot; in the Store Overview column.\u003C\u002Fp>\n\u003Cp>From here, one can load metadata from YubiOn Portal into StoreFront. Metadata-related operations are not prepared in GUI tools, so one must configure them using PowerShell commands. Open PowerShell with administrator privileges and execute the following commands.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>asnp citrix.*\n$StoreVirtualPath = &quot;（StorePath）&quot;\n$Store = Get-STFStoreService -VirtualPath $StoreVirtualPath\n$Auth = Get-STFAuthenticationService -StoreService $Store\nUpdate-STFSamlIdPFromMetadata -AuthenticationService $Auth -FilePath &quot;（MetadataFilePath）&quot;\nSet-BrokerSite -TrustRequestsSentToTheXmlServicePort $true\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>※Store path: &quot;\u002FCitrix\u002F(store name)\u003C\u002Fp>\n\u003Cp>※Metadata full path: Full path of the metadata file downloaded from YubiOn Portal\u003C\u002Fp>\n\u003Cp>Please leave the PowerShell window open as it will be reused later. After executing the commands, the necessary information for the ID provider setting for SAML authentication has been set in Citrix Studio.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_8_e9eafe6551.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Although there are no specific settings other than loading metadata, the login URL and certificate for YubiOn Portal are set.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_9_f2618c5948.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, retrieve the metadata that contains the StoreFront side settings. In the PowerShell window where the commands were entered, execute the following commands in succession.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(New-Object System.Uri $Auth.Routing.HostbaseUrl, ($Auth.VirtualPath + &quot;\u002FSamlForms\u002FServiceProvider\u002FMetadata&quot;)).ToString()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>As a result of the execution, a URL where StoreFront metadata can be obtained will be output, so access the URL with a browser to obtain the file.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>YubiOn Portal Settings\u003C\u002Fstrong>②\u003C\u002Fh2>\n\u003Cp>To load StoreFront metadata into YubiOn Portal, perform SP metadata upload on YubiOn Portal&#39;s SSO setting screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_10_862f0e745e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select the StoreFront metadata file just obtained, following which a confirmation dialog will appear, where the metadata can be uploaded.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_11_b5d1c4f6e1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you check the application settings, you will see that StoreFront information is set.\u003C\u002Fp>\n\u003Cp>On checking the application settings, the set StoreFront information can be viewed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_12_34bdb9e7b7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, modify the User ID Value setting as necessary; StoreFront requires the AD account&#39;s UPN (User Principal Name) as the User ID Value (NameID). If the registered member&#39;s email address is the same as the UPN, then there is no problem if the &quot;Member Email Address&quot; is set in the &quot;Member Information&quot; section. If a different email address than the UPN is registered, please set the UPN to be sent to StoreFront by creating an item for the UPN address in the member properties.\u003C\u002Fp>\n\u003Cp>Finally, set up the members who can use the SSO application. Use the member assignment and group assignment functions in the lower right corner of the settings screen to assign the necessary users to access the SSO application.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Confirmation of Operation\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Now, check the actual operation.\u003C\u002Fp>\n\u003Cp>In addition, StoreFront does not support IdP-Initiated (method of performing SSO login from the application list of YubiOn Portal). Access the StoreFront WEB access URL (default is the URL with &quot;Web&quot; after the store URL).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_13_e1977e83a6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once the StoreFront screen is displayed, one will immediately be redirected to the YubiOn Portal login screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_14_30197c49b6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After entering the email address, enter the YubiOn Portal login password and YubiKey OTP.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_15_7ed45a5f7d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The screen will then change and the screen after the StoreFront login will be displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_16_a2f5a50665.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the desktop is opened, the YubiOn Portal logon screen appears as before, and the user is prompted for two-factor authentication at login.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_17_08b918ea51.png\" alt=\"\">\u003C\u002Fp>\n","deploying-yubion-portal-sso-on-citrix-storefront","2022-05-25","2026-04-28T06:18:16.913Z","2026-04-28T06:18:19.463Z",{"id":2048,"documentId":2049,"name":2050,"alternativeText":20,"caption":20,"focalPoint":20,"width":1915,"height":2051,"formats":2052,"hash":2083,"ext":25,"mime":29,"size":2084,"url":2085,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2086,"updatedAt":2086,"publishedAt":2086},362,"hzyshpm06l2jq2cglz25qjpc","blog-deploying-yubion-portal-sso-on-citrix-storefront-1.png",1409,{"large":2053,"small":2061,"medium":2068,"thumbnail":2076},{"ext":25,"url":2054,"etag":2055,"hash":2056,"mime":29,"name":2057,"path":20,"size":2058,"width":32,"height":2059,"sizeInBytes":2060},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5.png","277a4a52814bfdea9eda4f0afba502f0","large_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5","large_blog-deploying-yubion-portal-sso-on-citrix-storefront-1.png",97.96,470,97956,{"ext":25,"url":2062,"etag":2063,"hash":2064,"mime":29,"name":2065,"path":20,"size":220,"width":41,"height":2066,"sizeInBytes":2067},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5.png","f3c00966ddc7d57e08a3494ee2deeeb3","small_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5","small_blog-deploying-yubion-portal-sso-on-citrix-storefront-1.png",235,36107,{"ext":25,"url":2069,"etag":2070,"hash":2071,"mime":29,"name":2072,"path":20,"size":2073,"width":50,"height":2074,"sizeInBytes":2075},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5.png","7896a184af8360cb1f31f1ba4f8f8b99","medium_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5","medium_blog-deploying-yubion-portal-sso-on-citrix-storefront-1.png",63.32,352,63316,{"ext":25,"url":2077,"etag":2078,"hash":2079,"mime":29,"name":2080,"path":20,"size":2081,"width":124,"height":978,"sizeInBytes":2082},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5.png","f0156374630b2395bf9c05f8d6610fd1","thumbnail_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5","thumbnail_blog-deploying-yubion-portal-sso-on-citrix-storefront-1.png",14.98,14982,"blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5",140.79,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5.png","2026-04-28T06:16:59.246Z",[],{"id":2089,"documentId":2090,"title":2091,"content":2092,"slug":2093,"published":2094,"createdAt":2095,"updatedAt":2095,"publishedAt":2096,"locale":14,"authorManual":359,"cover":2097,"tags":2140},21,"b3uwodw89152018uwxd4rsjb","Deploying YubiOn Portal in the Citrix Virtual Apps and Desktops’ Desktop Delivery Environment","\u003Cp>Following the recent rise in remote work, various companies, mainly medium to large companies, have begun the implementation of VDI products for security and cost-related reasons.\u003C\u002Fp>\n\u003Cp>As a response to this growth and the numerous inquiries received, Soft Giken has now introduced YubiOn Portal to Citrix Virtual Apps and Desktops (formerly known as XenDesktop and XenApp).\u003C\u002Fp>\n\u003Cp>But what is the YubiOn Portal, and how does it work?\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Machine Configuration\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The configuration of the machine used was as follows:\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>①Active Directory Infrastructure Server (AD infrastructure server)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>OS：\u003C\u002Fp>\n\u003Cp>WindowsServer2022(Datacenter Edition・GUI)\u003C\u002Fp>\n\u003Cp>Additional functions：\u003C\u002Fp>\n\u003Cp>AD DS\u003C\u002Fp>\n\u003Cp>AD CS(not required for this verification)\u003C\u002Fp>\n\u003Cp>DNS\u003C\u002Fp>\n\u003Cp>\u003Cstrong>②Citrix Virtual Apps and Desktops Server (Citrix Server)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>OS：\u003C\u002Fp>\n\u003Cp>WindowsServer2019(Datacenter Edition・GUI)\u003C\u002Fp>\n\u003Cp>Installed software:\u003C\u002Fp>\n\u003Cp>Citrix DeliveryController\u003C\u002Fp>\n\u003Cp>Citrix License Server\u003C\u002Fp>\n\u003Cp>Citrix StoreFront\u003C\u002Fp>\n\u003Cp>Citrix Studio\u003C\u002Fp>\n\u003Cp>Licenses：\u003C\u002Fp>\n\u003Cp>Citrix Virtual Apps and Desktops Premium(trial)\u003C\u002Fp>\n\u003Cp>Concurrent Models (99 licenses)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>③Citrix Desktop Delivery Machine (Desktop Delivery Machine)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>OS：\u003C\u002Fp>\n\u003Cp>WindowsServer2019(Standard Edition・GUI)\u003C\u002Fp>\n\u003Cp>Installed software:\u003C\u002Fp>\n\u003Cp>Virtual Delivery Agent for Windows OS\u003C\u002Fp>\n\u003Cp>\u003Cstrong>④User operation terminal\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>OS：\u003C\u002Fp>\n\u003Cp>Windows10Pro 64bit\u003C\u002Fp>\n\u003Cp>Installation software:\u003C\u002Fp>\n\u003Cp>Citrix Workspace(downloaded from StoreFront)\u003C\u002Fp>\n\u003Cp>※The above machines are built within a single ESXi server.\u003C\u002Fp>\n\u003Cp>※The above machines exist within the same AD domain and network.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>AD Infrastructure Server Setup\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>First, the setup of an AD infrastructure server is required. As Citrix server-related programs cannot be installed on a domain controller, a basic AD infrastructure must be built on the server itself.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Citrix Server Construction\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Next, build a Citrix server. For this example, to avoid installation errors with Citrix products, Windows Server 2019 was chosen as the OS on which the AD infrastructure server would be run. However, Windows Server 2022 could also be used.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_2_c38aff4cc7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The installation itself consists of installing and configuring the &quot;Delivery Controller&quot; in the upper left corner of the window, followed by the installation of the &quot;Citrix StoreFront&quot; in the lower-left corner. To do this, simply follow the instruction on the installer screen.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Building a Desktop Delivery Machine\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Next, construct a desktop distribution machine. In this example, a Virtual Delivery Agents for Windows OS was installed. Select “enable intermediary connections to the server” when prompted for configuration.\u003C\u002Fp>\n\u003Cp>While WindowsServer2019 Standard\u002FGUI is selected as the OS in this example, a general-purpose OS such as Windows 11 or Windows 10 would also work, although in that case, it will be treated as a single session OS. Here, Windows Server was chosen as it allows checking the operation of a pattern in which multiple people use a single OS as a multi-session OS.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>User Operation Terminal Construction\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Select any Windows machine on the same network as the servers for this. In this example, a virtual network was set up within a virtual environment, so a Windows 10 terminal was built separately and positioned as a PC within the same virtual network. To be able to access from outside the network, a product such as Citrix Gateway may be required.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Configuration of Delivery Controller\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>After the installation of the Delivery Controller is complete, CitrixStudio should start, and a &quot;Welcome&quot; screen should appear. Next, select &quot;Deliver applications and desktops to users&quot; at the top of the screen to configure various settings.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_3_4a6ab7936b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The setup with the default settings is almost complete. Now, in the section for setting the connection type, select &quot;Do not use machine management&quot;. In the machine catalog setup section, select only one desktop distribution machine to add. Please note that the system will be powered off and rebooted twice during this procedure.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>StoreFront Settings\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>As in the case of the Delivery Controller, the StoreFront Management Console is launched after installation to configure various settings. Please specify the name of the Citrix server in the &quot;Delivery Controller&quot; field.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Using Desktop via StoreFront\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Now Citrix products can be used independently of YubiOn Portal. Next, access the StoreFront URL from the user operation terminal.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_4_d1e7245049.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The StoreFront website assumes that Citrix Workspace is installed on the client side. Therefore, when the above screen appears, agree to download and install Citrix Workspace. (A reboot is required).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_5_7e6a33f500.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you have installed Citrix Workspace, and it detects that it has been installed correctly, y the StoreFront login screen will be displayed. Log in with the AD user name and password.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_6_68e6da41d7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After logging in, view the list of available desktops and click to open the Citrix Workspace app, and start the remote connection.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_7_f9c37107f4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Please keep in mind that the authentication screen, etc., will not be displayed when the Citrix Workspace application is opened.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Deployment of YubiOn Portal and its use in the Logon section\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Now, install the YubiOn Portal on the desktop delivery machine.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Installation must be done on each desktop distribution machine.\u003C\u002Fstrong>\nCurrently, account and YubiKey assignments must also be done per machine.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enabling mandatory YubiKey logon must be enabled in the policy.\u003C\u002Fstrong>\nIf not enabled, the Windows logon portion will be skipped by the Citrix authentication mechanism.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cached logon, screen lock when YubiKey is removed, etc., will not be available\u003C\u002Fstrong>.\nBoth require USB communication with YubiKey, so they cannot be used in environments where USB is not directly connected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>If there are multiple desktop delivery machines, they must have different SIDs\u003C\u002Fstrong>\nYubiOn Portal identifies each terminal based on SID and does not support the situation where multiple terminals have the same SID.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_8_5b784a53ea.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>With these points in mind, set up the YubiOn Portal client tool on the desktop delivery machine.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_9_bce05d1f5e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After completing the settings, select a desktop from StoreFront and connect to it, and the Windows logon screen will appear as shown below. However, by installing YubiOn Portal, authentication is required when the desktop is displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_10_3182a5abd4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Then, when using YubiOn Portal, enter the user name in the upper input box and the password in the lower box, and touch the YubiKey to output the OTP behind the password field and log on.\u003C\u002Fp>\n\u003Cp>If a different user than the one who logged on to StoreFront tries to log on, the session will be disabled. It is assumed that the system stops when the logged-on user is different from the StoreFront user.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_11_3db8a2f7ac.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This article covers the deployment of the YubiOn Portal on a desktop delivery machine such as Citrix products. Two-factor authentication will be required when a desktop is opened if the standard deployment method is used.\u003C\u002Fp>\n","deploy-yubion-portal-citrix-virtual-desktops","2022-04-27","2026-04-28T06:19:32.082Z","2026-04-28T06:19:34.604Z",{"id":2098,"documentId":2099,"name":2100,"alternativeText":20,"caption":20,"focalPoint":20,"width":2101,"height":2102,"formats":2103,"hash":2136,"ext":25,"mime":29,"size":2137,"url":2138,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2139,"updatedAt":2139,"publishedAt":2139},379,"a6jgxc8e00237gh90pyo1vun","blog-deploy-yubion-portal-citrix-virtual-desktops-1.png",3802,2473,{"large":2104,"small":2112,"medium":2120,"thumbnail":2128},{"ext":25,"url":2105,"etag":2106,"hash":2107,"mime":29,"name":2108,"path":20,"size":2109,"width":32,"height":2110,"sizeInBytes":2111},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f.png","f588d31aeb8bbe2c9fc85f9ba3bd6043","large_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f","large_blog-deploy-yubion-portal-citrix-virtual-desktops-1.png",121.32,650,121323,{"ext":25,"url":2113,"etag":2114,"hash":2115,"mime":29,"name":2116,"path":20,"size":2117,"width":41,"height":2118,"sizeInBytes":2119},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f.png","1572f6bad739be70ace4591f2931e56b","small_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f","small_blog-deploy-yubion-portal-citrix-virtual-desktops-1.png",46.77,325,46771,{"ext":25,"url":2121,"etag":2122,"hash":2123,"mime":29,"name":2124,"path":20,"size":2125,"width":50,"height":2126,"sizeInBytes":2127},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f.png","467c6f64ae40eaaf2fe2ac467e2dbfc6","medium_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f","medium_blog-deploy-yubion-portal-citrix-virtual-desktops-1.png",79.82,488,79824,{"ext":25,"url":2129,"etag":2130,"hash":2131,"mime":29,"name":2132,"path":20,"size":2133,"width":2134,"height":59,"sizeInBytes":2135},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f.png","28d6be0e5a068634c9af8cb952ffc66e","thumbnail_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f","thumbnail_blog-deploy-yubion-portal-citrix-virtual-desktops-1.png",19.24,240,19237,"blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f",169.17,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f.png","2026-04-28T06:18:37.527Z",[],{"id":2142,"documentId":2143,"title":2144,"content":2145,"slug":2146,"published":2147,"createdAt":2148,"updatedAt":2148,"publishedAt":2149,"locale":14,"authorManual":570,"cover":2150,"tags":2193},79,"fnotqb2k6s6bcotkx9rqf8rm","Simulation of YubiOn Portal Installation: A Guide","\u003Cp>In recent years, the term “two-factor authentication” has become significantly more widespread due to the increased awareness and need for more robust security. Previously, Softgiken has launched various products that utilize two-factor authentication to enhance the security during the PC log-in process. In line with this, Softgiken has created a new product, the YubiOn Portal.\u003C\u002Fp>\n\u003Cp>This article will discuss commonly asked questions regarding the installation and usage of the YubiOn Portal in various environments.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>This article is recommended for:\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>​・SE considering security measures for company PCs  ・Those looking to learn more about the YubiOn Portal\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Ch3>\u003Cstrong>Contents\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Introduction of the YubiOn Portal\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pre-requisites for installation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Setting up the Portal\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Guide to complete installation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Troubleshooting\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Introduction of the YubiOn Portal\u003C\u002Fstrong>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>YubiOn Portal is a two-factor authentication service developed and provided by \u003Ca href=\"https:\u002F\u002Fsgk.co.jp\u002F\">Soft Giken Co.\u003C\u002Fa>, Ltd. that enforces two-factor authentication on the company’s PCs using one-time passwords obtained from an authentication device known as YubiKey and standard password input. Further, the portal allows the administrator to manage each PC&#39;s logins and log in to services like Google and Microsoft 365 through SSO. Also, YubiOn does not require a new in-house server.\u003C\u002Fp>\n\u003Cp>※YubiKey is an authentication device by YubiCo. YubiOn is compatible with series five or onwards. If settings for the YubiKey have been customized, they cannot be supported by the system.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003Cstrong>Pre-requisites for installation\u003C\u002Fstrong>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003C\u002Ftable>\n\u003Cp>YubiOn provides a free trial period, allowing you to enjoy the YubiOn experience without feeling tied down.\u003C\u002Fp>\n\u003Cp>To know more about the operating environment, please visit \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fintroduction\u002Fsystem_requirements\u002F\">this page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>To use YubiOn, one \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fintroduction\u002Fbefore_started\u002F\">must own a YubiKey\u003C\u002Fa> of series five or onwards. If, for some reason, one cannot purchase one, please \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fcontact.html\">contact us\u003C\u002Fa> so we can arrange it, as we also lend them to clients at no additional cost.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Setting up the Portal\u003C\u002Fstrong>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>To understand the YubiOn Portal, consider the following use case for a fictional company.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Background\u003C\u002Ftd>\n\u003Ctd>* Currently, all company computers are protected only by standard passwords. * Following Active Directory policies, passwords are changed periodically. * As the company shifts to remote work wherein company computers will be leaving the office premises, two-factor authentication has now been made mandatory.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Goals\u003C\u002Ftd>\n\u003Ctd>* To introduce two-factor authentication to all company computers\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Environment\u003C\u002Ftd>\n\u003Ctd>* There are approximately 100 employees who require one company computer each for remote work. * Apart from the head office, there are multiple other offices wherein company computers are being shared. * The company has various administrators. * The company does not yet own YubiKeys.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Ch5>1. Sign up for the free trial version of the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">YubiOn Portal\u003C\u002Fa>\u003C\u002Fh5>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_1_5b790843cb.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch5>2. Enter the required information for registration\u003C\u002Fh5>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_2_31d002ce0c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The information entered at this time should be the information of the administrator or \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fglossary\u002F\">“person in charge.”\u003C\u002Fa> This information can be changed after registration.\u003C\u002Fp>\n\u003Cp>This administrator will also have access to the management site.\u003C\u002Fp>\n\u003Ch5>3. Register and link the appropriate YubiKey\u003C\u002Fh5>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_3_9281a3585e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If the YubiKey is not yet available, click on the “Suspend setting and check customer information” link at the bottom right of the screen.\u003C\u002Fp>\n\u003Cp>Once the Customer Information screen is displayed, the information entered during registration can be viewed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_4_e6f69ce4e2.png\" alt=\"\">\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>【Tips】\u003C\u002Fstrong>   * The free version only allows registration of up to 3 members, YubiKeys, and PCs. * It also restricts the settings such as those that make two-factor authentication mandatory. * Refer to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Ffunction_comparison\u002F\">version functionality comparison chart\u003C\u002Fa> for more details.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Ch5>4. Obtain a YubiKey\u003C\u002Fh5>\n\u003Cp>YubiKey is available for rent through SoftGiken. Please contact us for more details\u003C\u002Fp>\n\u003Cp>This use case will explore the paid version of YubiOn, which has access to all features wherein the company is looking to verify the licenses for ten devices.\u003C\u002Fp>\n\u003Ch5>5. Registering the YubiKey\u003C\u002Fh5>\n\u003Cp>Upon receipt of the YubiKey shipped by Soft Giken, register it on the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">management website\u003C\u002Fa>. Now, insert the YubiKey into your PC&#39;s USB port and touch it with your finger for the generation of the OTP.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>​**【Tips】**  At this point, the YubiKey will be recognized as a keyboard device.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>However, the client software can be downloaded to complete verification on another PC.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_5_4c01d71246.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Also, in the paid version, one can see that, as entered before, the total number of licenses that can be verified is ten.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_6_f763cc227d.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch5>6. Install the client software on the verification PC\u003C\u002Fh5>\n\u003Cp>Log in to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">management website\u003C\u002Fa> again through the verification PC and open the download screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_7_1c269b8875.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Download the client software installer and start the installation.\u003C\u002Fp>\n\u003Cp>The runtime requirements for the client software operation will also be installed, so proceed according to the instructions.\u003C\u002Fp>\n\u003Cp>When the installation is completed, the setting tool will start, and at that time, communication with the server will be performed, and the information of the PC will be registered.\u003C\u002Fp>\n\u003Cp>Enter the email address and password registered on the management website and the YubiKey OTP.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_8_d0e1cb8446.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The PC information will be registered in the YubiOn Portal if the authentication is successful.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_9_62d69db04d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Registration of more PCs and YubiKeys can be done through the settings tool and, once completed, can be viewed from the website.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_10_00c04c777d.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch5>7. Logging in to the portal\u003C\u002Fh5>\n\u003Cp>Lock the verification PC. Then, select the YubiOn Portal login method that has been added to the sign-in options while logging on.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_11_f2dbb75cec.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Here, one will be prompted for password entry. Enter the password, then plug the YubiKey in. Once plugged in, touch the YubiKey to generate and enter the OTP to be logged in automatically.\u003C\u002Fp>\n\u003Ch5>8. Making two-factor authentication mandatory\u003C\u002Fh5>\n\u003Ch5>\u003C\u002Fh5>\n\u003Cp>Through this setting, one can select single sign-on or two-factor authentication as the default option.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_12_ebedb117e8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Navigate to the Service Settings screen of the Web management section and set the group policy.\u003C\u002Fp>\n\u003Cp>As the registered PCs are automatically assigned to the default policy, creating a new group policy is required.\u003C\u002Fp>\n\u003Cp>In the example below, a group policy has been created which enforces the usage of a YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_13_705c96f3a6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Now, assign this group policy to the current PC used to sign in. However, immediately after the assignment, the change will not yet be reflected; the current PC will still reflect the previous default policy.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_14_4b31e97c72.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch5>9. Confirming that two-factor authentication is mandatory\u003C\u002Fh5>\n\u003Ch5>\u003C\u002Fh5>\n\u003Cp>As the PC communicates with the server while it is either locked or restarted, lock the PC to allow it to communicate with the server so the changes are updated. Upon starting the computer, the sign-in page will not display the single sign-on option but instead the YubiOn Portal.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_15_19651477d3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Now, enter the password and the YubiKey OTP to successfully log in while logging in. As the login required both the password and YubiKey OTP, it is clear that the two-factor authentication has been successfully enabled and set as mandatory.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Guide to Complete Installation\u003C\u002Fstrong>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>This section will now cover the steps needed to completely set up YubiOn Portal, as well as how to introduce it to the company environment.\u003C\u002Fp>\n\u003Cp>Again, consider the same company from the previous section.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Background\u003C\u002Ftd>\n\u003Ctd>* Currently, all company computers are protected only by standard passwords. * Following Active Directory policies, passwords are changed periodically. * As the company shifts to remote work wherein company computers will be leaving the office premises, two-factor authentication has now been made mandatory.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Goals\u003C\u002Ftd>\n\u003Ctd>* To introduce two-factor authentication to all company computers.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Environment\u003C\u002Ftd>\n\u003Ctd>* There are approximately 100 employees that require 1 company computer each for remote work. * Apart from the head office, there are multiple other offices wherein company computers are being shared. * The company has various administrators. * The company does not yet own YubiKeys.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>\u003Cstrong>【Notes】\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Despite being under the Active Directory, YubiOn is installed without requiring any changes to it.\u003C\u002Fli>\n\u003Cli>Currently, PCs are protected using only single sign-on, so now, two-factor authentication will be performed.\u003C\u002Fli>\n\u003Cli>Provide all employees who are working remotely with one YubiKey each.\u003C\u002Fli>\n\u003Cli>Keep track of which YubiKey is assigned to each employee.\u003C\u002Fli>\n\u003Cli>Due to a large number of people, each employee must be responsible for their assigned YubiKey.\u003C\u002Fli>\n\u003Cli>One administrator will be assigned to each branch to manage logins for employees, YubiKey, and shared PCs belonging to that branch.\u003C\u002Fli>\n\u003Cli>The administrator of each branch is also responsible for managing the policies.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch5>1. Switching to the paid version\u003C\u002Fh5>\n\u003Cp>Leave a request in the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fcontact.html\">contact form\u003C\u002Fa> for inquiries regarding switching to the paid version.\u003C\u002Fp>\n\u003Ch5>2. Member registration\u003C\u002Fh5>\n\u003Cp>Employees can be registered as either general members or administrators through the member management system. In this example, one employee will be assigned as an administrator for each branch, while the rest are assigned as general members. For convenience, member creation can be completed using the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Fmember_management\u002Fbatch_registration\u002F\">CSV batch registration\u003C\u002Fa> function.\u003C\u002Fp>\n\u003Ch5>3. Obtain YubiKey\u003C\u002Fh5>\n\u003Cp>For this example, assume that there are over 100 YubiKeys \u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">available\u003C\u002Fa>, including one for each member, a few for administrative use, a few for shared use, and a few spares. Upon receiving these YubiKeys, make a note of which Key is assigned to each employee by making a note of the serial number engraved on each Key.\u003C\u002Fp>\n\u003Cp>Also, as the devices may be required to be used while offline, change the YubiKey device settings to \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fcustomize_yubikey\u002F\">enable offline access\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch5>4. YubiKey Distribution\u003C\u002Fh5>\n\u003Cp>Distribute the assigned YubiKeys to each employee working remotely. Ensure that the devices are not used until the allocation settings are completed.\u003C\u002Fp>\n\u003Ch5>5. YubiKey Allocation\u003C\u002Fh5>\n\u003Ch5>\u003C\u002Fh5>\n\u003Cp>There are two allocation methods - \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Fmember_management\u002Flink_member_yubikey\u002F\">administrative allocation\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Fmember_management\u002Fleave_yubikey_settings\u002F\">allocation by individual members\u003C\u002Fa>. For this example, the latter will be demonstrated.\u003C\u002Fp>\n\u003Cp>To do this, send all employees an email or other notification asking them to \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Fmember_management\u002Feach_member_registers_yubikey\u002F\">register the YubiKey\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch5>6. Shared PC settings\u003C\u002Fh5>\n\u003Cp>Two-factor authentication can also be set up for the shared PCs by having the administrator assign a YubiKey to it.\u003C\u002Fp>\n\u003Ch5>7. Policy Creation\u003C\u002Fh5>\n\u003Cp>On the service setting screen of YubiOn Portal, create a policy that requires two-factor authentication using YubiKey.\u003C\u002Fp>\n\u003Cp>In addition, the administrator of each branch can add new \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fsystem_implementation\u002Fmedium_scale\u002F#8-%E3%82%B5%E3%83%BC%E3%83%93%E3%82%B9%E8%A8%AD%E5%AE%9A\">service settings\u003C\u002Fa> and create policies unique to each site.\u003C\u002Fp>\n\u003Ch5>8. Starting Operations\u003C\u002Fh5>\n\u003Cp>The administrator can begin operations once they confirm that all PCs have been registered and that all the required settings have been made.\u003C\u002Fp>\n\u003Cp>Further, by making two-factor authentication using YubiKey mandatory, all employees will be required to use the YubiKey OTP and password during their sign-in attempts.\u003C\u002Fp>\n\u003Cp>For more information regarding YubiOn Portal, please refer to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fsystem_implementation\u002F\">YubiOn Portal Guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Troubleshooting\u003C\u002Fstrong>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>A few common queries faced while using the YubiOn Portal are discussed below.\u003C\u002Fp>\n\u003Cp>○I can’t log in because I forgot my YubiKey\u003C\u002Fp>\n\u003Cp>Log in without YubiKey can be enabled temporarily. See \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Fmember_management\u002Femergency_logon\u002F\">here\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003Cp>○I lost my YubiKey\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Fyubikey_management\u002Fenable_yubikey\u002F\">Disable the lost YubiKey\u003C\u002Fa> from the management screen, assign a spare YubiKey to the user and register it through the Portal\u003C\u002Fp>\n\u003Cp>○I want to check the user log\u003C\u002Fp>\n\u003Cp>Please see \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Ftwo_factor_authentication_service\u002Flog_management\u002F\">here\u003C\u002Fa> for details on checking user logs.\u003C\u002Fp>\n\u003Cp>Please refer to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Ffaq.html\">YubiOn Portal FAQ\u003C\u002Fa> for more queries.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>This article was an introduction guide to the various functionalities offered by YubiOn Portal. Please contact our team for information if you are interested in knowing more.\u003C\u002Fp>\n","yubion-portal-installation-guide","2022-04-14","2026-04-28T06:59:43.299Z","2026-04-28T06:59:46.077Z",{"id":2151,"documentId":2152,"name":2153,"alternativeText":20,"caption":20,"focalPoint":20,"width":2154,"height":2155,"formats":2156,"hash":2189,"ext":25,"mime":29,"size":2190,"url":2191,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2192,"updatedAt":2192,"publishedAt":2192},743,"zpvxsceaqc4n80ysf2ydnvsm","blog-yubion-portal-installation-guide-1.png",2342,886,{"large":2157,"small":2165,"medium":2173,"thumbnail":2181},{"ext":25,"url":2158,"etag":2159,"hash":2160,"mime":29,"name":2161,"path":20,"size":2162,"width":32,"height":2163,"sizeInBytes":2164},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_yubion_portal_installation_guide_1_5b790843cb.png","7e236c28d2377f5fbd7a85ff3ff090c3","large_blog_yubion_portal_installation_guide_1_5b790843cb","large_blog-yubion-portal-installation-guide-1.png",525.69,378,525689,{"ext":25,"url":2166,"etag":2167,"hash":2168,"mime":29,"name":2169,"path":20,"size":2170,"width":41,"height":2171,"sizeInBytes":2172},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubion_portal_installation_guide_1_5b790843cb.png","be0eb3c3673ada709a8d3992249587d3","small_blog_yubion_portal_installation_guide_1_5b790843cb","small_blog-yubion-portal-installation-guide-1.png",151.43,189,151433,{"ext":25,"url":2174,"etag":2175,"hash":2176,"mime":29,"name":2177,"path":20,"size":2178,"width":50,"height":2179,"sizeInBytes":2180},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_yubion_portal_installation_guide_1_5b790843cb.png","0a475692d1e2cabddc02dcc48868b58f","medium_blog_yubion_portal_installation_guide_1_5b790843cb","medium_blog-yubion-portal-installation-guide-1.png",313.13,284,313130,{"ext":25,"url":2182,"etag":2183,"hash":2184,"mime":29,"name":2185,"path":20,"size":2186,"width":124,"height":2187,"sizeInBytes":2188},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubion_portal_installation_guide_1_5b790843cb.png","c1e8fb0eeef9d28c6c31cce03b1ae971","thumbnail_blog_yubion_portal_installation_guide_1_5b790843cb","thumbnail_blog-yubion-portal-installation-guide-1.png",43.36,93,43356,"blog_yubion_portal_installation_guide_1_5b790843cb",516.11,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_1_5b790843cb.png","2026-04-28T06:58:39.031Z",[],{"id":2195,"documentId":2196,"title":2197,"content":2198,"slug":2199,"published":2200,"createdAt":2201,"updatedAt":2201,"publishedAt":2202,"locale":14,"authorManual":570,"cover":2203,"tags":2235},105,"c4kvsewhsf9zlp85yvr7rdia","Using the YubiOn Portal SSO to Perform a Single Sign-On to Microsoft 365","\u003Cp>On March 16, 2022, single sign-on (SSO) functionality was added to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">YubiOn Portal\u003C\u002Fa>, enabling users to log in to their services without being required to perform authentication; this article will cover the new SSO setting procedures for Microsoft 365.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Prerequisites】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cstrong>■ Access to Microsoft 365\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A “general administrator” account is required.\u003C\u002Fp>\n\u003Cp>In this article, the free trial version was used.\u003C\u002Fp>\n\u003Cp>In addition, due to Microsoft 365 specifications, the following domains cannot be set as federated domains.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Initial domain (xxx.onmicrosoft.com)\u003C\u002Fli>\n\u003Cli>Primary domain (the domain that is set as the default)\u003C\u002Fli>\n\u003Cli>Domain already set as the federated domain\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Instead, the initial domain was set in the form of xxx.onmicrosoft.com, and a newly created custom domain was configured as the federation domain.\u003C\u002Fp>\n\u003Cp>To do this, a DDNS service known as \u003Ca href=\"https:\u002F\u002Fddo.jp\u002F\">Dynamic DO!.jp\u003C\u002Fa> was used.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>■ YubiOn Portal\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.securitykey.yubion.com\u002F\">YubiKey\u003C\u002Fa> with Yubico OTP function is required.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">YubiOn Portal\u003C\u002Fa> is a web portal that allows you to register your YubiKey to the operator.\u003C\u002Fli>\n\u003Cli>The \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fsso\u002Fhow_to_start\u002Fintroduction\u002F\">SSO function\u003C\u002Fa> must be available in YubiOn Portal with the SSO initial registration completed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If the [SSO Initial Registration] button is not displayed on the SSO App Settings screen, it has already been registered.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Preliminary Preparation】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Ch3>1. Add the \u003Ca href=\"https:\u002F\u002Fdocs.microsoft.com\u002Fja-jp\u002Fmicrosoft-365\u002Fadmin\u002Fsetup\u002Fadd-domain?view=o365-worldwide\">domain to Microsoft 365\u003C\u002Fa>.\u003C\u002Fh3>\n\u003Ch3>2. \u003Ca href=\"https:\u002F\u002Fdocs.microsoft.com\u002Fja-jp\u002Fmicrosoft-365\u002Fenterprise\u002Fconnect-to-microsoft-365-powershell?view=o365-worldwide\">Install PowerShell\u003C\u002Fa> (Microsoft Azure Active Directory module).\u003C\u002Fh3>\n\u003Cp>Unlike SSO configuration for general services, SSO configuration for Microsoft 365 is done using PowerShell on your PC.\u003C\u002Fp>\n\u003Cp>Launch PowerShell from the Start menu and execute the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Install-Module MSOnline\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Install the module if prompted to do so by your NuGet provider or PSGallery.\u003C\u002Fp>\n\u003Cp>After installation, connect to Azure AD for Microsoft 365 subscriptions.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Connect-MsolService\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>When the login prompt appears, simply log in with your Microsoft 365 account (@xxx.onmicrosoft.com) that has &quot;overall administrator&quot; privileges.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Step 1】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Set the \u003Ca href=\"https:\u002F\u002Fdocs.microsoft.com\u002Fja-jp\u002Fazure\u002Factive-directory\u002Fhybrid\u002Fplan-connect-design-concepts\">ImmutableID\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>In Microsoft 365, the ImmutableID attribute is used to uniquely identify a user.\u003C\u002Fp>\n\u003Cp>In order to perform SSO with YubiOn Portal and Microsoft 365, an ImmutableID must be set for each user.\u003C\u002Fp>\n\u003Cp>Ensure that the ImmutableID is not set for the target user as an \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fa\u002Fanswer\u002F6363817#zippy=%2C%E6%89%8B%E9%A0%86-immutableid-%E3%82%92%E8%A8%AD%E5%AE%9A%E3%81%99%E3%82%8B\">ImmutableID may already be set depending on how the user was created\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Next, start PowerShell and execute the following\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Get-MsolUser -UserPrincipalName &quot;(mail address)&quot; | select UserPrincipalName,ImmutableId\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>It should look like this:\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If ImmutableID is not set as shown above, set it.\u003C\u002Fp>\n\u003Cp>ImmutableID cannot be changed once it is set, so it is not desirable to set information that may change in the future (e.g., last name, job title, etc.).\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Set-MsolUser -UserPrincipalName &quot;(mail address)&quot; -ImmutableId (arbitrary ImmutableID)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>In this example, a dummy email address has been used. However, for operation in company settings, it is advised to choose an ImmutableID carefully by picking something that will not be changed.\u003C\u002Fp>\n\u003Cp>Now, run the confirmation command again to make sure it is set correctly.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Step 2】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Set YubiOn Portal as the Identity Provider (IdP).\u003C\u002Fp>\n\u003Cp>In this example, the dummy email address that was set as the ImmutableID will be passed to Microsoft 365 by registering it as a member property.\u003C\u002Fp>\n\u003Cp>However, if the employee ID (member ID) or email address registered in YubiOn Portal is set as ImmutableID, proceed to \u003Ca href=\"#viewer-4md6b\">Step 3\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Log in to YubiOn Portal as an administrator and open the &quot;SSO Property Settings&quot; screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_2_bc8c204589.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Open the Property Registration screen from [Property registration] in the upper right corner and register the information to pass ImmutableID from YubiOn Portal to Microsoft 365.\u003C\u002Fp>\n\u003Cp>Property key: ms_immutable_id (example)\u003C\u002Fp>\n\u003Cp>Remarks: ImmutableID for Microsoft (example)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_3_412760b6da.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, open the Member Management screen to set ImmutableID for the user performing SSO.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_4_1e970552a4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click on the member performing the SSO to open the Advanced Settings screen and edit the property key created just now.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_5_4c2dd7288e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Register the ImmutableID set in step 1 in the SSO property value.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_6_0a501a12b6.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Step 3】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Continuing with YubiOn Portal (IdP) settings.\u003C\u002Fp>\n\u003Cp>Open the SSO App Settings screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_7_cbc5d7350a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Open the Application Registration screen from &quot;Select the App and add&quot; and select &quot;Microsoft 365&quot;.\u003C\u002Fp>\n\u003Cp>Then &quot;Microsoft 365&quot; will appear in the App list, click on it to enter the settings screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_8_a1d43fc64e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;Edit settings&quot; under App Settings.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_9_4725293376.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set the following information on the Edit App settings screen.\u003C\u002Fp>\n\u003Cp>SP login URL: \u003Cstrong>\u003Ca href=\"https:\u002F\u002Flogin.microsoftonline.com\u002Flogin.srf\">https:\u002F\u002Flogin.microsoftonline.com\u002Flogin.srf\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>User ID value:\u003C\u002Fp>\n\u003Cp>Setting method: \u003Cstrong>Property\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Value: \u003Cstrong>ms_immutable_id (member property key registered in step 2)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Default relay state: (Empty) ※Can be edited by clicking the &quot;Detailed settings&quot; link.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_10_7515407624.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>On the other hand, if an employee ID or an e-mail address registered in YubiOn Portal as a member ID is set, the following property information can be used for the user ID value setting.\u003C\u002Fp>\n\u003Cp>User ID Value Setting\u003C\u002Fp>\n\u003Cp>Setting method: Member information\u003C\u002Fp>\n\u003Cp>Setup value: Member ID or e-mail address\u003C\u002Fp>\n\u003Cp>Multiple other setting options can be used which are not covered in this article. A domainA domain\u003C\u002Fp>\n\u003Cp>Finally, assign SSO options to the required members.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_11_6ebdfb8f57.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select a member to perform SSO and click the Register button.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Step 4】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Configure Microsoft 365 as a Service Provider (SP).\u003C\u002Fp>\n\u003Cp>Start PowerShell and execute the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Set-MsolDomainAuthentication\n-DomainName \n-PassiveLogOnUri \n-IssuerUri \n-SigningCertificate \n-LogOffUri https:\u002F\u002Fes.yubion.com\u002Fmypage\u002FssoAppLogin.html\n-PreferredAuthenticationProtocol SAMLP\n-Authentication Federated\n-SupportsMfa $false\n-FederationBrandName YubiOnPortal\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>※In reality, each parameter (-XXX) is preceded by a space.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Domain Name\u003C\u002Ftd>\n\u003Ctd>Domain name created in the above procedure (Preparation 1)\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>IdP Login URL\u003C\u002Ftd>\n\u003Ctd>​Open the SSO App Settings &gt; Microsoft 365 Settings page of YubiOn Portal and copy    Copy &quot;IdP Login URL&quot; (①).\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>IdP Entity ID\u003C\u002Ftd>\n\u003Ctd>Open YubiOn Portal&#39;s SSO App Settings &gt; Microsoft 365 Settings screen and copy  Copy &quot;IdP Entity ID&quot; (②).\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Certificate Contents\u003C\u002Ftd>\n\u003Ctd>Open YubiOn Portal&#39;s SSO App Settings &gt; Microsoft 365 Settings screen and download the certificate (③).    Download the certificate (③).    Open the certificate with a text editor and copy the contents.   * Exclude &quot;BEGIN CERTIFICATE&quot; and &quot;END CERTIFICATE&quot;. * Cut off newlines and make it a one-line string. * If there is an &quot;=&quot; at the end, exclude it (because it is in base64 format with no padding).       Reference\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_12_5e08a9c577.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This completes the configuration.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Logging In】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cstrong>■IdP-Initiated\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Login to Microsoft 365 using SSO from the YubiOn Portal\u003C\u002Fp>\n\u003Cp>Open the SSO App login screen and click &quot;Microsoft 365&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_13_1203410a56.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Microsoft 365 login is a success!\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_14_413d182287.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>■SP-Initiated\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Now, log in using SSO from the Microsoft 365 side.\u003C\u002Fp>\n\u003Cp>Click the Sign In button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_15_a7577e95c9.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This will redirect to the YubiOn Portal login screen, where one can log in through the SSO account.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_16_21dc9f7e00.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Microsoft 365 login is a success!\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_14_413d182287.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>This article introduced YubiOn Portal settings for SSO login to Microsoft 365.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>◆Reference sites\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fa\u002Fanswer\u002F6363817#zippy=\">Office 365 Cloud Applications\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>[【Microsoft 365] SSO Enable Settings](\u003Ca href=\"https:\u002F\u002Fcg-support.isr.co.jp\u002Fhc\u002Fja\u002Farticles\u002F360004075454--Microsoft-365-SSO%E6%9C%89%E5%8A%B9%E5%8C%96%E8%A8%AD%E5%AE%9A\">https:\u002F\u002Fcg-support.isr.co.jp\u002Fhc\u002Fja\u002Farticles\u002F360004075454--Microsoft-365-SSO%E6%9C%89%E5%8A%B9%E5%8C%96%E8%A8%AD%E5%AE%9A\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.osstech.co.jp\u002Fproduct\u002Fopenam\u002Ftech\u002Fmicrosoft365\u002F\">OpenAM and Microsoft 365 SAML integration\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","yubion-portal-sso-setup-microsoft-365","2022-04-04","2026-04-28T07:21:27.803Z","2026-04-28T07:21:30.350Z",{"id":2204,"documentId":2205,"name":2206,"alternativeText":20,"caption":20,"focalPoint":20,"width":2207,"height":1385,"formats":2208,"hash":2231,"ext":25,"mime":29,"size":2232,"url":2233,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2234,"updatedAt":2234,"publishedAt":2234},950,"bn59ewg306kz7xh7f00gddc7","blog-yubion-portal-sso-setup-microsoft-365-1.png",842,{"small":2209,"medium":2216,"thumbnail":2224},{"ext":25,"url":2210,"etag":2211,"hash":2212,"mime":29,"name":2213,"path":20,"size":2214,"width":41,"height":1797,"sizeInBytes":2215},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa.png","5f1edde72cb40114221c742064cff497","small_blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa","small_blog-yubion-portal-sso-setup-microsoft-365-1.png",19.87,19867,{"ext":25,"url":2217,"etag":2218,"hash":2219,"mime":29,"name":2220,"path":20,"size":2221,"width":50,"height":2222,"sizeInBytes":2223},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa.png","6e10dc64851ad7d1caac6b76022434a1","medium_blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa","medium_blog-yubion-portal-sso-setup-microsoft-365-1.png",35.38,97,35377,{"ext":25,"url":2225,"etag":2226,"hash":2227,"mime":29,"name":2228,"path":20,"size":2229,"width":124,"height":1089,"sizeInBytes":2230},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa.png","7026d74e16d553b9524bfd54e5111b92","thumbnail_blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa","thumbnail_blog-yubion-portal-sso-setup-microsoft-365-1.png",6.11,6109,"blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa",4.46,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa.png","2026-04-28T07:20:14.216Z",[],{"id":854,"documentId":2237,"title":2238,"content":2239,"slug":2240,"published":2241,"createdAt":2242,"updatedAt":2242,"publishedAt":2243,"locale":14,"authorManual":570,"cover":2244,"tags":2285},"u2wc63l6oyk2ujp0slw9s8dt","Using the YubiOn Portal SSO to Perform a Single Sign-On to AWS","\u003Cp>On March 16, 2022, single sign-on (SSO) functionality was added to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">YubiOn Portal\u003C\u002Fa>, enabling users to log in to their services without being required to authenticate. Following this, this article will cover AWS&#39;s new SSO setting procedures.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Prerequisite】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>Must have an AWS account and be able to operate as an administrator.\u003C\u002Fli>\n\u003Cli>Must have a \u003Ca href=\"https:\u002F\u002Fwww.securitykey.yubion.com\u002F\">YubiKey\u003C\u002Fa> with Yubico OTP function.\u003C\u002Fli>\n\u003Cli>The user must be registered in \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">YubiOn Portal\u003C\u002Fa> and have a YubiKey associated with the operator.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fsso\u002Fhow_to_start\u002Fintroduction\u002F\">Initial registration for SSO\u003C\u002Fa> must be completed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Upon registering for the free YubiOn Portal, users will have access to the SSO.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Using the SSO】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>To briefly explain the flow, a relationship is established between YubiOn Portal (IdP) and AWS (SP) by exchanging metadata, etc., and then a single sign-on is performed from IdP to SP.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>1.\u003C\u002Fstrong> \u003Ca href=\"#viewer-604ri\">\u003Cstrong>Preparation of metadata for YubiOn Portal (IdP)\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Create App (AWS) and download metadata\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>2.\u003C\u002Fstrong> \u003Ca href=\"#viewer-dte2m\">\u003Cstrong>Setting up AWS Side\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Provider setting (IdP metadata import), Role setting, AWS (SP) metadata download.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>3.\u003C\u002Fstrong> \u003Ca href=\"#viewer-704as\">\u003Cstrong>Configuration on YubiOn Portal Side\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>AWS metadata import, AWS role and provider ARN settings, session name settings, and accessible members settings.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>4.\u003C\u002Fstrong> \u003Ca href=\"#viewer-egam6\">\u003Cstrong>Testing SSO from YubiOn Portal (IdP)\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Ch2>\u003Cstrong>【SSO Setup Procedure】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Ch3>\u003Cstrong>1.\u003C\u002Fstrong> \u003Ca href=\"#viewer-cssqu\">\u003Cstrong>Prepare metadata for YubiOn Portal\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Login to YubiOn Portal and access &quot;SSO App Settings&quot; from the sidebar.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;Select the App and Add&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_2_974aa9a5c8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;AWS Management Console&quot; in the Application Registration modal to register.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_3_cd3b356247.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After registration, &quot;AWS Management Console&quot; will appear in the App list.\u003C\u002Fp>\n\u003Cp>Then click &quot;AWS Management Console.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_4_566afd3be8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;Download Metadata&quot; to download the YubiOn Portal metadata used on the AWS side for SSO configuration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_5_b0d8064fa5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Save the metadata on the YubiOn Portal side to an arbitrary location for use in the following &quot;AWS Settings.&quot;\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>2.\u003C\u002Fstrong> \u003Ca href=\"#viewer-13ude\">\u003Cstrong>Setting up AWS Side\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>In order to use single sign-on, configure ID provider and role settings, first access the AWS management console to configure the YubiOn Portal provider.\u003C\u002Fp>\n\u003Cp>Type &quot;IAM&quot; in the search box at the top of the screen and select &quot;IAM&quot; from the list of services.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_6_05bcfc7339.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click on &quot;Identity providers&quot; on the left side of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_7_78191e10ad.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;Add provider&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_8_fa80666bb0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set the following in the Provider Settings\u003C\u002Fp>\n\u003Col>\n\u003Cli>Provider Type: Select SAML.\u003C\u002Fli>\n\u003Cli>Provider Name: Set a descriptive name (in the example, YubiOnPortal)\u003C\u002Fli>\n\u003Cli>Metadata Document: Upload metadata downloaded from YubiOn Portal.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_9_143e449f53.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Finally, add providers by clicking the &quot;Add provider&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_10_74e1cf1468.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click on the provider added, which in this case is the YubiOnPortal.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_11_572f4d0a0d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Copy and paste the provider&#39;s ARN information into a text editor.\u003C\u002Fp>\n\u003Cp>※This information will be used later in the configuration on the YubiOn Portal side.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_12_183a1e0a51.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, set up a role to log in to AWS.\u003C\u002Fp>\n\u003Cp>※In SSO using AWS SAML, specify a role with certain log-in privileges instead of preparing each user.\u003C\u002Fp>\n\u003Cp>Click &quot;Roles&quot; on the left side of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_13_b9ad7ae091.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click on the &quot;Create role&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_14_a6452898db.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set the following\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Trusted Entity Type: SAML2.0 Federation\u003C\u002Fli>\n\u003Cli>SAML2.0 Provider: Select the provider that was created (in this case, YubiOn Portal)\u003C\u002Fli>\n\u003Cli>Access Level\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Select &quot;Allow programmatic and AWS Management Console access&quot; to set SSO for management console access here.\u003C\u002Fp>\n\u003Cp>※Conditions\u003C\u002Fp>\n\u003Cp>Add conditions as necessary. No special settings are made here.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Finally, click the &quot;Next&quot; button.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_15_456b312a68.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_16_c1055a802c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>On the last screen, configure the following settings.\u003C\u002Fp>\n\u003Cp>Role Name: Enter a descriptive role name.\u003C\u002Fp>\n\u003Cp>Description: Enter a description of the role.\u003C\u002Fp>\n\u003Cp>Select Trusted Entities: Modify if necessary.\u003C\u002Fp>\n\u003Cp>Add Permissions: Add if necessary.\u003C\u002Fp>\n\u003Cp>Add Tags: Add tags if desired.\u003C\u002Fp>\n\u003Cp>Finally, click the &quot;Create Role&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_17_d874eba1d7.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_18_afc103ec4f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select the role that was created.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_19_3ebc0242ec.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Copy and paste the role&#39;s ARN information into a text editor.\u003C\u002Fp>\n\u003Cp>※This information will be used later in the configuration on the YubiOn Portal side.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_20_a2cee0ca3e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Finally, download the AWS (SP) side metadata from the following URL\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsignin.aws.amazon.com\u002Fstatic\u002Fsaml-metadata.xml\">https:\u002F\u002Fsignin.aws.amazon.com\u002Fstatic\u002Fsaml-metadata.xml\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This concludes the setup on the AWS side.\u003C\u002Fp>\n\u003Cp>Next, move on to the setting of YubiOn Portal.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>3.\u003C\u002Fstrong> \u003Ca href=\"#viewer-6sg1e\">\u003Cstrong>Configuration on YubiOn Portal Side\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Return to the &quot;SSO App Settings&quot; page of YubiOn Portal and import AWS (SP) metadata.\u003C\u002Fp>\n\u003Cp>Click &quot;SP Metadata Upload&quot; tab.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_21_3cc4100410.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Upload AWS (SP) side metadata from SP Metadata Upload.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_22_eb897c0532.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When a confirmation modal appears, click the &quot;Upload&quot; button to upload.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_23_4bd9b450cb.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, set the minimum required attributes for the AWS SSO configuration.\u003C\u002Fp>\n\u003Cp>The required fields are as follows.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Role: Specify the Role ARN and Provider ARN, separated by commas.\u003C\u002Fli>\n\u003Cli>RoleSessionName: Name, email address, or other information representing the account logged in.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Click the &quot;Attribute Settings&quot; tab in the lower-left corner of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_24_504e40ceef.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set the &quot;Role&quot; attribute to specify the AWS role.\u003C\u002Fp>\n\u003Cp>Click the &quot;Edit&quot; icon on the right side of the &quot;Role&quot; template attribute.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_25_9a3f15b399.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set the following for the attribute value.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Setting method: Select &quot;Direct input.&quot;\u003C\u002Fli>\n\u003Cli>Value: Enter the ARN of the role and the ARN of the provider that was reserved in the AWS side settings, separated by commas.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>E.g., &quot;ARN of role, ARN of the provider.&quot;\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Finally, click the &quot;Update&quot; button to update the information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_26_51ce8a7ab7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, configure the &quot;RoleSessionName&quot; attribute that appears after AWS login.\u003C\u002Fp>\n\u003Cp>Click the &quot;Edit&quot; icon on the right side of &quot;RoleSessionName&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_27_b09b007617.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set the following attribute values.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Setting method: Select &quot;Member Information.&quot;\u003C\u002Fli>\n\u003Cli>Value: Select &quot;Member Name.&quot;\u003C\u002Fli>\n\u003Cli>Finally, click the &quot;Update&quot; button to update the information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_28_0408896809.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This concludes the setup of the attributes.\u003C\u002Fp>\n\u003Cp>Continue to set the members who can access AWS.\u003C\u002Fp>\n\u003Cp>Although there is a way to assign members belonging to a group in a batch using the group function, as it is a paid feature, this article will explore individual member creation.\u003C\u002Fp>\n\u003Cp>Click on &quot;Assign member&quot; in the lower right corner of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_29_1ca0974779.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select the member to be assigned and click the &quot;Register&quot; button to register.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_30_bb337d8bf1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This completes the SSO setup.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>4.\u003C\u002Fstrong> \u003Ca href=\"#viewer-4t839\">\u003Cstrong>Testing SSO from YubiOn Portal (IdP)\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Click the &quot;SSO&quot; icon on the side menu and access &quot;SSO App Login.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_31_1a04290c38.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;AWS Management Console.”\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_32_2a57a6021a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Congratulations! AWS log-in was successful.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_33_5ee22ac4d4.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>To switch to or purchase the paid SSO version, please leave an inquiry through the Contact Form.\u003C\u002Fp>\n","how-to-sso-into-aws-with-yubion-portal","2022-03-24","2026-04-28T07:19:51.987Z","2026-04-28T07:19:55.002Z",{"id":2245,"documentId":2246,"name":2247,"alternativeText":20,"caption":20,"focalPoint":20,"width":1671,"height":2248,"formats":2249,"hash":2281,"ext":25,"mime":29,"size":2282,"url":2283,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2284,"updatedAt":2284,"publishedAt":2284},917,"k1e7g8zbtakzw8plus9ellhx","blog-how-to-sso-into-aws-with-yubion-portal-1.png",1130,{"large":2250,"small":2258,"medium":2266,"thumbnail":2274},{"ext":25,"url":2251,"etag":2252,"hash":2253,"mime":29,"name":2254,"path":20,"size":2255,"width":32,"height":2256,"sizeInBytes":2257},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b.png","71572832b74f5be9517d3df565bce1f9","large_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b","large_blog-how-to-sso-into-aws-with-yubion-portal-1.png",75.64,476,75636,{"ext":25,"url":2259,"etag":2260,"hash":2261,"mime":29,"name":2262,"path":20,"size":2263,"width":41,"height":2264,"sizeInBytes":2265},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b.png","ebf5188a57c6775ac2d6b1047512c364","small_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b","small_blog-how-to-sso-into-aws-with-yubion-portal-1.png",28.98,238,28977,{"ext":25,"url":2267,"etag":2268,"hash":2269,"mime":29,"name":2270,"path":20,"size":2271,"width":50,"height":2272,"sizeInBytes":2273},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b.png","dca40d5a656d30f2982ad9297daed6cf","medium_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b","medium_blog-how-to-sso-into-aws-with-yubion-portal-1.png",50.7,357,50695,{"ext":25,"url":2275,"etag":2276,"hash":2277,"mime":29,"name":2278,"path":20,"size":2279,"width":124,"height":753,"sizeInBytes":2280},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b.png","4b633ccf538e97db89b0ce8b99a79876","thumbnail_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b","thumbnail_blog-how-to-sso-into-aws-with-yubion-portal-1.png",11.13,11131,"blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b",43.74,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b.png","2026-04-28T07:17:14.194Z",[],{"id":2287,"documentId":2288,"title":2289,"content":2290,"slug":2291,"published":2292,"createdAt":2293,"updatedAt":2293,"publishedAt":2294,"locale":14,"authorManual":359,"cover":2295,"tags":2337},37,"cnp05lqb94x9u8wwvfn44z76","FIDO2 Security Key Strengthen Windows Log On","\u003Cp>On May 12, 2021, YubiOn FIDO Logon, a product that strengthens the security of Windows logon using FIDO2 security keys, was released. In addition, YubiOn FIDO Logon enables two-factor authentication for Windows, a process that will be explored in this article.\u003C\u002Fp>\n\u003Cp>While the YubiOn FIDO Logon is intended for companies for ease, this article will follow the example wherein there is a single person who is both a user and administrator.\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Register for the Service\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Access \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002F\">YubiOn FIDO\u003C\u002Fa> Logon and register for the service by clicking the &quot;SIGN UP&quot; button in the upper right corner.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Confirm the contents, agree to the terms and conditions, then click “Next.”\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_2_1d5d05a733.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The user will be prompted to enter registration information. While there are fields to enter organizational information for corporate users, we will only require a name, email address, and password for this example.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_3_a0f2e38c89.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Upon filling out the form, view the Terms of Use at the bottom of the page, agree to them, then click the “Register” button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_4_ce6dd92ba0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Following this, an email will be sent to the entered email address asking for confirmation. Click on the link in the email to confirm the email address.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_5_e2fd00fbad.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once the following screen appears, registration is complete.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_6_809f13a52e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Download and install the client tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Next, install the client tool on your PC. To do this, first, log in to the web screen and download the installer.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_7_bf283bcd5a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter the email address and password combination set up during registration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_8_349e92da6f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once logged in, click the “Download” button located under the sub-menu to the left, which is accessed by hovering over the Authentication Services icon.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_9_705508a349.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The client tool will be downloaded by clicking the “Download” button. Here, copy the displayed “Registration Code” as it needs to be entered upon installation.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_10_ec38c5e845.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After downloading, run the downloaded installer file; if the Windows protection function displays the following, click &quot;More info&quot; and press the &quot;Run anyway&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_11_72c889fdf6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After running the installer, the following screen will appear to proceed with the installation as usual.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_12_69f44a73f4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The installation is now complete.\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Initial Settings and FIDO2 Authenticator Settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once the installation is complete, the configuration tool will start automatically. First, a product registration screen will appear, prompting the user to enter the “Registration Code” copied from the download screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_13_6eee5fde56.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Upon entering the registration code, the configuration tool will open, wherein the user can set up the FIDO2 authenticator. To do this, select the “Register” button in the “Authentication Settings” window.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_14_5caf6db20b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A new window will appear containing the registration guide for the authenticator. In this example, Yubico’s Security Key will be used. However, depending on the type of authenticator, one may or may not be required to enter a PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_15_f0540659bf.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After successful registration, the registered authenticator should be displayed as shown below.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_16_07691dddd8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The setup is completed, and the user can now proceed to log in using the FIDO Logon.\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Logon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Upon completing the setup of the settings, the user can log on immediately by holding down the Windows key and pressing the “L” key to lock the Windows screen, prompting the authentication screen to appear.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_17_e59bb2eeab.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If this is the first time using FIDO Logon, the screen displayed is likely the standard Windows authentication page. To access the FIDO Logon screen, navigate to the “Sign-in Options” and select the authenticator and finger icons.\u003C\u002Fp>\n\u003Cp>Then, follow the on-screen instruction to operate the authentication and enter your PIN. Again, depending on the authenticator, the PIN may or may not be required.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_18_41e9840156.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Finally, the user will be prompted to enter their Windows account password once, after which they can log on without a password.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_19_4abffaa130.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The user can now use their FIDO Security Key with their Windows account through these steps.\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In light of the recent events following COVID-19, remote work has become increasingly widespread. The YubiOn FIDO Logon aims to strengthen the security of the user&#39;s PC to address the growing concerns that accompany increased instances of remote work, such as doubts surrounding the loss of authenticators or stolen computers.\u003C\u002Fp>\n\u003Cp>If you and your company are also facing these challenges, we recommend that you install YubiOn FIDO LogOn.\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Regarding the FIDO2 Authenticators\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you require FIDO2 authenticators, please \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">contact us\u003C\u002Fa>, and we will be happy to assist you with the process. More information regarding authenticators offered by SoftGiken is available \u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">here\u003C\u002Fa>.\u003C\u002Fp>\n","fido2-security-key-strengthen-windows-logon","2022-02-02","2026-04-28T06:31:17.499Z","2026-04-28T06:31:20.117Z",{"id":2296,"documentId":2297,"name":2298,"alternativeText":20,"caption":20,"focalPoint":20,"width":2299,"height":2300,"formats":2301,"hash":2333,"ext":25,"mime":29,"size":2334,"url":2335,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2336,"updatedAt":2336,"publishedAt":2336},484,"q08ujcia3wnbdsybrf7towju","blog-fido2-security-key-strengthen-windows-logon-1.png",2422,662,{"large":2302,"small":2310,"medium":2318,"thumbnail":2326},{"ext":25,"url":2303,"etag":2304,"hash":2305,"mime":29,"name":2306,"path":20,"size":2307,"width":32,"height":2308,"sizeInBytes":2309},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7.png","1116dd04d17b96338ff3a152a8eb5dd8","large_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7","large_blog-fido2-security-key-strengthen-windows-logon-1.png",264.99,273,264992,{"ext":25,"url":2311,"etag":2312,"hash":2313,"mime":29,"name":2314,"path":20,"size":2315,"width":41,"height":2316,"sizeInBytes":2317},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7.png","08a5ada23b755b713742b7f305b7fa5a","small_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7","small_blog-fido2-security-key-strengthen-windows-logon-1.png",87.52,137,87519,{"ext":25,"url":2319,"etag":2320,"hash":2321,"mime":29,"name":2322,"path":20,"size":2323,"width":50,"height":2324,"sizeInBytes":2325},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7.png","f1bf5ba095ccdc0f6f541c6b3a9b038b","medium_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7","medium_blog-fido2-security-key-strengthen-windows-logon-1.png",165.19,205,165186,{"ext":25,"url":2327,"etag":2328,"hash":2329,"mime":29,"name":2330,"path":20,"size":2331,"width":124,"height":1846,"sizeInBytes":2332},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7.png","7bbe803dd6c4db9604e0e7df799d3952","thumbnail_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7","thumbnail_blog-fido2-security-key-strengthen-windows-logon-1.png",27.28,27281,"blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7",213.02,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7.png","2026-04-28T06:29:40.775Z",[],{"id":2339,"documentId":2340,"title":2341,"content":2342,"slug":2343,"published":2344,"createdAt":2345,"updatedAt":2345,"publishedAt":2346,"locale":14,"authorManual":2347,"cover":2348,"tags":2372},29,"eihupko15003hpwzcdv9jyx5","Enhanced Linux SSH Access with FIDO Security Keys","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%83%BC%E3%82%AD%E3%83%BC%E3%81%A7githubssh%E3%82%A2%E3%82%AF%E3%82%BB%E3%82%B9%E5%BC%B7%E5%8C%96\">last article\u003C\u002Fa> introduced GitHub SSH Access Enhancement with FIDO2 Security Keys (yubion.com), yet it did not cover whether FIDO security keys for SSH access can be used in non-GitHub environments.\u003C\u002Fp>\n\u003Cp>With the new features in \u003Ca href=\"https:\u002F\u002Fwww.openssh.com\u002Ftxt\u002Frelease-8.2\">OpenSSH 8.2\u003C\u002Fa>, users of all Linux servers (Ubuntu, Debian, CentOS, Fedora, etc.) can now use FIDO security keys in SSH. This article will introduce SSH access to Linux servers using YubiKey.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Environments :\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>OS: Linux Ubuntu 20.04 (client and server)\u003C\u002Fli>\n\u003Cli>YubiKey 5 NFC\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>SSH Access Configuration：\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>SSH key pair generation and use are similar to standard usage\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cp>Plug the YubiKey into the USB port.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Open a terminal and enter the following command to generate an SSH key.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>sk refers to Security Key\u003C\u002Fp>\n\u003Cp>$ ssh-keygen -t ed25519-sk\u003C\u002Fp>\n\u003Cp>Note: If the command fails and an &quot;invalid format&quot; or &quot;feature not supported&quot; error is displayed, the security key used may not support ed25519. Try ecdsa instead of ed25519.\u003C\u002Fp>\n\u003Cp>The YubiKey 5 NFC firmware used this time is 5.1.2, so it cannot generate ed25519 keys, so ecdsa keys are generated instead.\u003C\u002Fp>\n\u003Cp>To use the Ed25519 key, please use YubiKey firmware 5.2.3 or later.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_1_6e8cba2290.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Checking YubiKey firmware with YubiKey Manager\u003C\u002Fem>\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>\u003Cp>Enter the FIDO2 PIN for the YubiKey and touch the key.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>When &quot;Enter a file in which to save the key&quot; is displayed, press Enter to save the public key to the default file location.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Create a password for the public key file.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_2_1fa77256d8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of SSH Key Generation\u003C\u002Fem>\u003C\u002Fp>\n\u003Col start=\"6\">\n\u003Cli>Copy the SSH public key from the generated &quot;id_ecdsa_sk.pub&quot; file and add it to the &quot;~\u002F.ssh\u002Fauthorized_keys&quot; file on the server to be connected to.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch2>\u003Cstrong>SSH Access with FIDO Security Key：\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Col>\n\u003Cli>\u003Cp>Insert the YubiKey into the USB port.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Then, open a terminal to access the server.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>$ ssh user@server_ip\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Enter the password of the private key file and touch YubiKey.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_3_0f6dd40013.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of Accessing Server\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>If the above screen is displayed, it indicates that the setup of SSH access using the FIDO security key as two-factor authentication like with GitHub was successful.\u003C\u002Fp>\n\u003Col start=\"4\">\n\u003Cli>Also, to log in without a password, check the &quot;Automatically unlock this key whenever I&#39;m logged in&quot; checkbox to require a password only upon the first log-in.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch2>\u003Cstrong>Disabling User and Password Only Login :\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Col>\n\u003Cli>Run the command on the remote server to edit the SSH daemon configuration file.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>$ sudo nano \u002Fetc\u002Fssh\u002Fsshd_config\u003C\u002Fp>\n\u003Col start=\"2\">\n\u003Cli>Uncomment the &quot;#PasswordAuthentication yes&quot; line and change it to &quot;no&quot; to look like the screenshot below.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_4_a0231f535d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of SSH Daemon File Configuration\u003C\u002Fem>\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>\u003Cp>Press Ctrl + X (to finish editing), type &quot;y&quot; (to confirm file save), and press Enter (to confirm file name) to save the file.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Finally, reload SSH.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>$ sudo systemctl reload ssh\u003C\u002Fp>\n\u003Cp>Then, when connecting to the server without the FIDO security key, the following error message will be displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_5_c3693cacc8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_6_61ef4d0812.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of an Error\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Conclusion：\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>This article introduced SSH access to Linux using YubiKey, through which users can store their private key in a hardware security key and operate a simple, secure two-factor or single-factor authentication.\u003C\u002Fp>\n\u003Cp>However, since the OpenSSH version for Windows 10 is still 8.1, clients cannot use FIDO security keys on Windows 10.\u003C\u002Fp>\n\u003Cp>Instead, YubiKey&#39;s PIV function to \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fssh%E3%81%AE%E7%A7%98%E5%AF%86%E9%8D%B5%E3%82%92yubikey%E3%81%A7%E7%AE%A1%E7%90%86-windows%E7%B7%A8\">&quot;Manage SSH private keys with YubiKey on Windows (yubion.com)&quot;\u003C\u002Fa> can be used.\u003C\u002Fp>\n","linux-ssh-access-fido-security-keys","2022-01-11","2026-04-28T06:23:31.981Z","2026-04-28T06:23:34.501Z","Vy",{"id":2349,"documentId":2350,"name":2351,"alternativeText":20,"caption":20,"focalPoint":20,"width":50,"height":444,"formats":2352,"hash":2367,"ext":25,"mime":29,"size":2368,"url":2369,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2370,"updatedAt":2370,"publishedAt":2371},417,"qji3073f16u9urdovzmbrqey","blog-linux-ssh-access-fido-security-keys-1.png",{"small":2353,"thumbnail":2360},{"ext":25,"url":2354,"etag":2355,"hash":2356,"mime":29,"name":2357,"path":20,"size":2358,"width":41,"height":436,"sizeInBytes":2359},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_linux_ssh_access_fido_security_keys_1_6e8cba2290.png","652942879e6a20ab66fee340d9403b4b","small_blog_linux_ssh_access_fido_security_keys_1_6e8cba2290","small_blog-linux-ssh-access-fido-security-keys-1.png",43.48,43483,{"ext":25,"url":2361,"etag":2362,"hash":2363,"mime":29,"name":2364,"path":20,"size":2365,"width":452,"height":59,"sizeInBytes":2366},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_linux_ssh_access_fido_security_keys_1_6e8cba2290.png","12b355e4d5f6b2fc771279b51d7d0bc0","thumbnail_blog_linux_ssh_access_fido_security_keys_1_6e8cba2290","thumbnail_blog-linux-ssh-access-fido-security-keys-1.png",12.19,12188,"blog_linux_ssh_access_fido_security_keys_1_6e8cba2290",21.39,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_1_6e8cba2290.png","2026-04-28T06:23:07.322Z","2026-04-28T06:23:07.323Z",[],{"id":2374,"documentId":2375,"title":2376,"content":2377,"slug":2378,"published":2379,"createdAt":2380,"updatedAt":2380,"publishedAt":2381,"locale":14,"authorManual":2382,"cover":2383,"tags":2401},101,"tdtiw75rg1hzx28c6r6ormf9","Using \"YubiOn for Salesforce\" to Support Salesforce's MFA requirement","\u003Cp>Beginning February 1, 2022, \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fsfdc-mfa#:~:text=%E3%81%8A%E3%82%88%E3%81%B3%E4%BD%BF%E7%94%A8%E6%96%B9%E6%B3%95-,MFA%20(%E5%A4%9A%E8%A6%81%E7%B4%A0%E8%AA%8D%E8%A8%BC)%20%E3%81%A8%E3%81%AF,-%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%81%AE%E8%84%85%E5%A8%81\">multi-factor authentication\u003C\u002Fa>, or MFA, will now be mandatory for Salesforce, making another factor of authentication, apart from the traditional ID and password, required.\u003C\u002Fp>\n\u003Cp>While Salesforce supports the following MFA, there may be cases where the MFA verification method cannot be used due to the customer&#39;s configuration. Luckily, YubiOn for Salesforce is available for these situations.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Salesforce Authenticator\u003C\u002Ftd>\n\u003Ctd>Login is possible by authenticating based on push notifications sent to the device.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Third-party TOTP\u003C\u002Ftd>\n\u003Ctd>Login is possible by entering a temporary code sent to the device.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Security Key (U2F)\u003C\u002Ftd>\n\u003Ctd>Login is possible by authenticating with a physical device plugged into the USB port.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>For example, the following are not considered acceptable MFA methods as per recommendations by Salesforce.\u003C\u002Fp>\n\u003Cp>“Salesforce Authenticator&quot; and &quot;3rd Party TOTP&quot; require a mobile device, meaning that if company devices are not loaned, it may not be possible to use them. U2F also requires a paid physical device to be plugged into the USB port for authentication and cannot be used if U2F communication is not possible due to USB restrictions or remote connections. In addition, U2F makes it difficult to identify individual devices.\u003C\u002Fp>\n\u003Cp>A few advantages of YubiOn for Salesforce, an application for multi-factor authentication with OTP (One Time Password) using YubiKey, are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No mobile device is required\u003C\u002Fli>\n\u003Cli>OTP is recognized as a keyboard, so it can be used under USB restrictions or remote connection\u003C\u002Fli>\n\u003Cli>Easy management of authentication devices\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A trial demo for YubiOn for Salesforce is covered in the remainder of this article.\u003C\u002Fp>\n\u003Cp>●\u003Cstrong>Easy Installation\u003C\u002Fstrong>\nAccess the package installation site.\u003C\u002Fp>\n\u003Cp>Enter the installation key and click the &quot;Install&quot; button.\u003C\u002Fp>\n\u003Cp>※The URL of the installation site and the installation key will be distributed when you purchase the package.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_1_2905f728ed.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The YubiKey management application (YubiKeyManager) will be available immediately after installation is complete.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_2_6b0de37f6e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>●\u003Cstrong>Batch management of YubiKey with YubiKeyManager\u003C\u002Fstrong>\nRegister, rename, and delete YubiKeys used for authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_3_998e975e50.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>It is also possible to assign and unassign YubiKeys for authentication to each user.\u003C\u002Fp>\n\u003Cp>Multiple YubiKeys can be assigned to a single user, or the same YubiKey can be assigned to multiple users.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_4_7f78cc158b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>●\u003Cstrong>MFA (multi-factor authentication) for login\u003C\u002Fstrong>\nApply a login flow that requires MFA for each user (per role, called a profile).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_5_604d62bd63.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Users to whom the login flow for MFA has been applied will be required to use OTP with YubiKey from their next login.\u003C\u002Fp>\n\u003Cp>The user logs in with the conventional ID and password (1st factor).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_6_e10646e6f3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Plug the YubiKey into the USB port.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_7_d43ffcd651.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>（Note: Only YubiKey with OTP functionality is available）\u003C\u002Fp>\n\u003Cp>By simply placing a finger on the [y] area, OTP authentication (second factor) is performed, and one can log in to the Salesforce service.\u003C\u002Fp>\n\u003Cp>This concludes the guide for use of MFA through YubiOn for Salesforce, a program designed to support users who were unable to implement MFA verification through Salesforce.\u003C\u002Fp>\n\u003Cp>To purchase YubiKeys via Amazon, click \u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>As Soft Giken also provides YubiKeys, if one wishes to acquire a YubiKey, please \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">contact us\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Also, for more information regarding YubiOn for Salesforce, please visit \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion-for-salesforce\">here\u003C\u002Fa>.\u003C\u002Fp>\n","yubion-for-salesforce-mfa-requirement","2021-12-16","2026-04-28T07:16:53.504Z","2026-04-28T07:16:56.070Z","YubiOn",{"id":774,"documentId":2384,"name":2385,"alternativeText":20,"caption":20,"focalPoint":20,"width":2386,"height":2387,"formats":2388,"hash":2397,"ext":25,"mime":29,"size":2398,"url":2399,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2400,"updatedAt":2400,"publishedAt":2400},"lsps00j2f3ji66d1vi5ndtlr","blog-yubion-for-salesforce-mfa-requirement-1.png",384,340,{"thumbnail":2389},{"ext":25,"url":2390,"etag":2391,"hash":2392,"mime":29,"name":2393,"path":20,"size":2394,"width":2395,"height":59,"sizeInBytes":2396},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubion_for_salesforce_mfa_requirement_1_2905f728ed.png","438230b518b37b570f480579bb4b760f","thumbnail_blog_yubion_for_salesforce_mfa_requirement_1_2905f728ed","thumbnail_blog-yubion-for-salesforce-mfa-requirement-1.png",19.97,176,19974,"blog_yubion_for_salesforce_mfa_requirement_1_2905f728ed",15.72,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_1_2905f728ed.png","2026-04-28T07:16:26.727Z",[],{"id":2403,"documentId":2404,"title":2405,"content":2406,"slug":2407,"published":2408,"createdAt":2409,"updatedAt":2409,"publishedAt":2410,"locale":14,"authorManual":359,"cover":2411,"tags":2450},45,"vxgtcaz01axm5cpuzn5w1hqu","First Impression of YubiKey Bio","\u003Cp>On October 5, 2021 (local time), Yubico finally released [YubiKey Bio]. In this article, we would like to delve into our initial impressions of this new product.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_1_9aa944bb1b.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_2_ee550e63b5.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>I purchased the USB Type-A model, which comes in the packaging below.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_3_a337b19587.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_4_b1b984d8d7.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Here is the device out of the packaging. I assumed that as the YubiKey Bio is a FIDO2 authentication device, it would be more like a Yubico Security Key, and therefore, it would not have a serial number. However, it appears that the YubiKey Bio does have one.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_5_2116046c93.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_6_66e1adb088.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The size is the same as the previous YubiKey. However, the touch part has been changed to a fingerprint sensor and is larger than before, and the depth of the touch part is a little shallower than other keys.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_7_e358cd388f.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The conventional product indicates its status by glowing the &quot;Y&quot; mark or key mark on the touch part, but YubiKey Bio has two status indicator lamps, one green, and one orange, between the touch part and USB connector. The green seems to blink fast when fingerprint touch is requested and blinks slowly when PIN touch is asked for, while the orange light seems to glow when there is an error or the key setting is changed.\u003C\u002Fp>\n\u003Cp>Now I will go over the initial settings needed to use the key.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_8_34d9c984a1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_9_85f73d54e8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>With Windows 10, the initial setup can be done through the OS functions. First, open the settings screen from the Start menu, select [Accounts], [Sign-in Options], [Security Keys], and press the &quot;Manage&quot; button.\u003C\u002Fp>\n\u003Cp>Try logging on to Windows with YubiKey Bio using \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002F\">YubiOn FIDO Logon\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_10_aa8e7e7256.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_11_360b64b70d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>I could register in the same way as a common fingerprint type FIDO2 authenticator. A common standard like FIDO2 is convenient as you can immediately use what you have bought without any particular awareness.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_12_99754829d9.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Logon was successful, as noted by the small &quot;Welcome&quot; message.\u003C\u002Fp>\n\u003Cp>I will also try out YubiOn&#39;s \u003Ca href=\"https:\u002F\u002Fyubionfido2demo.yubion.com\u002FHomeJP\">FIDO2 demo site\u003C\u002Fa> for multi-factor authentication with hardware authenticator and biometrics.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_13_bf3e01565e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_14_b233d3f9bf.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>It works perfectly!\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_15_8b9c3c4d27.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The fingerprint FIDO2 authenticator works the same, but if the fingerprint authentication fails three times, the PIN authentication is used instead. For example, I had registered my index fingerprint, but when I intentionally touched it with my middle finger, it moved to PIN input after three attempts, similar to other authenticators. Although there are slight differences, the accuracy of fingerprint authentication is relatively high, so you may not need to input the PIN very often.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_16_144b741e04.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>I tried to display the Key’s information with YubiKey Manager distributed by Yubico. The serial number was written on the back of the key, but the YubiKey Manager can also read the serial number. I won&#39;t go into the technical details this time, but there must be some way to read the serial number from the PC side.\u003C\u002Fp>\n\u003Cp>Regarding our schedules for sales for the YubiKeys, SoftGiken is currently planning on making the USB-C type device available soon. For more updates, please check this blog again.\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Sites Used in this Demo\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002F\">YubiOn FIDO Logon\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Using a FIDO2-certified external authenticator such as the YubiKey Bio introduced this time or ATKey.Pro made by AuthenTrend that is already on sale, so users can easily upgrade their PC&#39;s Windows logon to more robust authentication.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyubionfido2demo.yubion.com\u002FHomeJP\">FIDO2 Demo Site\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※Revised due to change in demo site URL on May 24, 2022.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>■YubiKey Bio series now available on Amazon\u003C\u002Fstrong> ※ Added on 2022\u002F05\u002F30\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fdp\u002FB09KM668XJ\u002F?m=ADKPGBH0XPL04\">YubiKey Bio - FIDO Edition (USB Type-Ａ) - Available on Amazon\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fdp\u002FB09MMDGMLC\u002F?m=ADKPGBH0XPL04\">YubiKey C Bio - FIDO Edition (USB Type-C) Available on Amazon\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","yubikey-bio-first-impression","2021-10-16","2026-04-28T06:36:44.500Z","2026-04-28T06:36:47.341Z",{"id":365,"documentId":2412,"name":2413,"alternativeText":20,"caption":20,"focalPoint":20,"width":2414,"height":2415,"formats":2416,"hash":2445,"ext":512,"mime":516,"size":2446,"url":2447,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2448,"updatedAt":2448,"publishedAt":2449},"zzuien7jqqveat7veh7k2t2o","blog-yubikey-bio-first-impression-1.jpeg",2048,1365,{"large":2417,"small":2424,"medium":2431,"thumbnail":2438},{"ext":512,"url":2418,"etag":2419,"hash":2420,"mime":516,"name":2421,"path":20,"size":2422,"width":32,"height":33,"sizeInBytes":2423},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_yubikey_bio_first_impression_1_9aa944bb1b.jpeg","aa3eeb2df9c6a8940ed05625ce297358","large_blog_yubikey_bio_first_impression_1_9aa944bb1b","large_blog-yubikey-bio-first-impression-1.jpeg",29.77,29772,{"ext":512,"url":2425,"etag":2426,"hash":2427,"mime":516,"name":2428,"path":20,"size":2429,"width":41,"height":42,"sizeInBytes":2430},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubikey_bio_first_impression_1_9aa944bb1b.jpeg","2d84e17d251d34e6328ff452c244bd4b","small_blog_yubikey_bio_first_impression_1_9aa944bb1b","small_blog-yubikey-bio-first-impression-1.jpeg",9.77,9768,{"ext":512,"url":2432,"etag":2433,"hash":2434,"mime":516,"name":2435,"path":20,"size":2436,"width":50,"height":41,"sizeInBytes":2437},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_yubikey_bio_first_impression_1_9aa944bb1b.jpeg","362595b084f1b19dc1d3f4d11c2c8ff7","medium_blog_yubikey_bio_first_impression_1_9aa944bb1b","medium_blog-yubikey-bio-first-impression-1.jpeg",18.44,18436,{"ext":512,"url":2439,"etag":2440,"hash":2441,"mime":516,"name":2442,"path":20,"size":2443,"width":58,"height":59,"sizeInBytes":2444},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubikey_bio_first_impression_1_9aa944bb1b.jpeg","4a55db57ec75ec844cd64a72b15141dd","thumbnail_blog_yubikey_bio_first_impression_1_9aa944bb1b","thumbnail_blog-yubikey-bio-first-impression-1.jpeg",3.16,3160,"blog_yubikey_bio_first_impression_1_9aa944bb1b",92.82,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_1_9aa944bb1b.jpeg","2026-04-28T06:35:37.653Z","2026-04-28T06:35:37.654Z",[],{"id":2452,"documentId":2453,"title":2454,"content":2455,"slug":2456,"published":2457,"createdAt":2458,"updatedAt":2458,"publishedAt":2459,"locale":14,"authorManual":2347,"cover":2460,"tags":2486},39,"d9jv3tuc5qf82muadwd63b1w","FIDO2 Security Keys for Enhanced GitHub SSH Access","\u003Cp>Recently, it was announced that after August 13, 2021, GitHub will no longer accept account passwords when authenticating Git operations, and will require the use of strong authentication factors, such as a personal access token, SSH key (for developers), OAuth, or GitHub App installation token.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.blog\u002F2021-08-16-securing-your-github-account-two-factor-authentication\u002F\">(https:\u002F\u002Fgithub.blog\u002F2021-08-16-securing-your-github-account-two-factor-authentication\u002F)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>They also announced in May 2021 that SSH authentication for Git operations now supports FIDO security keys instead of the traditional public\u002Fprivate key pair.\n（\u003Ca href=\"https:\u002F\u002Fgithub.blog\u002F2021-05-10-security-keys-supported-ssh-git-operations\u002F\">Security keys are now supported for SSH Git operations | The GitHub Blog\u003C\u002Fa>）\u003C\u002Fp>\n\u003Cp>During SSH key generation, the private key is stored in the security key, not on the PC. And when authenticated, will require the key to be touched.\u003C\u002Fp>\n\u003Cp>In other words, one can use the same YubiKey for both GitHub web services and Git operations for two-factor authentication.\u003C\u002Fp>\n\u003Cp>To set up two-factor authentication for GitHub&#39;s web services, read \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fgithub%E3%81%A7yubikey%E3%81%AE%E4%BA%8C%E8%A6%81%E7%B4%A0%E8%AA%8D%E8%A8%BC%E3%82%92%E8%A8%AD%E5%AE%9A\">Setting Up YubiKey Two-Factor Authentication on GitHub (yubion.com)\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This article will cover SSH access to Git using YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Environment：\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>OS: Windows\u003C\u002Fli>\n\u003Cli>Security Key by Yubico with NFC\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Key Generation：\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SSH key pair generation and use are very similar to the previous method.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cp>Plug the YubiKey into the USB port.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Open Git Bash as an administrator.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>(Windows requires administrator privileges to access FIDO2 security.)\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Type the following command to generate an SSH key.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Enter the following command to generate an SSH key, where &quot;sk&quot; is the security key.\u003C\u002Fp>\n\u003Cp>$ ssh-keygen -t ed25519-sk -C &quot;\u003Cem>your_\u003Ca href=\"mailto:email@example.com\">email@example.com\u003C\u002Fa>\u003C\u002Fem>&quot;\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Note: If the command fails and you receive an &quot;invalid format&quot; or &quot;feature not supported&quot; error, you may be using a security key that does not support ed25519. Try ecdsa instead of ed25519.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The Security Key by Yubico with NFC firmware used this time is 5.1.2, so it cannot generate ed25519 keys, so instead ecdsa keys are generated.\u003C\u002Fp>\n\u003Cp>To use the Ed25519 key, please use YubiKey firmware 5.2.3 or later.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_keys_github_ssh_access_1_768ad3129f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Checking YubiKey Firmware with YubiKey Manager\u003C\u002Fem>\u003C\u002Fp>\n\u003Col start=\"4\">\n\u003Cli>\u003Cp>Enter the FIDO2 PIN for the YubiKey and touch the key.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>When &quot;Enter a file in which to save the key&quot; is displayed, press Enter to save the public key to the default file location.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Create a password for the public key file.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_keys_github_ssh_access_2_d202310f14.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of SSH Key Generation\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Adding a new SSH key to the GitHub account:\u003C\u002Fp>\n\u003Cp>Once the SSH key is generated, add the new key to the account as with any other SSH key. To add an SSH key to the GitHub.com site, follow these steps:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Copy the SSH public key from the &quot;id_ecdsa_sk.pub&quot; file you generated earlier.\u003C\u002Fli>\n\u003Cli>Go to GitHub.com, open the settings page, go to the &quot;SSH and GPG Keys page,&quot; and paste the copied public key into the new key and add it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_keys_github_ssh_access_3_65be6801d3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of Adding SSH Key\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>SSH access confirmation:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cp>Plug YubiKey into the USB port.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Open Git Bash as an administrator.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>(Windows requires administrator privileges to access FIDO2 security.)\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Verify SSH key access by entering the following command\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>$ ssh -T \u003Ca href=\"mailto:git@github.com\">git@github.com\u003C\u002Fa>\n4. Enter the password for the public key file and touch YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_keys_github_ssh_access_4_99331a1102.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of Confirmation of SSH Access\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>When the above image is displayed, the setting up of SSH access using the FIDO security key is complete.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cp>This article introduced SSH access for Git using YubiKey to guide users on storing their private key in a hardware security key and operating a simple, secure two-factor authentication.\u003C\u002Fp>\n\u003Cp>However, there are a few things to keep in mind:\u003C\u002Fp>\n\u003Col>\n\u003Cli>The FIDO2 PIN is only required for SSH key generation.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Also, using a FIDO2 PIN requires a PIN setting as a prerequisite.\u003C\u002Fp>\n\u003Cp>For FIDO2 security keys that have not yet been set with a PIN or FIDO U2F only keys, the PIN authentication step is eliminated, and only key touch is performed.\u003C\u002Fp>\n\u003Col start=\"2\">\n\u003Cli>FIDO2 biometric authentication is not yet supported.\u003C\u002Fli>\n\u003C\u002Fol>\n","fido2-security-keys-github-ssh-access","2021-09-22","2026-04-28T06:32:02.429Z","2026-04-28T06:32:04.947Z",{"id":2461,"documentId":2462,"name":2463,"alternativeText":20,"caption":20,"focalPoint":20,"width":2464,"height":2465,"formats":2466,"hash":2482,"ext":25,"mime":29,"size":2483,"url":2484,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2485,"updatedAt":2485,"publishedAt":2485},503,"vqzlb9n0l0h111930wd7z5cc","blog-fido2-security-keys-github-ssh-access-1.png",567,404,{"small":2467,"thumbnail":2474},{"ext":25,"url":2468,"etag":2469,"hash":2470,"mime":29,"name":2471,"path":20,"size":2472,"width":41,"height":1882,"sizeInBytes":2473},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_fido2_security_keys_github_ssh_access_1_768ad3129f.png","3bd38ba5da3c30784bc52cf2b6f3adef","small_blog_fido2_security_keys_github_ssh_access_1_768ad3129f","small_blog-fido2-security-keys-github-ssh-access-1.png",39.35,39351,{"ext":25,"url":2475,"etag":2476,"hash":2477,"mime":29,"name":2478,"path":20,"size":2479,"width":2480,"height":59,"sizeInBytes":2481},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_fido2_security_keys_github_ssh_access_1_768ad3129f.png","c963f6b76eb1a53e8df550fe1ddf7cce","thumbnail_blog_fido2_security_keys_github_ssh_access_1_768ad3129f","thumbnail_blog-fido2-security-keys-github-ssh-access-1.png",11.22,219,11223,"blog_fido2_security_keys_github_ssh_access_1_768ad3129f",14.54,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_keys_github_ssh_access_1_768ad3129f.png","2026-04-28T06:31:47.622Z",[],{"id":2187,"documentId":2488,"title":2489,"content":2490,"slug":2491,"published":2492,"createdAt":2493,"updatedAt":2493,"publishedAt":2494,"locale":14,"authorManual":2382,"cover":2495,"tags":2521},"bpesx598jvqzsiwk81j748yf","Two-step Authentication for Google Accounts on Apple Devices","\u003Cp>Recently, \u003Ca href=\"https:\u002F\u002Fsecurity.googleblog.com\u002F2020\u002F06\u002Fmaking-advanced-protection-program-and.html\">WebAuthn support for Google accounts on Apple devices was announced\u003C\u002Fa>, which will enforce higher security during login for Google accounts on iPhones and iPads used for personal and business use.\u003C\u002Fp>\n\u003Cp>This article will summarize 2-step authentication for Google accounts on Apple devices using security keys such as YubiKey 5 NFC and YubiKey 5Ci.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Prerequisite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Enable the \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Faccounts\u002Fanswer\u002F185839?co=GENIE.Platform%3DDesktop&hl=ja\">2-step authentication process\u003C\u002Fa> for the Google account.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Environment\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>・Apple device\u003C\u002Fp>\n\u003Cp>・iPhone 7 or later (iOS 13.3 or later)\u003C\u002Fp>\n\u003Cp>※NFC enabled\u003C\u002Fp>\n\u003Cp>・iPad (iPad OS 13.3 or higher)\u003C\u002Fp>\n\u003Cp>※Limited to USB connection\u003C\u002Fp>\n\u003Cp>・Browser\u003C\u002Fp>\n\u003Cp>Safari\u003C\u002Fp>\n\u003Cp>・YubiKey 5 NFC and YubiKey 5Ci can be used for 2-step verification for Google accounts if the settings are the same as those used at the time of purchase.\u003C\u002Fp>\n\u003Cp>If YubiKey settings have been rewritten in \u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fservices-software\u002Fdownload\u002Fyubikey-manager\u002F\">YubiKey Manager\u003C\u002Fa>, the following items must be checked to use YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_1_1a2406c1f3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>※YubiKey 5Ci does not have an NFC feature.\u003C\u002Fp>\n\u003Cp>The FIDO U2F of the USB interface and the FIDO U2F of NFC of the Interfaces must be checked.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>2-step Authentication\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>If the Apple device has the appropriate OS version, one can use 2-step verification for their Google account without any special settings. The 2-step verification introduced in this article is based on two patterns: USB connection and NFC.\u003C\u002Fp>\n\u003Cp>Log in to the Google account using the Safari browser.\u003C\u002Fp>\n\u003Cp>Enter the &quot;Password&quot; and press &quot;Next.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_2_f3552a3c2e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Press &quot;Next&quot; on the 2-step verification process.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_3_4fe67e83b4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A pop-up will appear, asking one to use a security key.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_4_bd5c0884b4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>To Use NFC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Hold YubKey 5 NFC near the iPhone.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_5_8640b76d70.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If the authentication is successful, the completion page will be displayed.\u003C\u002Fp>\n\u003Cp>※ If the &quot;Do not show on this computer next time&quot; is checked, the 2-step verification process will not be displayed the next time one logs in.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For USB Type-C or Lightning connection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Insert the YubiKey 5Ci into the iPhone or iPad.\u003C\u002Fp>\n\u003Cp>The metal part of YubiKey will flash; please touch it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_6_dd207c0ec0.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If the authentication is successful, the completion page will be displayed.\u003C\u002Fp>\n\u003Cp>※ If the &quot;Do not show on this computer next time&quot; is checked, the 2-step verification process will not be displayed the next time one logs in.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Setting up 2-step verification for one’s Google account is a great way to increase the security of their Apple device. In addition, it is recommended to set up two YubiKeys for 2-step verification in advance in case one is lost.\u003C\u002Fp>\n\u003Cp>To purchase YubiKeys, click here:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002FYubico-YubiKey-NFC-USB-2%E3%81%A4%E3%81%AE%E3%83%95%E3%82%A1%E3%82%AF%E3%82%BF%E3%83%BC%E8%AA%8D%E8%A8%BC%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%AD%E3%83%BC\u002Fdp\u002FB07HBD71HL\u002Fref=sr_1_1?dchild=1&m=ADKPGBH0XPL04&qid=1591944793&s=merchant-items&sr=1-1\">YubiKey 5 NFC\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002FYubico-YubiKey-USB-C-Lightning-%E8%AA%8D%E8%A8%BC%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%AD%E3%83%BC\u002Fdp\u002FB07WGJ1DNJ\u002Fref=sr_1_4?dchild=1&m=ADKPGBH0XPL04&qid=1591944793&s=merchant-items&sr=1-4\">YubiKey 5Ci\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For bulk purchases, don&#39;t hesitate to get in touch with us \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fforms\u002Fd\u002Fe\u002F1FAIpQLSf3tHHWZS0ju2iTq5_lDMD7qb9XQ-uiUJyLkP660lcAwjvuDw\u002Fviewform\">here\u003C\u002Fa>.\u003C\u002Fp>\n","2-step-authentication-google-apple-devices","2020-06-12","2026-04-28T07:13:37.407Z","2026-04-28T07:13:39.918Z",{"id":2496,"documentId":2497,"name":2498,"alternativeText":20,"caption":20,"focalPoint":20,"width":50,"height":2499,"formats":2500,"hash":2517,"ext":25,"mime":29,"size":2518,"url":2519,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2520,"updatedAt":2520,"publishedAt":2520},880,"nq4lssi9rhbakx1nxvj06ftj","blog-2-step-authentication-google-apple-devices-1.png",522,{"small":2501,"thumbnail":2509},{"ext":25,"url":2502,"etag":2503,"hash":2504,"mime":29,"name":2505,"path":20,"size":2506,"width":41,"height":2507,"sizeInBytes":2508},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_2_step_authentication_google_apple_devices_1_1a2406c1f3.png","a86cecf98e5d1cf838f2e740abd72da0","small_blog_2_step_authentication_google_apple_devices_1_1a2406c1f3","small_blog-2-step-authentication-google-apple-devices-1.png",49.44,348,49441,{"ext":25,"url":2510,"etag":2511,"hash":2512,"mime":29,"name":2513,"path":20,"size":2514,"width":2515,"height":59,"sizeInBytes":2516},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_2_step_authentication_google_apple_devices_1_1a2406c1f3.png","95d921721e1cfc8ec254cf9310903100","thumbnail_blog_2_step_authentication_google_apple_devices_1_1a2406c1f3","thumbnail_blog-2-step-authentication-google-apple-devices-1.png",16.67,224,16672,"blog_2_step_authentication_google_apple_devices_1_1a2406c1f3",17.02,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_1_1a2406c1f3.png","2026-04-28T07:13:07.459Z",[],{"id":2523,"documentId":2524,"title":2525,"content":2526,"slug":2527,"published":2528,"createdAt":2529,"updatedAt":2529,"publishedAt":2530,"locale":14,"authorManual":2382,"cover":2531,"tags":2573},77,"xtrrjglqgoarly5del4vhkou","Setting up Two-Factor Authentication Using YubiKey on GitHub","\u003Cp>On August 21, 2019, \u003Ca href=\"https:\u002F\u002Fgithub.blog\u002F2019-08-21-github-supports-webauthn-for-security-keys\u002F\">GitHub announced that its two-factor authentication now supports WebAuthn\u003C\u002Fa>. With this new WebAuthn support, in addition to authentication methods using security keys, fingerprint authentication such as Windows Hello and Touch ID on macOS will also be available.\u003C\u002Fp>\n\u003Cp>In line with this update, this article will introduce how to use YubiKey to enable two-factor authentication on GitHub.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Prerequisite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>・Two-factor authentication must be enabled on GitHub.\u003C\u002Fp>\n\u003Cp>Please refer to \u003Ca href=\"https:\u002F\u002Fhelp.github.com\u002Fja\u002Farticles\u002Fconfiguring-two-factor-authentication\">this page\u003C\u002Fa> regarding the setup.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Usage environment\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>・Windows 10 ver 1809\u003C\u002Fp>\n\u003Cp>Windows Hello is enabled.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Available YubiKeys\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>・YubiKey 5 Series\u003C\u002Fp>\n\u003Cp>・Security Key by Yubico Series (Blue YubiKey)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Flightning-project\u002F\">・\u003C\u002Fa>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Flightning-project\u002F\">YubiKey 5Ci\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>・YubiKey 4 Series\u003C\u002Fp>\n\u003Cp>※YubiKey 5Ci will be available in the future.\u003C\u002Fp>\n\u003Cp>To use it now, please purchase it from \u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fstore\u002Fyubikey-5ci-security-keys\">Yubico Store\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Browser\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>・Microsoft Edge 44.17763.1.0\n　Major browsers support WebAuthn.\n　Click \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fapowers313\u002Ffido2-webauthn-status\">here\u003C\u002Fa> for the compatibility list.\u003C\u002Fp>\n\u003Cp>※The Brave browser is required to use YubiKey 5Ci on iPhone and iPad.\n　　Click \u003Ca href=\"https:\u002F\u002Fbrave.com\u002Fpartnership-with-yubico\u002F\">here\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Setting up YubiKey as Two-Factor Authentication for GitHub\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Go to Settings → Security.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_1_81dce8e622.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Add YubiKey from &quot;Security keys&quot; in the Two-factor authentication item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_2_9290ad5439.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;Register new security key&quot; button under Security keys.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_3_daa9896c79.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click to enter the security key name.\u003C\u002Fp>\n\u003Cp>Insert the YubiKey to be registered into the USB port.\u003C\u002Fp>\n\u003Cp>Enter the security key name and click the &quot;Add&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_4_8c21858b19.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When &quot;Add&quot; is clicked, a confirmation screen for authenticator registration will be displayed.\u003C\u002Fp>\n\u003Cp>※If Windows Hello is set in Edge, the executions will be in the order of Internal Authenticator → External Authenticator.\u003C\u002Fp>\n\u003Cp>Now, select &quot;Cancel&quot; to register the YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_5_307fa7f189.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After canceling, one will be asked to confirm the external authenticator.\u003C\u002Fp>\n\u003Cp>Tap the YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_6_b14e5f2e00.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once registration is complete, information will appear in the Security keys.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_7_8a0eb5e340.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This concludes the discussion of two-factor authentication.\u003C\u002Fp>\n\u003Cp>Now sign out and try two-factor authentication.\u003C\u002Fp>\n\u003Cp>Enter the username\u002Fpassword and sign in.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_8_d2baed72a0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Insert the YubiKey into the USB port and click the &quot;Use security key&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_9_548bb63729.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>One will be prompted to operate the security key.\u003C\u002Fp>\n\u003Cp>Tap the YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_10_0620ce104d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Sign-in is complete!\u003C\u002Fp>\n\u003Cp>Note, if one also registers for Windows Hello and tries to sign in, one can choose which authenticator to use.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_11_2443138d9f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Implementing two-factor authentication for services can be an effective way to increase security.\u003C\u002Fp>\n\u003Cp>When using YubiKey for two-factor authentication, it is recommended that one registers another YubiKey for backup. By preparing a backup key, they can use the backup if one happens to lose a YubiKey.\u003C\u002Fp>\n","setup-yubikey-two-factor-authentication-github","2019-08-27","2026-04-28T06:58:17.440Z","2026-04-28T06:58:19.993Z",{"id":2532,"documentId":2533,"name":2534,"alternativeText":20,"caption":20,"focalPoint":20,"width":2535,"height":193,"formats":2536,"hash":2569,"ext":25,"mime":29,"size":2570,"url":2571,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2572,"updatedAt":2572,"publishedAt":2572},732,"anocm320z5y281laa3j67e5x","blog-setup-yubikey-two-factor-authentication-github-1.png",1699,{"large":2537,"small":2545,"medium":2553,"thumbnail":2561},{"ext":25,"url":2538,"etag":2539,"hash":2540,"mime":29,"name":2541,"path":20,"size":2542,"width":32,"height":2543,"sizeInBytes":2544},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622.png","3f8017b4c76e720873f0c7f0dd3dbd76","large_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622","large_blog-setup-yubikey-two-factor-authentication-github-1.png",49.12,344,49117,{"ext":25,"url":2546,"etag":2547,"hash":2548,"mime":29,"name":2549,"path":20,"size":2550,"width":41,"height":2551,"sizeInBytes":2552},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622.png","1ef327ff7a607a6b54218d28a3d52c16","small_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622","small_blog-setup-yubikey-two-factor-authentication-github-1.png",18.7,172,18699,{"ext":25,"url":2554,"etag":2555,"hash":2556,"mime":29,"name":2557,"path":20,"size":2558,"width":50,"height":2559,"sizeInBytes":2560},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622.png","bac7ff83a1974a870682c791ac578173","medium_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622","medium_blog-setup-yubikey-two-factor-authentication-github-1.png",32.79,258,32793,{"ext":25,"url":2562,"etag":2563,"hash":2564,"mime":29,"name":2565,"path":20,"size":2566,"width":124,"height":2567,"sizeInBytes":2568},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622.png","17ff66b463569c49482f70e565f357db","thumbnail_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622","thumbnail_blog-setup-yubikey-two-factor-authentication-github-1.png",7.21,84,7213,"blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622",16.38,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_1_81dce8e622.png","2026-04-28T06:57:31.475Z",[],{"id":2575,"documentId":2576,"title":2577,"content":2578,"slug":2579,"published":2580,"createdAt":2581,"updatedAt":2581,"publishedAt":2582,"locale":14,"authorManual":2382,"cover":2583,"tags":2624},63,"papgbdmf1vsz1kr3ramc2203","Managing SSH Private Keys for Windows with YubiKey","\u003Cp>SSH private keys are usually managed by storing them on PCs and using them for server connections. However, suppose one store their SSH private key in YubiKey and inserts this YubiKey into their PC when connecting to the SSH. In that case, the need for storing private keys in various PCs is eliminated, especially since the private key is stored safely on the YubiKey device.\u003C\u002Fp>\n\u003Cp>This article will delve deeper into this process, explaining how to store an existing private key on the YubiKey and make an SSH connection.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Environment\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>・OS： Windows 10 ver1809\u003C\u002Fp>\n\u003Cp>・YubiKey 4 (YubiKey 4 or 5 series is available)\u003C\u002Fp>\n\u003Cp>・Yubico PIV Manager\u003C\u002Fp>\n\u003Cp>・Putty CAC 0.71\u003C\u002Fp>\n\u003Cp>・CentOS 7\n　　The key is generated with RSA 2048bit, and SSH public key authentication is set up.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Disclaimer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>We are not responsible for any problems that may occur due to the use of the listed information.\u003C\u002Fp>\n\u003Cp>By overwriting the credentials of YubiKey, the credentials currently used may be deleted and may no longer be able to be used.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Key Conversion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>※Please skip this section if the PEM format is already being used.\u003C\u002Fp>\n\u003Cp>First, convert the existing private key to PEM format.\u003C\u002Fp>\n\u003Cp>If a key is generated using OpenSSH 7.8 or later with ssh-keygen, it is likely to be developed in a proprietary format, so convert it to PEM format. \u003Ca href=\"https:\u002F\u002Fwww.openssh.com\u002Freleasenotes.html\">※OpenSSH: Release Notes\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Enter the following command to convert the key to PEM format.\u003C\u002Fp>\n\u003Cp>※This command overwrites the existing private key, so please make a backup before executing it.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>ssh-keygen -p -f id_rsa -m pem\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This generates a public key from the converted private key.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>openssl rsa -in id_rsa -pubout &gt; id_rsa_pub.pem\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Configuration of YubiKey 4\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Now, configure the YubiKey to store the private key. \u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fservices-software\u002Fdownload\u002Fsmart-card-drivers-tools\u002F\">Download\u003C\u002Fa> YubiKey PIV Manager and Yubico PIV Tool used for configuration.\u003C\u002Fp>\n\u003Cp>※The complete set of tools can be installed in the Windows environment using Scoop.\u003C\u002Fp>\n\u003Cp>Please refer to the summary of Tools for Developers - What is YubiKey (Part 3).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Unzip yubico-piv-tool-1.6.2-win64.zip and deploy it directly under the C drive.\u003C\u002Fp>\n\u003Cp>Then, pass the path to C:¥yubico-piv-tool-1.6.2-win64¥bin.\u003C\u002Fp>\n\u003Cp>Next, run yubikey-piv-manager-1.4.2g-win.exe and install.\u003C\u002Fp>\n\u003Cp>The application will start automatically after installation—plug in the YubiKey.\u003C\u002Fp>\n\u003Cp>Set the PIN code.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_2_3713db4ece.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Use PIN Code to Access YubiKey&#39;s Credential Information\u003C\u002Fp>\n\u003Cp>Next, select &quot;Use a separate key.&quot;\u003C\u002Fp>\n\u003Cp>※If nothing is displayed, press the &quot;Randomize&quot; button to generate it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_3_abed7bc0f2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>All PIV management operations in YubiKey require a 24-byte 3DES key called a Management Key.\u003C\u002Fp>\n\u003Cp>**※**The Management Key is for later use, so please copy and paste it into an editor.\u003C\u002Fp>\n\u003Cp>Finally, set up the PUK.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_4_e192b79487.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>PUK is a code used to reset the PIN when the PIN has been locked.\u003C\u002Fp>\n\u003Cp>This concludes the YubiKey PIV Manager operation.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Storing a Private Key in YubiKey\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>YubiKey has four certificate storage areas.\u003C\u002Fp>\n\u003Cp>・9a — PIV Authentication\u003C\u002Fp>\n\u003Cp>・9c — Digital Signature\u003C\u002Fp>\n\u003Cp>・9d — Key Management\u003C\u002Fp>\n\u003Cp>・9e — Card Authentication\u003C\u002Fp>\n\u003Cp>This example will use the &quot;9a&quot; slot.\u003C\u002Fp>\n\u003Cp>From here, the CUI tool will be used.\u003C\u002Fp>\n\u003Cp>Execute the following command at the command prompt to store the private key in the 9a slot.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>yubico-piv-tool -a import-key -s 9a -i id_rsa -K PEM -k(management key)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>※Please enter the management key without a space after &quot;-k.&quot;\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Storing a Self-Signed Certificate for the Public Key\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Self-sign the public key that is the counterpart of the SSH private key to create a self-signed certificate and store it inside YubiKey.\u003C\u002Fp>\n\u003Cp>First, create a self-signed certificate.\u003C\u002Fp>\n\u003Cp>※Please execute the following command with the private key stored in slot 9a.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>yubico-piv-tool -a verify-pin -a selfsign-certificate -s 9a -S &quot;\u002FCN=host.example.com\u002FOU=test\u002FO=example.com\u002F&quot; -i id_rsa_pub.pem -o 9a-cert.pem --valid-days=(number of days)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This operation requires the entry of a PIN code.\u003C\u002Fp>\n\u003Cp>-S: x.509 is the certificate description. The name written on the CN will be displayed on the OS certificate selection screen.\u003C\u002Fp>\n\u003Cp>–Valid-days: Represents the expiration date of the certificate, which is set to 365 days by default if not specified.\u003C\u002Fp>\n\u003Cp>Next, this certificate is stored in YubiKey.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>yubico-piv-tool -a import-certificate -s 9a -i 9a-cert.pem -K PEM -k(Management Key)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Check the settings.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>yubico-piv-tool -a status\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_5_cbd4a95304.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Make sure it is stored in the 9a slot.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>SSH Connection Using YubiKey\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The SSH connection is set using Putty-CAC, which can be downloaded \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FNoMoreFood\u002Fputty-cac\u002Freleases\">here.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>※In this article, \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FNoMoreFood\u002Fputty-cac\u002Fraw\u002F0.71\u002Fbinaries\u002Fputtycac-64bit-0.71-installer.msi\">puttycac-64bit-0.71-installer.msi\u003C\u002Fa> is installed.\u003C\u002Fp>\n\u003Cp>Now, set up an SSH connection using YubiKey.\u003C\u002Fp>\n\u003Cp>Insert the YubiKey into the USB port and start Putty.\u003C\u002Fp>\n\u003Cp>Go to Category &gt; Connection &gt; SSH &gt; Certificate to configure the certificate settings.\u003C\u002Fp>\n\u003Cp>Check &quot;Attempt certificate authentication&quot; and press &quot;Set CAPI Cert...&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_6_de54619773.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the certificate selection screen appears, select the certificate which was just created.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_7_b4d8062042.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The connection setup is now complete.\u003C\u002Fp>\n\u003Cp>Now, try SSH connection using YubiKey right away.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_8_c8f1fc0649.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After entering the user name, one will be asked for a PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_9_46930e1dcb.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter the PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_10_3491b002a1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>While logging in is possible through this method, it can be optimized to bypass the certificate selection every time a connection is made by setting up Putty Pageant.\u003C\u002Fp>\n\u003Cp>Putty Pageant is included in the Putty installer. If installed with default settings, it can be found in pageant.exe in &quot;C:＼Program Files\\PuTTY.&quot;\u003C\u002Fp>\n\u003Cp>Run pageant.exe.\u003C\u002Fp>\n\u003Cp>After execution, the Pageant will appear in the taskbar.\u003C\u002Fp>\n\u003Cp>Right-click pageant and select &quot;Add CAPI Cert.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_11_d9f82cd1f8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Add a certificate.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_7_b4d8062042.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once configured, one can connect without selecting a certificate the next time they access the site.\u003C\u002Fp>\n\u003Cp>If a connection point is registered with Putty, one can log in by going to Saved Sessions &gt; Select a connection point &gt; Enter account &gt; Enter PIN.\u003C\u002Fp>\n\u003Cp>Tera Term can also be used by setting up pageant.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This article introduced setting SSH connections using YubiKey to allow users to perform operations without storing their private keys in multiple terminals. The following article will cover a similar process for the macOS.\u003C\u002Fp>\n","manage-ssh-private-keys-windows-yubikey","2019-03-06","2026-04-28T06:44:46.605Z","2026-04-28T06:44:49.150Z",{"id":2584,"documentId":2585,"name":2586,"alternativeText":20,"caption":20,"focalPoint":20,"width":2587,"height":1806,"formats":2588,"hash":2620,"ext":25,"mime":29,"size":2621,"url":2622,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2623,"updatedAt":2623,"publishedAt":2623},607,"trit34rqa0c3ngt8s3zwhmru","blog-manage-ssh-private-keys-windows-yubikey-1.png",1478,{"large":2589,"small":2597,"medium":2605,"thumbnail":2613},{"ext":25,"url":2590,"etag":2591,"hash":2592,"mime":29,"name":2593,"path":20,"size":2594,"width":32,"height":2595,"sizeInBytes":2596},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f.png","ed8955ccf9dc43f0cecb6439a5ba10ee","large_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f","large_blog-manage-ssh-private-keys-windows-yubikey-1.png",123.81,418,123805,{"ext":25,"url":2598,"etag":2599,"hash":2600,"mime":29,"name":2601,"path":20,"size":2602,"width":41,"height":2603,"sizeInBytes":2604},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f.png","2c15f24ad7bf72bc23da0907ecdb48fa","small_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f","small_blog-manage-ssh-private-keys-windows-yubikey-1.png",45.33,209,45328,{"ext":25,"url":2606,"etag":2607,"hash":2608,"mime":29,"name":2609,"path":20,"size":2610,"width":50,"height":2611,"sizeInBytes":2612},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f.png","23c6da4b1d68d6263c7df50f57d7a7f1","medium_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f","medium_blog-manage-ssh-private-keys-windows-yubikey-1.png",81.79,314,81786,{"ext":25,"url":2614,"etag":2615,"hash":2616,"mime":29,"name":2617,"path":20,"size":2618,"width":124,"height":1379,"sizeInBytes":2619},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f.png","95aafff850dce44279a7fcc1a18a6a18","thumbnail_blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f","thumbnail_blog-manage-ssh-private-keys-windows-yubikey-1.png",14.36,14356,"blog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f",31.53,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_manage_ssh_private_keys_windows_yubikey_1_8080b3ef3f.png","2026-04-28T06:44:03.930Z",[],{"id":647,"documentId":2626,"title":2627,"content":2628,"slug":2629,"published":2630,"createdAt":2631,"updatedAt":2631,"publishedAt":2632,"locale":14,"authorManual":2382,"cover":2633,"tags":2659},"noqsfeko8amlpe8dmduxm67k","YubiKey Tools for Developers - What is YubiKey? (Part 3)","\u003Cp>As mentioned in \u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-5-%E3%81%AE%E6%A9%9F%E8%83%BD%E3%80%90yubikey%E3%81%A8%E3%81%AF-part2%E3%80%91\">previous articles,\u003C\u002Fa> Yubico has developed various tools to customize the vast range of functions YubiKey offers. This article will introduce these tools from a developer&#39;s standpoint.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Table of Contents for this Series\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-%E3%81%AE%E7%A8%AE%E9%A1%9E%E3%80%90yubikey%E3%81%A8%E3%81%AF-part1%E3%80%91\">Types of YubiKeys\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-5-%E3%81%AE%E6%A9%9F%E8%83%BD%E3%80%90yubikey%E3%81%A8%E3%81%AF-part2%E3%80%91\">YubiKey 5 Features\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>・Tools for Developers (this article)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Contents of this Article\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cul>\n\u003Cli>YubiKey Manager\u003C\u002Fli>\n\u003Cli>YubiKey Personalization Tool\u003C\u002Fli>\n\u003Cli>YubiKey PIV Manager\u003C\u002Fli>\n\u003Cli>Yubico Authenticator\u003C\u002Fli>\n\u003Cli>CLI Tool Writers\u003C\u002Fli>\n\u003Cli>Additional Information\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Review\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The previous articles introduced the two major types of YubiKeys - Security Key by Yubico and the YubiKey 5 series.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_1_e52299c7a2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Security Key by Yubico supports only the FIDO protocol; therefore, only the YubiKey Manager tool is available.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>YubiKey Manager\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_2_981fe8f4ca.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>YubiKey Manager&#39;s Startup Screen\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fservices-software\u002Fdownload\u002Fyubikey-manager\u002F\">YubiKey Manager\u003C\u002Fa> is a Python tool to configure various settings for YubiKey.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Configure Security Key by Yubico\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>By inserting the Security Key by Yubico (the one with the &quot;2&quot; stamped), one can set the PIN and reset the key from the Applications tab.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_3_48724c282a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set up Security Key by Yubico in YubiKey Manager\u003C\u002Fp>\n\u003Cp>However, if the key is reset, all credentials registered thus far will be deleted.\u003C\u002Fp>\n\u003Cp>※ If an older product that can only be used with U2F is inserted, no settings will be able to be made.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_4_6150186720.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Cannot be Used with Older Products that Only Support U2F\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Configure YubiKey 5 settings\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>When YubiKey 5 is inserted, in addition to the above settings related to the FIDO protocol, Interface settings and settings for each slot can also be configured.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_5_1d0fcd88a2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Inserting YubiKey 5C Nano\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Interface Settings\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>The Interface setting determines which functions of YubiKey are enabled. For example, one may want to use YubiKey 5&#39;s FIDO and PIV functions, but not OTP, so they may want to temporarily disable it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_6_7cd1f7e545.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Interface Settings\u003C\u002Fp>\n\u003Cp>Also, these settings can be easily enabled or disabled so users can change them as needed.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Slot Settings\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Slot setting switches the OTP function of YubiKey. This setting can be used while registering OTPs with unique secrets to a service such as okta, such as while setting up an OTP authentication server or an OATH-HOTP other than Yubico OTP.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_7_fd0cc85404.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>OTP Slot 1, 2 Settings\u003C\u002Fp>\n\u003Cp>This article will not thoroughly explain this tool as it is not used in everyday practice.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>YubiKey Personalization Tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fservices-software\u002Fdownload\u002Fyubikey-personalization-tools\u002F\">YubiKey Personalization Tool\u003C\u002Fa> is a tool that allows one to configure the YubiKey Manager&#39;s slot settings more precisely.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_8_9607a904b3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>YubiKey Personalization Tool&#39;s Startup Screen\u003C\u002Fp>\n\u003Cp>This tool allows the configuration of detailed settings related to YubiKey&#39;s OTP output.\u003C\u002Fp>\n\u003Cp>Specifically, as with YubiKey Manager, one can configure Yubico OTP\u002FOATH-HOTP\u002FStatic Password\u002FChallenge-Response, etc., for two slots (Slot1 and 2) of YubiKey. In addition, there are also options to\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Set YubiKey Neo&#39;s NDEF function.\u003C\u002Fli>\n\u003Cli>Configure tap behavior on metal parts.\u003C\u002Fli>\n\u003Cli>Insert tab and Enter key before and after OTP input.\u003C\u002Fli>\n\u003Cli>Configure YubiKey&#39;s LEDs.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>and so on.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_9_847eef2a11.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>YubiKey Personalization Tool Option Settings Screen\u003C\u002Fp>\n\u003Cp>Another significant difference in the YubiKey Manager is the ability to configure multiple YubiKeys in sequence, which is useful for integrations where OTP must be configured for many YubiKeys.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>YubiKey PIV Manager\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fservices-software\u002Fdownload\u002Fsmart-card-drivers-tools\u002F\">PIV Manager\u003C\u002Fa> is used for setting up the PIN, PUK, and Management Key, importing certificates, creating self-issued certificates, and requesting certificates to be issued to CSRs for the YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_10_ff68909d95.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>PIV Manager Startup Screen\u003C\u002Fp>\n\u003Cp>This tool is safe to use in Linux and Mac environments. Still, please be careful while using it via Windows CNG in a Windows environment, as by changing the Management Key in this tool, one will not be able to write certificates via CNG.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Yubico Authenticator\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_11_d789efa757.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Yubico Authenticator (Android Version)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fservices-software\u002Fdownload\u002Fyubico-authenticator\u002F\">Yubico Authenticator\u003C\u002Fa> is an application that can register and display TOTP, similar to Google Authenticator. The TOTP seed (secret information that generates the OTP) is usually stored in the device that displays the TOTP, but with the Yubico Authenticator application, the seed is stored in the YubiKey, allowing the TOTP to be displayed on multiple devices.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_12_8855f92481.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Yubico Authenticator(Windows Version)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>CLI Tools\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Previously GUI tools were introduced, but now, this article will introduce CLI tools instead.\u003C\u002Fp>\n\u003Cp>These CLI tools were previously required to be introduced one by one. However, they can now be integrated directly into the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FYubico\u002Fyubikey-manager\">YubiKey Manager\u003C\u002Fa>, and more developments are actively being made.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>How to Install\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>On Windows, pass through the bundled \u003Ca href=\"https:\u002F\u002Fdevelopers.yubico.com\u002Fyubikey-manager-qt\u002F\">YubiKey Manager GUI\u003C\u002Fa>; on Mac, use &quot;brew install ykman&quot; or &quot;pip install ykman&quot; via pip to install.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>How to use\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>The ykman command can be used to automate integration and change parameters that the GUI tools cannot change.\u003C\u002Fp>\n\u003Cp>For example, one can efficiently change the mode and\u003C\u002Fp>\n\u003Cpre>\u003Ccode># FIDO + CCID Mode Change\n$ ykman mode -f f+c\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Parameters that cannot be changed in the GUI, such as changing the number of PIN and PUK attempts in PIV mode, can also be changed.\u003C\u002Fp>\n\u003Cpre>\u003Ccode># PIN (Change Number of Trials)\n$ ykman ykman piv set-pin-retries -P 123456 10 5\nWARNING: This will reset the PIN and PUK to the factory defaults!\nSet PIN and PUK retry counters to: 10 5? [y\u002FN]: y\nDefault PINs are set.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For more information, please read the 、\u003Ca href=\"https:\u002F\u002Fsupport.yubico.com\u002Fsupport\u002Fsolutions\u002Farticles\u002F15000012643-yubikey-manager-cli-ykman-user-manual\">YubiKey Manager CLI (ykman) User Manual : Yubico Support\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Additional Information\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Here, \u003Ca href=\"https:\u002F\u002Fscoop.sh\u002F\">scoop\u003C\u002Fa> is used to install YubiKey tools in the Windows environment. However, users can also download the basic set of tools from here in one shot.\u003C\u002Fp>\n\u003Cpre>\u003Ccode># adding extra buckets\n$ scoop bucket add extras\n\n# YubiKey search for related tools\n$ scoop search yubi\n\n&#39;main&#39; bucket:\n    yubico-piv-tool (1.6.2)\n    yubikey-personalization (1.19.0)\n\n&#39;extras&#39; bucket:\n    yubikey-manager-qt (0.5.2)\n    yubikey-personalization-gui (3.1.25)\n    yubikey-piv-manager (1.4.2)\n\n# yubikey manager qt installation\n$ scoop install yubikey-manager-qt\n\n# ykman.exe passing the path\n$ ykman --help\nUsage: ykman.exe [OPTIONS] COMMAND [ARGS]...\n\n  Configure your YubiKey via the command line.\n\nOptions:\n  -v, --version\n  -d, --device SERIAL\n  -l, --log-level [DEBUG|INFO|WARNING|ERROR|CRITICAL]\n                                  Enable logging at given verbosity level\n  --log-file FILE                 Write logs to the given FILE instead of standard error; ignored unless\n                                  --log-level is also set\n  -h, --help                      Show this message and exit.\n\nCommands:\n  config   Enable\u002FDisable applications.\n  fido     Manage FIDO applications.\n  info     Show general information.\n  list     List connected YubiKeys.\n  mode     Manage connection modes (USB Interfaces).\n  oath     Manage OATH application.\n  openpgp  Manage OpenPGP application.\n  otp      Manage OTP Application.\n  piv      Manage PIV application.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusions\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This article introduced various tools to write or change YubiKey credentials. However, as overwriting YubiKey credentials may erase the current ones and make them impossible to restore, please do so cautiously.\u003C\u002Fp>\n\u003Cp>Please contact us through the \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fforms\u002Fd\u002Fe\u002F1FAIpQLSf3tHHWZS0ju2iTq5_lDMD7qb9XQ-uiUJyLkP660lcAwjvuDw\u002Fviewform\">Contact page\u003C\u002Fa> for more information or support regarding YubiKey.\u003C\u002Fp>\n","yubikey-tools-for-developers","2018-12-18","2026-04-28T07:31:03.389Z","2026-04-28T07:31:05.921Z",{"id":2634,"documentId":2635,"name":2636,"alternativeText":20,"caption":20,"focalPoint":20,"width":2637,"height":1256,"formats":2638,"hash":2655,"ext":25,"mime":29,"size":2656,"url":2657,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2658,"updatedAt":2658,"publishedAt":2658},1033,"hexuw2h9a7x0l1xk3zz0szfv","blog-yubikey-tools-for-developers-1.png",677,{"small":2639,"thumbnail":2647},{"ext":25,"url":2640,"etag":2641,"hash":2642,"mime":29,"name":2643,"path":20,"size":2644,"width":41,"height":2645,"sizeInBytes":2646},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubikey_tools_for_developers_1_e52299c7a2.png","62acc2e96d8e09bcc063c3f0e03424ea","small_blog_yubikey_tools_for_developers_1_e52299c7a2","small_blog-yubikey-tools-for-developers-1.png",73.75,180,73749,{"ext":25,"url":2648,"etag":2649,"hash":2650,"mime":29,"name":2651,"path":20,"size":2652,"width":124,"height":2653,"sizeInBytes":2654},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubikey_tools_for_developers_1_e52299c7a2.png","1d1c9965aca0fe30af9c971466bb1dca","thumbnail_blog_yubikey_tools_for_developers_1_e52299c7a2","thumbnail_blog-yubikey-tools-for-developers-1.png",21.61,88,21612,"blog_yubikey_tools_for_developers_1_e52299c7a2",37.23,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_tools_for_developers_1_e52299c7a2.png","2026-04-28T07:30:16.468Z",[],{"id":2661,"documentId":2662,"title":2663,"content":2664,"slug":2665,"published":2666,"createdAt":2667,"updatedAt":2667,"publishedAt":2668,"locale":14,"authorManual":2382,"cover":2669,"tags":2687},119,"cvewgfzofhoklvxm62s5xwd4","YubiKey 5 Features - What is YubiKey? (Part 2)","\u003Cp>This article will cover the basic features of YubiKey 5 and how it differs from Security Key by Yubico.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Table of Contents for this Series\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-%E3%81%AE%E7%A8%AE%E9%A1%9E%E3%80%90yubikey%E3%81%A8%E3%81%AF-part1%E3%80%91\">Types of YubiKeys\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>・YubiKey 5 Features (this article)\u003Cstrong>）\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-%E3%81%AE%E9%96%8B%E7%99%BA%E8%80%85%E5%90%91%E3%81%91%E3%83%84%E3%83%BC%E3%83%AB%E3%80%90yubikey%E3%81%A8%E3%81%AF-part3%E3%80%91\">Tools for Developers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Features of YubiKey 5\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The previous article mentioned two significant types of YubiKeys: the Security Key and YubiKey 5.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_1_cd6fd2ea16.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_2_a0ba7a2b6c.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Also, we have received numerous inquiries regarding whether to purchase a Security Key or a YubiKey 5.\u003C\u002Fp>\n\u003Cp>The answer to the question depends on what features one is looking for in a security device. For example, for FIDO authentication, the Security Key is recommended, whereas, for other functions, the YubiKey 5 series is better.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Services available with Security Key\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Services that can be authenticated with the FIDO protocol include.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>FIDO U2F\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Faccounts\u002Fanswer\u002F6103523?co=GENIE.Platform%3DAndroid&hl=ja\">Google 2\u003C\u002Fa>-factor Authentication\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fwww.facebook.com\u002Fhelp\u002F401566786855239\">Facebook 2\u003C\u002Fa>-factor Authentication\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fwww.dropbox.com\u002Fja\u002Fhelp\u002Fsecurity\u002Fenable-two-step-verification#securitykey\">Dropbox\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fhelp.twitter.com\u002Fja\u002Fmanaging-your-account\u002Ftwo-factor-authentication\">Twitter 2\u003C\u002Fa>-factor Authentication\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Faws.amazon.com\u002Fjp\u002Fabout-aws\u002Fwhats-new\u002F2018\u002F09\u002Faws_sign_in_support_for_yubikey_security_key_as_mfa\u002F\">AWS IAM 2\u003C\u002Fa>-factor Authentication\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>FIDO2 or WebAuthn\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fwww.dropbox.com\u002Fja\u002Fhelp\u002Fsecurity\u002Fenable-two-step-verification#securitykey\">Dropbox\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>・\u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fmicrosoft-365\u002Fblog\u002F2018\u002F11\u002F20\u002Fsign-in-to-your-microsoft-account-without-a-password-using-windows-hello-or-a-security-key\u002F\">Microsoft Account\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>FIDO U2F\u002FWebAuthn is essentially a web browser-based authentication. Therefore, when contacting the service one wishes to use, it is recommended to confirm whether the authentication is FIDO authentication (U2F\u002FFIDO2) or something else (explained below).\u003C\u002Fp>\n\u003Cp>However, even if one uses only the FIDO protocol, if NFC functionality is needed, they will need YubiKey 5 NFC, described below.\u003C\u002Fp>\n\u003Cp>(Currently, Android devices and some Windows 10 devices support NFC.)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>YubiKey 5 Series Features\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>While Security Key by Yubico supports the latest FIDO protocol and FIDO U2F, the YubiKey 5 series offers all the features of Security Key by Yubico, plus several Yubico proprietary and standard authentication protocols.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_3_55898c2e4c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Multiple protocols on one key. Completely configurable.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fyubikey-5-overview\u002F\">https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fyubikey-5-overview\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Yubico OTP\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>The YubiKey 5 supports multiple protocols, but the most common is to use Yubico OTP, while the FIDO and WebAuthn are new protocols and are not fully supported on all platforms.\u003C\u002Fp>\n\u003Cp>The Yubico OTP ties OTP to the &quot;just touch&quot; user action of YubiKey, providing a user experience where authentication is completed through a simple touch. In addition, the OTP is sent as simple text, making it independent of the authentication device. Input can also be used flexibly, such as reading it with a cell phone via NFC or inserting it directly into a PC and touching it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_4_73505ee6d0.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.lastpass.com\u002Fja\u002Fyubico\">Lastpass\u003C\u002Fa>, for example, takes advantage of YubiKey&#39;s multi-device capability and can work on Windows, Mac, Android, and iOS.\u003C\u002Fp>\n\u003Cp>It is still an active authentication method, especially for use on iOS and when WebAuthn is unavailable.\u003C\u002Fp>\n\u003Cp>Softgiken’s \u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fyubion-windows-logon\">Windows Logon Service\u003C\u002Fa> also uses it for web screen logon and online authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_5_c643da3d7c.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>TOTP\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_6_df741fa8da.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>YubiKey 5 series can store a 6-digit TOTP (time-based OTP), which Google Authenticator and other applications use.\u003C\u002Fp>\n\u003Cp>Using the Authenticator app, 2-step authentication is implemented efficiently. However, the problem of where to store the seed of the OTP remains.\u003C\u002Fp>\n\u003Cp>Moreover, if the seed is stored on the smartphone, any smartphone malfunctioning will result in the seed being lost. Further, company employees may be against storing confidential company information on their smartphones, especially as there have been various instances wherein TOTP seeds are accounts owned by multiple people.\u003C\u002Fp>\n\u003Cp>In such a case, you may be able to solve the problem by storing the authentication information in a hardware device, YubiKey.\u003C\u002Fp>\n\u003Cp>In such cases, storing this authentication information on hardware devices like YubiKeys proves extremely useful. By keeping the seed on this device, it is possible to create a situation where the user cannot use the device without the key, and the OTP can be confirmed on a Windows PC or Mac without storing the secret information on the personal phone.\u003C\u002Fp>\n\u003Cp>Also, since the OTP seed is stored on an external device, it is possible to create a workflow in which the key is shared by multiple people or lent out only when used.\u003C\u002Fp>\n\u003Cp>This solution can satisfy the requirements of employees who &quot;do not want to keep confidential information&quot; and managers who &quot;want to manage confidential information.”\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Certificates\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>YubiKey has a smart card function that complies with the PIV (Personal Identity Verification) standard, allowing client certificates and other proofs to be stored inside YubiKey.\u003C\u002Fp>\n\u003Cp>Specifically, it is possible to use Microsoft Active Directory certificates for login or to store client certificates for VPN connections.\u003C\u002Fp>\n\u003Cp>In either case, YubiKey is protected by a PIN code, making it a strong certificate-based two-factor authentication.\u003C\u002Fp>\n\u003Cp>In the same way, private keys used for OpenPGP can also be stored.\u003C\u002Fp>\n\u003Cp>Softgiken has also prepared and published a \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fdocuments\u002Fpiv\u002F\">manual for deploying YubiKey\u003C\u002Fa> in a Windows Active Directory environment.\u003C\u002Fp>\n\u003Ch3>\u003C\u002Fh3>\n\u003Ch3>\u003Cstrong>Other Authentication\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>Other authentication protocols such as OATH-HOTP and static passwords are available, along with the option to store complex passwords in hardware.\u003C\u002Fp>\n\u003Cp>Since there are two slots for OTP and static passwords, it is possible to use multiple functions simultaneously, such as using Yubico OTP while using a static password in the second slot.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>As described above, YubiKey 5 supports multiple protocols and can be used for a wide range of applications, from two-step and two-factor authentication in older systems to passwordless authentication using the latest protocols.\u003C\u002Fp>\n\u003Cp>In other words, YubiKey 5 is a product that can be used for a wide range of applications, from additional authentication for current systems to passwordless authentication in the future.\u003C\u002Fp>\n\u003Cp>For more information about YubiKey and authentication, please contact us through the \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fforms\u002Fd\u002Fe\u002F1FAIpQLSf3tHHWZS0ju2iTq5_lDMD7qb9XQ-uiUJyLkP660lcAwjvuDw\u002Fviewform\">Contact Us page.\u003C\u002Fa>\u003C\u002Fp>\n","yubikey-5-features-vs-security-key","2018-12-11","2026-04-28T07:29:24.865Z","2026-04-28T07:29:27.711Z",{"id":2670,"documentId":2671,"name":2672,"alternativeText":20,"caption":20,"focalPoint":20,"width":2673,"height":2673,"formats":2674,"hash":2682,"ext":25,"mime":29,"size":2683,"url":2684,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2685,"updatedAt":2685,"publishedAt":2686},1023,"t6r6b0s18ceqp8wm804inoqo","blog-yubikey-5-features-vs-security-key-1.png",360,{"thumbnail":2675},{"ext":25,"url":2676,"etag":2677,"hash":2678,"mime":29,"name":2679,"path":20,"size":2680,"width":59,"height":59,"sizeInBytes":2681},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubikey_5_features_vs_security_key_1_cd6fd2ea16.png","f815074c86148554e94a7b3a5579da7e","thumbnail_blog_yubikey_5_features_vs_security_key_1_cd6fd2ea16","thumbnail_blog-yubikey-5-features-vs-security-key-1.png",23.21,23208,"blog_yubikey_5_features_vs_security_key_1_cd6fd2ea16",35.78,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_features_vs_security_key_1_cd6fd2ea16.png","2026-04-28T07:29:00.104Z","2026-04-28T07:29:00.105Z",[],{"id":1599,"documentId":2689,"title":2690,"content":2691,"slug":2692,"published":2693,"createdAt":2694,"updatedAt":2694,"publishedAt":2695,"locale":14,"authorManual":2382,"cover":2696,"tags":2720},"b2eds89ktnwrpyw8ttpbro7l","Types of YubiKeys - What is YubiKey? (Part 1)","\u003Cp>Developed by the Swedish company Yubico, YubiKey is a security device that supports authentication methods such as FIDO2, FIDO U2F, PIV(smart card), OpenPGP, Yubico OTP, OATH-TOTP, OATH-HOTP, and Challenge-Response. However, it may be difficult for new users to visualize specific usage scenarios of the device, especially regarding FIDO2 or PIV.\u003C\u002Fp>\n\u003Cp>So, as part of the SoftGiken \u003Ca href=\"https:\u002F\u002Fqiita.com\u002Fadvent-calendar\u002F2018\u002Fsoftgiken\">AdventCalendar 2018\u003C\u002Fa>, this article will introduce the various types of YubiKeys available and their functions and services.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Table of Contents for this Series\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>**・**Types of YubiKeys (this article)\n　・\u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-5-%E3%81%AE%E6%A9%9F%E8%83%BD%E3%80%90yubikey%E3%81%A8%E3%81%AF-part2%E3%80%91\">YubiKey 5 Features\u003C\u002Fa>\n　・\u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-%E3%81%AE%E9%96%8B%E7%99%BA%E8%80%85%E5%90%91%E3%81%91%E3%83%84%E3%83%BC%E3%83%AB%E3%80%90yubikey%E3%81%A8%E3%81%AF-part3%E3%80%91\">Tools for Developers\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Types of YubiKey\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>As of December 1, 2018, the following three types of keys are available in Japan.\u003C\u002Fp>\n\u003Cp>・YubiKey 4 Series\u003C\u002Fp>\n\u003Cp>・YubiKey Neo\u003C\u002Fp>\n\u003Cp>・Security Key by Yubico\u003C\u002Fp>\n\u003Cp>Soon, the \u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubikey-5-%E3%81%8C%E3%83%AD%E3%83%BC%E3%83%B3%E3%83%81%E3%81%95%E3%82%8C%E3%81%BE%E3%81%97%E3%81%9F\">YubiKey 5 series will be made available\u003C\u002Fa>, while the YubiKey 4 series will be discontinued. However, the FIPS version based on the YubiKey 4 will continue to be sold.\u003C\u002Fp>\n\u003Cp>The YubiKey 5 series is fully compatible with the YubiKey 4 series and will support all protocols available in YubiKey 4 and FIDO2 features equivalent to Security Key by Yubico.\u003C\u002Fp>\n\u003Cp>Therefore, YubiKey 5 series and Security Key by Yubico will be the basic lineup.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKey 5 Series\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_1_d06851f486.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Key by Yubico\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_2_9026e7f05d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>※Please inquire separately for FIPS-compliant keys.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Differences between Security Key by Yubico and YubiKey 5 Series\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The Security Key by Yubico only supports FIDO protocol, limiting its use to FIDO U2F and FIDO2(Web Authn). Thus, it can only be used as a second step authentication for services such as Google, Facebook, Dropbox, GitHub, Gitlab, etc. In contrast, SSO services such as \u003Ca href=\"https:\u002F\u002Fwww.cloudgate.jp\u002Flineup\u002Funo.html\">CloudGate UNO\u003C\u002Fa> are also supported for enterprise users.\u003C\u002Fp>\n\u003Cp>On the other hand, YubiKey 5 series supports PIV(smart card), OpenPGP, Yubico OTP, OATH-TOTP, OATH-HOTP, Challenge-Response, etc. in addition to Security Key by Yubico, allowing it to be easily integrated into local Active Directory authentication, VPN, or existing OTP authentication.\u003C\u002Fp>\n\u003Cp>Softgiken’s YubiOn for Windows also authenticates using the YubiKey 5 series features, which will be explained in detail in part 3.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>USB Shape\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The YubiKey 5 series models differ from each other in terms of the USB shape as well as the availability of NFC.\u003C\u002Fp>\n\u003Cp>The YubiKey 5 with NFC and USB Type-A can use both USB and NFC for authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_3_a0a2100ffe.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the other models, most of the features are common; the only changes are the differences in the form factor or shape and the exception of the NFC function.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKey 5 Nano Fits Perfectly in the USB Port\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_4_4f66a976ee.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Type-C YubiKey 5C\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_5_35fb76c491.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Smallest YubiKey - 5C Nano\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_6_b5b46af41d.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Thus, users can choose the device they require based on their needs.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This was a brief introduction to the YubiKey series 5. For more information, please \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fforms\u002Fd\u002Fe\u002F1FAIpQLSf3tHHWZS0ju2iTq5_lDMD7qb9XQ-uiUJyLkP660lcAwjvuDw\u002Fviewform\">contact us\u003C\u002Fa>.\u003C\u002Fp>\n","types-of-yubikeys-what-is-yubikey","2018-12-01","2026-04-28T07:14:18.831Z","2026-04-28T07:14:21.672Z",{"id":2155,"documentId":2697,"name":2698,"alternativeText":20,"caption":20,"focalPoint":20,"width":2699,"height":2700,"formats":2701,"hash":2716,"ext":512,"mime":516,"size":2717,"url":2718,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2719,"updatedAt":2719,"publishedAt":2719},"iikccljfwl2l4bupc2t8ticw","blog-types-of-yubikeys-what-is-yubikey-1.jpeg",712,381,{"small":2702,"thumbnail":2709},{"ext":512,"url":2703,"etag":2704,"hash":2705,"mime":516,"name":2706,"path":20,"size":2707,"width":41,"height":1469,"sizeInBytes":2708},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_types_of_yubikeys_what_is_yubikey_1_d06851f486.jpeg","b2aefef55d01776ec2afe3ac1d3adb51","small_blog_types_of_yubikeys_what_is_yubikey_1_d06851f486","small_blog-types-of-yubikeys-what-is-yubikey-1.jpeg",10.15,10152,{"ext":512,"url":2710,"etag":2711,"hash":2712,"mime":516,"name":2713,"path":20,"size":2714,"width":124,"height":1485,"sizeInBytes":2715},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_types_of_yubikeys_what_is_yubikey_1_d06851f486.jpeg","12e2e3897e301ed1406ee3a054ba1adc","thumbnail_blog_types_of_yubikeys_what_is_yubikey_1_d06851f486","thumbnail_blog-types-of-yubikeys-what-is-yubikey-1.jpeg",3.76,3762,"blog_types_of_yubikeys_what_is_yubikey_1_d06851f486",19.68,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_types_of_yubikeys_what_is_yubikey_1_d06851f486.jpeg","2026-04-28T07:13:54.988Z",[],{"id":2722,"documentId":2723,"title":2724,"content":2725,"slug":2726,"published":2727,"createdAt":2728,"updatedAt":2728,"publishedAt":2729,"locale":14,"authorManual":2382,"cover":2730,"tags":2768},121,"jiixwzns4hmfdtvd22c7z6o7","YubiKey 5 Launched","\u003Cp>Yubico recently announced the launch of the YubiKey 5 series.\u003C\u002Fp>\n\u003Cp>The new YubiKey 5 is a FIDO2-enabled version of the YubiKey 4 series, and the USB Type-A YubiKey 5 also has NFC functionality.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>YubiKey 5 Series\u003C\u002Fp>\n\u003Cp>In addition to FIDO2 functionality, YubiKey 5 supports FIDO U2F, PIV (smart card), OpenPGP, Yubico OTP, OATH-TOTP, OATH-HOTP, and Challenge-Response, all of which were available in the YubiKey 4 series. Therefore, the solution can be used in modern or future authentication and legacy environments and their transition scenarios.\u003C\u002Fp>\n\u003Cp>In other words, the key matches environments considering switching from current password authentication to \u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubico%E7%A4%BE%E3%81%A8microsoft%E7%A4%BE%E3%81%8C%E3%80%81%E3%83%91%E3%82%B9%E3%83%AF%E3%83%BC%E3%83%89%E3%83%AC%E3%82%B9%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%E3%82%92%E7%99%BA%E8%A1%A8\">password-less authentication.\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>FIDO2 Authentication with YubiKey\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>There are roughly three FIDO2 authentication scenarios that will be added in YubiKey 5\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_series_launched_with_fido2_and_nfc_2_0ceb6d046f.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Single-factor authentication\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Users can log in by simply touching the YubiKey, which enables a login experience that does not require a username or password.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_series_launched_with_fido2_and_nfc_3_4226132b8f.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>2-Step Authentication\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>In addition to ID + password, as used by Google and Facebook, it can also be used as a 2-step authentication factor.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_series_launched_with_fido2_and_nfc_4_58fe8d9bbd.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Multi-factor authentication\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>With a single YubiKey, multi-factor authentication is possible by touching the key and confirming the user&#39;s identity with a PIN.\u003C\u002Fp>\n\u003Cp>Users can choose the authentication style that best suits their needs and environment from these three use cases.\u003C\u002Fp>\n\u003Cp>For more details, please refer to the following blog:\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002F2018\u002F09\u002Fintroducing-the-yubikey-5-series-with-new-nfc-and-fido2-passwordless-features\u002F\">Introducing the YubiKey 5 Series with New NFC and FIDO2 Passwordless Features\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Availability\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>While Softgiken does not currently plan to sell the YubiKey 5 Series, please check again for any updates and changes to this decision.\u003C\u002Fp>\n\u003Cp>For more information, please contact us through the \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fforms\u002Fd\u002Fe\u002F1FAIpQLSf3tHHWZS0ju2iTq5_lDMD7qb9XQ-uiUJyLkP660lcAwjvuDw\u002Fviewform\">Contact Form\u003C\u002Fa>.\u003C\u002Fp>\n","yubikey-5-series-launched-with-fido2-and-nfc","2018-09-27","2026-04-28T07:29:58.361Z","2026-04-28T07:30:01.020Z",{"id":2731,"documentId":2732,"name":2733,"alternativeText":20,"caption":20,"focalPoint":20,"width":2734,"height":1277,"formats":2735,"hash":2764,"ext":512,"mime":516,"size":2765,"url":2766,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2767,"updatedAt":2767,"publishedAt":2767},1029,"lrzeo6igg3775w72v2054r9c","blog-yubikey-5-series-launched-with-fido2-and-nfc-1.jpeg",1280,{"large":2736,"small":2743,"medium":2750,"thumbnail":2757},{"ext":512,"url":2737,"etag":2738,"hash":2739,"mime":516,"name":2740,"path":20,"size":2741,"width":32,"height":17,"sizeInBytes":2742},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03.jpeg","e0b2c93c3a982637d926408fbc7f0f67","large_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03","large_blog-yubikey-5-series-launched-with-fido2-and-nfc-1.jpeg",17.49,17490,{"ext":512,"url":2744,"etag":2745,"hash":2746,"mime":516,"name":2747,"path":20,"size":2748,"width":41,"height":42,"sizeInBytes":2749},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03.jpeg","3056fe198c9691818423f1d328ba16ab","small_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03","small_blog-yubikey-5-series-launched-with-fido2-and-nfc-1.jpeg",5.8,5803,{"ext":512,"url":2751,"etag":2752,"hash":2753,"mime":516,"name":2754,"path":20,"size":2755,"width":50,"height":41,"sizeInBytes":2756},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03.jpeg","bf75d2c7d680f982e4e9806780645e7c","medium_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03","medium_blog-yubikey-5-series-launched-with-fido2-and-nfc-1.jpeg",10.8,10802,{"ext":512,"url":2758,"etag":2759,"hash":2760,"mime":516,"name":2761,"path":20,"size":2762,"width":58,"height":59,"sizeInBytes":2763},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03.jpeg","ab0a7ef898c77f27f577ea78f009ecd4","thumbnail_blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03","thumbnail_blog-yubikey-5-series-launched-with-fido2-and-nfc-1.jpeg",2.04,2043,"blog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03",27.57,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_5_series_launched_with_fido2_and_nfc_1_b0861f6a03.jpeg","2026-04-28T07:29:44.965Z",[],{"id":2770,"documentId":2771,"title":2772,"content":2773,"slug":2774,"published":2775,"createdAt":2776,"updatedAt":2776,"publishedAt":2777,"locale":14,"authorManual":2382,"cover":2778,"tags":2821},27,"q2a26ds0hgn4dar59nytk7z7","Enabling Mandatory 2-step verification Using YubiKey for Login to G Suite","\u003Cp>This article will attempt to answer the various queries from G Suite customers regarding the 2-step authentication using U2F following Google’s self-developed security key announcement.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>2-step Authentication in G Suite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>G Suite allows users to set up 2-step authentication to increase security when logging in; after entering the ID\u002Fpassword, they can set up 2-step authentication via SMS, Google Authenticator, push notification to Android, etc.\u003C\u002Fp>\n\u003Cp>U2F keys, i.e., YubiKey, etc., have been available for a while. However, the option to make YubiKey mandatory was a paid G Suite Enterprise-only feature (\u003Ca href=\"https:\u002F\u002Fproductforums.google.com\u002Fforum\u002F#!topic\u002Fapps\u002FYjAr9lv1Ass\">despite various requests\u003C\u002Fa>).\u003C\u002Fp>\n\u003Cp>However, in March of this year, the option to make a U2F key for 2-step verification mandatory was finally extended to all G Suite plans※ .\u003C\u002Fp>\n\u003Cp>Thus, G Suite Basic and Business users can enforce 2-step authentication using YubiKey in environments requiring advanced access control for corporate use.\u003C\u002Fp>\n\u003Cp>※ G Suite Japanese Blog: \u003Ca href=\"https:\u002F\u002Fgsuiteupdates-ja.googleblog.com\u002F2018\u002F04\u002F3-g-suite-2.html\">https:\u002F\u002Fgsuiteupdates-ja.googleblog.com\u002F2018\u002F04\u002F3-g-suite-2.html\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In line with this, the remainder of this article will guide how to set up 2-step authentication for G Suite using YubiKey.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Settings on the administrator&#39;s side\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Permission for G Suite Admin will be needed to enforce the U2F device for 2-step authentication.\u003C\u002Fp>\n\u003Cp>First, access the \u003Ca href=\"https:\u002F\u002Fadmin.google.com\u002F\">G Suite administration console\u003C\u002Fa> and select Security.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Open Basic Settings.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_2_c0701b01e6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>One must turn it on if the 2-step verification process is not enabled. Check the box and click Save.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_3_753be3d472.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After enabling 2-step verification, click &quot;To apply the 2-step verification process, please go to Advanced Settings&quot; and the 2-step verification details.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_4_75e42a4a8a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If users apply these changes to an organization that includes the administrator themself, the administrator must have a security key registered. If so, please register a new key from the \u003Ca href=\"https:\u002F\u002Fmyaccount.google.com\u002F\">Google Account Management page\u003C\u002Fa> (see below for instructions).\u003C\u002Fp>\n\u003Cp>The security key is applied to the entire organization, including the administrator, by default.\u003C\u002Fp>\n\u003Cp>To apply it to only a part of the organization, create a group in advance, and then select the group to use from the group filter on the left side of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_5_5cc5452d8a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once one has decided what to apply, setting up the 2-step authentication can begin.\u003C\u002Fp>\n\u003Cp>First, use the &quot;Implementation&quot; option to determine the application date.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_6_144809eb8d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This is an option for each user themselves to set the transition period during which they will register their 2-step verification factor.\u003C\u002Fp>\n\u003Cp>In this case, select &quot;Enable the application from the specified date.”\u003C\u002Fp>\n\u003Cp>Also, set the registration period for new users to one month.\u003C\u002Fp>\n\u003Cp>Next, limit the available 2-step verification process to security keys only to force them to log in with a device such as a YubiKey that uses U2F authentication, which has a higher security strength.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_7_0b154439e0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Finally, set the option for how often the 2-step verification process should be performed as it is an option to record the PC\u002Fbrowser where one logged in and not to complete the 2-step verification process next time.\u003C\u002Fp>\n\u003Cp>In this case, select the option to ask for a security key each time one log in.\u003C\u002Fp>\n\u003Cp>When all settings are done, click Save to reflect the settings.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>User Settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The next step is for each user to enable 2-step verification on their own.\u003C\u002Fp>\n\u003Cp>After logging in with the user account, go to the \u003Ca href=\"https:\u002F\u002Fmyaccount.google.com\u002F\">Google Account Management\u003C\u002Fa> page.\u003C\u002Fp>\n\u003Cp>Login and Security\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_8_1bee530864.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click on the 2-step verification process.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_9_de897898fe.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This will start the 2-step verification process.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_10_585aea6a19.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click Next as the security key registration process begins.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_11_a3ad8240a0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The phone number verification screen will appear if non-administrator security keys are allowed in the 2-step verification process settings. In this case, one can register the security key by selecting the security key from the options listed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_12_a7d65394fa.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, one will be prompted to insert a key. Once the YubiKey is plugged into the PC, the touch part of the YubiKey will blink.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_13_8629d0275b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Touch the YubiKey to complete registration. If necessary, set the name of the security key. Then, click &quot;Allow&quot; when the following confirmation appears.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_14_f2aa1a9c91.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When registration is complete, one will be asked to enter a name for the key. When registering multiple keys, it is best to use a different name.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_15_cf3de1fb45.png\" alt=\"\">\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Operation at login\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>This completes the setup. Log out of G Suite and log in again.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_16_a708bd4628.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The 2-step authentication process, as shown below, can be seen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_17_8ee204c5e3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Insert the YubiKey into the PC, and the touch part will blink. Touch it to complete the login.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Managing Security Keys\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Users can manage their security key from the \u003Ca href=\"https:\u002F\u002Fmyaccount.google.com\u002Fsigninoptions\u002Ftwo-step-verification\">Google Account Management\u003C\u002Fa> page &gt; Login &amp; Security &gt; 2-step verification.\u003C\u002Fp>\n\u003Cp>To add or remove a lost key, click here.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_18_266f43a142.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Of course, if a user has only one security key and loses it, the administrator will need to recover it.\u003C\u002Fp>\n\u003Cp>In such cases, the G Suite administrator can add or remove the security key from the user details page.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_19_89a9b35dae.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Retrieving a backup code in case one needs to log in urgently is possible as well.※\u003C\u002Fp>\n\u003Cp>※To use a backup key, the 2-step verification method needs to be set to &quot;Unlimited.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_20_c0b993ca77.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This code can enable a single user to log in only once.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_21_61f1c4a82b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Using YubiKey to log in to G Suite allows users to enforce a robust 2-step authentication for others. Through 2-step authentication with YubiKey, there have been \u003Ca href=\"https:\u002F\u002Fjapanese.engadget.com\u002F2018\u002F07\u002F24\u002Fgoogle-0\u002F\">zero phishing attacks\u003C\u002Fa> since the security key was introduced, and the \u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002F2016\u002F02\u002Fuse-of-fido-u2f-security-keys-focus-of-2-year-google-study\u002F\">Yubico Blog\u003C\u002Fa> also talks of the improvements in terms of cost management and convenience.\u003C\u002Fp>\n\u003Cp>For queries regarding the 2-step authentication, please contact us through the \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fforms\u002Fd\u002Fe\u002F1FAIpQLSf3tHHWZS0ju2iTq5_lDMD7qb9XQ-uiUJyLkP660lcAwjvuDw\u002Fviewform\">Contact page\u003C\u002Fa>.\u003C\u002Fp>\n","mandatory-yubikey-2-step-verification-g-suite","2018-08-29","2026-04-28T06:22:30.217Z","2026-04-28T06:22:33.191Z",{"id":2779,"documentId":2780,"name":2781,"alternativeText":20,"caption":20,"focalPoint":20,"width":419,"height":2782,"formats":2783,"hash":2816,"ext":25,"mime":29,"size":2817,"url":2818,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2819,"updatedAt":2819,"publishedAt":2820},396,"v9yb7vxqktb7p4qqdiu028xc","blog-mandatory-yubikey-2-step-verification-g-suite-1.png",700,{"large":2784,"small":2792,"medium":2800,"thumbnail":2808},{"ext":25,"url":2785,"etag":2786,"hash":2787,"mime":29,"name":2788,"path":20,"size":2789,"width":32,"height":2790,"sizeInBytes":2791},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21.png","0183bff90ac6cf5052dc403cdcdbf337","large_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21","large_blog-mandatory-yubikey-2-step-verification-g-suite-1.png",125.03,630,125026,{"ext":25,"url":2793,"etag":2794,"hash":2795,"mime":29,"name":2796,"path":20,"size":2797,"width":41,"height":2798,"sizeInBytes":2799},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21.png","33949f5f1b36028d2b179bcbb499a2b0","small_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21","small_blog-mandatory-yubikey-2-step-verification-g-suite-1.png",47.55,315,47551,{"ext":25,"url":2801,"etag":2802,"hash":2803,"mime":29,"name":2804,"path":20,"size":2805,"width":50,"height":2806,"sizeInBytes":2807},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21.png","df3ada3ce3e350501370900434f9d246","medium_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21","medium_blog-mandatory-yubikey-2-step-verification-g-suite-1.png",83.77,473,83772,{"ext":25,"url":2809,"etag":2810,"hash":2811,"mime":29,"name":2812,"path":20,"size":2813,"width":124,"height":2814,"sizeInBytes":2815},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21.png","2bdc933445e72191b160615918b027f2","thumbnail_blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21","thumbnail_blog-mandatory-yubikey-2-step-verification-g-suite-1.png",17.25,154,17247,"blog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21",20.07,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_mandatory_yubikey_2_step_verification_g_suite_1_0859ed0e21.png","2026-04-28T06:21:05.142Z","2026-04-28T06:21:05.143Z",[],{"id":2823,"documentId":2824,"title":2825,"content":2826,"slug":2827,"published":2828,"createdAt":2829,"updatedAt":2829,"publishedAt":2830,"locale":14,"authorManual":2382,"cover":2831,"tags":2873},99,"sa14ug96es97edys21rbcwiv","Using WebAuthn with the Touch ID on Mac","\u003Cblockquote>\n\u003Cp>\u003Cstrong>Testing an early development preview of the Touch ID WebAuthn Platform Authenticator in Chrome Canary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Recently, there has been a lot of buzz surrounding Chrome, Firefox, and Edge’s decision to implement WebAuthn and standardize W3C. Further, WebAuthn can be used through TouchID in Chrome Canary.\u003C\u002Fp>\n\u003Cp>This article will cover the installation of Chrome Canary and a sample run of using WebAuthn through Mac’s Touch ID.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Environment Information\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>・Mac Book Pro with Touch Bar for document creation\u003C\u002Fp>\n\u003Cp>・Chrome \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fchrome\u002Fbrowser\u002Fcanary.html\">Canary\u003C\u002Fa> version 69.0.3468.0 or later\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fwebauthndemo.appspot.com\u002F\">・webauthndemo.appspot.com\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Installing Chrome Canary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Download Chrome Canary from \u003Ca href=\"https:\u002F\u002Fwww.google.com\u002Fchrome\u002Fbrowser\u002Fcanary.html\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Run the downloaded &quot;googlechrome.dmg.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_2_7b36e87bd1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Drag and drop &quot;Google Chrome Canary.app&quot; into the application\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Optionally Launch Chrome Canary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Start a terminal and execute the following commands.\u003C\u002Fp>\n\u003Cp>By adding &quot;-enable-fetures=WebAuthenticationTouchId&quot; to the options, Touch ID will be enabled in WebAuthn.\u003C\u002Fp>\n\u003Cp>WebAuthn is now ready to be tested through Touch ID at the WebAuthn demo site.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Testing Touch ID through the WebAuthn demo site\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Access this \u003Ca href=\"http:\u002F\u002Fwebauthndemo.appspot.com\u002F\">demo site\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Select &quot;REGISTER NEW CREDENTIAL&quot; and register credentials.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_3_67fbd706e2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After making the selection, the user will be asked for Touch ID.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_4_e9fd22fae9.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Touch Bar side\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_5_890ab0c91f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Touch it, and credential information will be registered.\u003C\u002Fp>\n\u003Cp>※The details of the registration information are omitted here.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_6_3ccc299b9c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_7_58dabcad8d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, perform authentication using the credential information.\u003C\u002Fp>\n\u003Cp>Select &quot;AUTHENTICATE.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_8_8ff8212959.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After selecting, the user will be prompted for Touch ID.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_4_e9fd22fae9.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Touch Bar side\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_9_3ef7ec146e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Touch to successfully authenticate.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_10_1cbd722082.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This feature is currently limited to Chrome Canary, but it will hopefully be implemented in other browsers in the future.\u003C\u002Fp>\n\u003Cp>The next section of this article will focus on a few use cases for these web services.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_11_9d1d8bee8a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>For this use case, consider the accessing of a web service.\u003C\u002Fp>\n\u003Cp>In most cases, users may utilize the Touch ID on their Mac to access these services.\u003C\u002Fp>\n\u003Cp>However, they may not always use the same device to access web services.\u003C\u002Fp>\n\u003Cp>To combat this, users can register an external device in advance, which can be used to guarantee secure access even in the absence of the original device.\u003C\u002Fp>\n\u003Cp>While this concludes this article, please check back here for more of the latest updates.\u003C\u002Fp>\n","using-webauthn-with-touch-id-on-mac","2018-07-11","2026-04-28T07:16:08.900Z","2026-04-28T07:16:11.456Z",{"id":2832,"documentId":2833,"name":2834,"alternativeText":20,"caption":20,"focalPoint":20,"width":2835,"height":2836,"formats":2837,"hash":2869,"ext":25,"mime":29,"size":2870,"url":2871,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2872,"updatedAt":2872,"publishedAt":2872},899,"d0hbrrtrsuemzmxfyv0agu9k","blog-using-webauthn-with-touch-id-on-mac-1.png",2333,742,{"large":2838,"small":2845,"medium":2853,"thumbnail":2861},{"ext":25,"url":2839,"etag":2840,"hash":2841,"mime":29,"name":2842,"path":20,"size":2843,"width":32,"height":2005,"sizeInBytes":2844},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5.png","048a2400fa3bbe86ce3cbeb681867408","large_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5","large_blog-using-webauthn-with-touch-id-on-mac-1.png",85.49,85493,{"ext":25,"url":2846,"etag":2847,"hash":2848,"mime":29,"name":2849,"path":20,"size":2850,"width":41,"height":2851,"sizeInBytes":2852},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5.png","e421eac6843688d4c7e3a32ee3089093","small_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5","small_blog-using-webauthn-with-touch-id-on-mac-1.png",30.2,159,30197,{"ext":25,"url":2854,"etag":2855,"hash":2856,"mime":29,"name":2857,"path":20,"size":2858,"width":50,"height":2859,"sizeInBytes":2860},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5.png","1689c740c958dad781c6143c10fecbfa","medium_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5","medium_blog-using-webauthn-with-touch-id-on-mac-1.png",55.92,239,55921,{"ext":25,"url":2862,"etag":2863,"hash":2864,"mime":29,"name":2865,"path":20,"size":2866,"width":124,"height":2867,"sizeInBytes":2868},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5.png","1e6b0bf4fb3c92a2e24b73d784e22ced","thumbnail_blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5","thumbnail_blog-using-webauthn-with-touch-id-on-mac-1.png",10.05,78,10046,"blog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5",52.7,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_using_webauthn_with_touch_id_on_mac_1_ee560b7fc5.png","2026-04-28T07:15:21.455Z",[],{"id":2222,"documentId":2875,"title":2876,"content":2877,"slug":2878,"published":2879,"createdAt":2880,"updatedAt":2880,"publishedAt":2881,"locale":14,"authorManual":2382,"cover":2882,"tags":2913},"myxnlsp1etq2s3ig03gxnqey","Using FIDO2 on Microsoft Edge for Windows 10 Insider Preview","\u003Cp>Recently, Microsoft Edge began supporting WebAuthn on the Insider Preview Version.\u003C\u002Fp>\n\u003Cp>Following this, the author of \u003Ca href=\"https:\u002F\u002Fwebauthn.org\u002F\">https:\u002F\u002Fwebauthn.org\u003C\u002Fa>, Twitter user \u003Ca href=\"https:\u002F\u002Ftwitter.com\u002Fapowers313\">@apowers313\u003C\u002Fa>, tweeted:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>&gt; WebAuthn will work on Edge from Windows 10 Insider Preview Build 17682.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>According to Windows Blogs Insider Preview, WebAuthentication API is supported in Windows 10 Insider Preview Build 17682.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>The implementation in Microsoft Edge allows users to use \u003Ca href=\"https:\u002F\u002Fwww.microsoft.com\u002Fen-us\u002Fwindows\u002Fwindows-hello\">Windows Hello\u003C\u002Fa> (via PIN or biometrics) and \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Ffido2\u002F\">external authenticators\u003C\u002Fa> like FIDO2 Security Keys or FIDO U2F Security Keys to securely authenticate to websites. We’ll have more to share about Web Authentication in Microsoft Edge soon!\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Thus, it appears that Single Factor login using PIN or Biometrics is possible with the new CTAP2 protocol.\u003C\u002Fp>\n\u003Cp>The environments used to run the tests in this article are as follows.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Windows 10 Insider Preview 17692\u003C\u002Fli>\n\u003Cli>Microsoft Edge 42.17692\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Famzn.to\u002F2MtOdHR\">Yubico security key (now available on Amazon)\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwebauthn.org\u002F\">https:\u002F\u002Fwebauthn.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Video\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>As seen in the video, the CTAP2 is implemented in Windows Hello.\u003C\u002Fp>\n\u003Cp>In addition to &quot;internal authenticators&quot; such as fingerprints and facial recognition, which have been available in Hello, external authenticators such as security keys have also been added.\u003C\u002Fp>\n\u003Cp>Also, since internal authenticators should be able to be called from WebAuthn, perhaps someone may write a code that enables RS256 with publicKey Param.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Explanation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The procedure is as follows.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Go to \u003Ca href=\"https:\u002F\u002Fwebauthn.org\u002F\">https:\u002F\u002Fwebauthn.org\u003C\u002Fa>, enter the user name, and press the Register button.\u003C\u002Fp>\n\u003Cp>The Web Authentication API of Edge will then call Windows Hello, and as a result, the user will be asked to insert an external Authenticator key.\u003C\u002Fp>\n\u003Cp>If this is the first time using the key, one will be asked to set a new PIN. In other words, it seems that User Verification (PIN or Biometrics authentication) is currently required.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_2_d599b43cac.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After entering the new PIN, one will be asked to touch the key (User Presence). A dialog box will appear briefly when the touch is completed, indicating that the PIN setting is complete.\u003C\u002Fp>\n\u003Cp>Next, the user will be asked to touch the key for Registration. (From now on, this key will use the user’s set PIN for registration and authentication.)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_3_a429078b5d.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the touch is completed, Registration is complete.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_4_1ac26254de.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The user will be asked to enter the PIN whenever they log in next time.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_5_ac932dda2e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If one tries this process with YubiKey 4, which supports only U2F, they will not be asked for a PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_6_0bd9936806.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The user name is required when logging in for compatibility with the U2F key.\u003C\u002Fp>\n\u003Cp>Also, if it is a Resident Key (a key that can store user information), a user selection dialog should appear after the PIN is entered.\u003C\u002Fp>\n\u003Cp>Although this Microsoft Edge update is still in beta, our team is wondering how Chrome will follow suit by supporting FIDO2-compatible security keys.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002FYubico-%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%AD%E3%83%BC-FIDO2-USB-2%E6%AE%B5%E9%9A%8E%E8%AA%8D%E8%A8%BC\u002Fdp\u002FB07BYSB7FK\u002Fref=as_li_ss_tl?ie=UTF8&qid=1529045507&sr=8-21&keywords=%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%AD%E3%83%BC&linkCode=sl1&tag=82p-22&linkId=da70939ba6459de00d11ca50821656c3\">\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_7_6653fd2866.png\" alt=\"\">\u003C\u002Fa>\u003C\u002Fp>\n","fido2-microsoft-edge-windows-10-insider-preview","2018-06-15","2026-04-28T07:15:03.250Z","2026-04-28T07:15:05.773Z",{"id":2883,"documentId":2884,"name":2885,"alternativeText":20,"caption":20,"focalPoint":20,"width":2886,"height":2887,"formats":2888,"hash":2909,"ext":512,"mime":516,"size":2910,"url":2911,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2912,"updatedAt":2912,"publishedAt":2912},892,"lenhqshsvc7xs9xc6xvr79sx","blog-fido2-microsoft-edge-windows-10-insider-preview-1.jpeg",800,533,{"small":2889,"medium":2896,"thumbnail":2903},{"ext":512,"url":2890,"etag":2891,"hash":2892,"mime":516,"name":2893,"path":20,"size":2894,"width":41,"height":42,"sizeInBytes":2895},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4.jpeg","e8814d4abb2dcf9732a5cdb676f6b931","small_blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4","small_blog-fido2-microsoft-edge-windows-10-insider-preview-1.jpeg",24.83,24827,{"ext":512,"url":2897,"etag":2898,"hash":2899,"mime":516,"name":2900,"path":20,"size":2901,"width":50,"height":41,"sizeInBytes":2902},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4.jpeg","c99c402a831a7ffb4972911c033e2368","medium_blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4","medium_blog-fido2-microsoft-edge-windows-10-insider-preview-1.jpeg",50.42,50416,{"ext":512,"url":2904,"etag":2905,"hash":2906,"mime":516,"name":2907,"path":20,"size":2566,"width":2066,"height":59,"sizeInBytes":2908},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4.jpeg","cea71df371fd048aa7d5ba199283979b","thumbnail_blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4","thumbnail_blog-fido2-microsoft-edge-windows-10-insider-preview-1.jpeg",7214,"blog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4",55.06,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_microsoft_edge_windows_10_insider_preview_1_a1586eeeb4.jpeg","2026-04-28T07:14:37.524Z",[],{"id":2915,"documentId":2916,"title":2917,"content":2918,"slug":2919,"published":2920,"createdAt":2921,"updatedAt":2921,"publishedAt":2922,"locale":14,"authorManual":2382,"cover":2923,"tags":2966},51,"y8ofuu6crv59349si4v6ioqm","Implementing FIDO U2F CTAP","\u003Cp>\u003Cstrong>Introduction\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This article will summarize various aspects of creating a U2F Host Library regarding the U2F specifications.\u003C\u002Fp>\n\u003Cp>The Host library is the part that communicates between the so-called FIDO Client (web browser) and Authenticator (YubiKey, etc.). However, if a web browser is not available, U2F communication is not necessary.\u003C\u002Fp>\n\u003Cp>However, if one wants to use FIDO authentication in a native application where a web browser is unavailable, they will need to create a Host library, as shown here. (This will no longer be necessary if the platform API supports it, such as Windows Hello.)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Table of Contents\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cul>\n\u003Cli>\u003Cp>Sequence\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>What the host library does\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Communication with U2F devices\u003C\u002Fp>\n\u003Cul>\n\u003Cli>JavaScript API\u003C\u002Fli>\n\u003Cli>Raw Message Format\u003C\u002Fli>\n\u003Cli>APDU Format\u003C\u002Fli>\n\u003Cli>HID Protocol\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>About FIDO2\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Sequence\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>First, begin by checking the entire sequence of U2F.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>At the time of registration\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_implementing_fido_u2f_ctap_1_b1ce1a97e0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>At the time of authentication\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_implementing_fido_u2f_ctap_2_6167c66e2c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This is the U2F Challenge &amp; Response diagram often seen, and this communication part between the Client and YubiKey is called CTAP.\u003C\u002Fp>\n\u003Cp>Compared to the CTAP2 specification in FIDO2, it is also called CTAP1.\u003C\u002Fp>\n\u003Cp>The client is usually a browser, but only Chrome implements it as U2F. (Firefox60 and later are also supported as WebAuthN)\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>What the host library does\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The host library works behind the scenes with APIs such as the U2F JavaScript API. For example, at the time of registration.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enumerate USB devices\u003C\u002Fli>\n\u003Cli>Search for U2F devices\u003C\u002Fli>\n\u003Cli>Write the registration request to the device\u003C\u002Fli>\n\u003Cli>Read the response from the device\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_implementing_fido_u2f_ctap_3_55a8e082b6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, an explanation of the operation after “3) Registration Request” during the implementation of FIDO U2F will be discussed.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Communication with U2F Device\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The U2F specifications include\u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecs\u002Ffido-u2f-v1.2-ps-20170411\u002Ffido-u2f-javascript-api-v1.2-ps-20170411.html\">U2F JavascriptAPI U2F\u003C\u002Fa>,  \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecs\u002Ffido-u2f-v1.2-ps-20170411\u002Ffido-u2f-raw-message-formats-v1.2-ps-20170411.html\">U2F Raw Message Formats\u003C\u002Fa>, and \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecs\u002Ffido-u2f-v1.2-ps-20170411\u002Ffido-u2f-hid-protocol-v1.2-ps-20170411.html\">U2F HID Protocol\u003C\u002Fa> which are the low-level protocols of the device from the Client-side in order from Javascript API.\u003C\u002Fp>\n\u003Cp>In regards to the specifications, there are three main points.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Point 1.  U2F devices operate as HID devices\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>As stated in the specifications, the communication between the U2F device and the Client uses the HID (Human Interface Device) protocol, a common standard used in devices such as keyboards and mouses and can be used without a driver.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Point 2. The format for sending and receiving data is APDU Format\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Although the HID protocol is used for communication, actual messages are sent in a format called \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FSmart_card_application_protocol_data_unit\">APDU Format\u003C\u002Fa>, a method of exchanging data for reading smart cards, etc. This APDU Format, which is the format in which the data is sent, consists of a header indicating the command, data length, and the data attached to it.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Point 3. Data is in the U2F Raw Message Formats\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Also, the data to be sent in APDU is sent in a format known as \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecs\u002Ffido-u2f-v1.2-ps-20170411\u002Ffido-u2f-raw-message-formats-v1.2-ps-20170411.html\">U2F Raw Message Format\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Since the U2F Raw Message Format is a byte array data, if it is converted to a data format that JavaScript can handle, it can be handled in a data format such as JSON, like the API in Chrome.\u003C\u002Fp>\n\u003Cp>In summary, it looks like this.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_implementing_fido_u2f_ctap_4_b3e0542a8a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Upon understanding these three points, it will be significantly easier to follow along with reading the specs and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FYubico\u002Fpython-u2flib-host\">Yubico’s reference code\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>The following section will trace the registration phase and checking of the data.\u003C\u002Fp>\n\u003Cp>For example, the following Registration Request from \u003Ca href=\"https:\u002F\u002Fexample.com\">https:\u002F\u002Fexample.com\u003C\u002Fa> via the JavaScript API was received.\u003C\u002Fp>\n\u003Cp>First, to convert this data to Raw Message Formats, create a JSON String called ClientData.\u003C\u002Fp>\n\u003Cp>The members of ClientData are &quot;type,&quot; &quot;challenge,&quot; &quot;origin,&quot; and &quot;cid,&quot; but when registering a U2F device, use\u003C\u002Fp>\n\u003Cul>\n\u003Cli>type: &quot;navigator.id.finishEnrollment&quot; fixed\u003C\u002Fli>\n\u003Cli>challenge: Challenge string from the server.\u003C\u002Fli>\n\u003Cli>origin: If it is HTTP communication, the domain must be authenticated.\u003C\u002Fli>\n\u003Cli>cid: option. a JwkKey-style public key is used to sign a Token Binding called \u003Ca href=\"https:\u002F\u002Ftools.ietf.org\u002Fid\u002Fdraft-balfanz-tls-channelid-01.html\">channel ID\u003C\u002Fa>. This time, it is omitted.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>On the Raw Message Formats side, a SHA256 hashed value of JSON is used, which is the Challenge Parameter. (Hexadecimal notation).\u003C\u002Fp>\n\u003Cp>Web Safe Base64 Encoded JSON is sent to the server as ClientData.\u003C\u002Fp>\n\u003Cp>The changing of &quot;\u002F&quot; to &quot;_&quot; and &quot;+&quot; to &quot;-&quot; are known as Web Safe Base64 or URL Safe Base64. However, the padding is removed (i.e., the trailing === is cleared).\u003C\u002Fp>\n\u003Cp>This parameter is only Base64 encoded for sending to the server and does not use this data for communication with the Authenticator.\u003C\u002Fp>\n\u003Cp>Another parameter is the Application Parameter, which is the sha256 hash of appId(&quot;\u003Ca href=\"https:\u002F\u002Fexample.com\">https:\u002F\u002Fexample.com\u003C\u002Fa>&quot;).\u003C\u002Fp>\n\u003Cp>The Registration Request Message is a combination of the two.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_implementing_fido_u2f_ctap_5_4523fc4476.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>※FIDO U2F Raw Message 4.1 Fig. 2 Registration Request Message\u003C\u002Fp>\n\u003Cp>\u003Cstrong>APDU Format\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Next, the U2F Raw Message format is sent to the HID device in APDU Format.\u003C\u002Fp>\n\u003Cp>In APDU Format, the data length and command parameters must be specified in the header section, and the command parameters at registration are as follows.\u003C\u002Fp>\n\u003Cp>There are two types of APDU data, Short Encoding, and Extended Length Encoding, and U2F uses Short Encoding.\u003C\u002Fp>\n\u003Cp>※Le defines the maximum size of the response data but is ignored if the maximum length is set to 256 bytes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>HID Protocol\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>All that remains is sending the data to the HID device, but only 64 bytes can be written to the HID device simultaneously.\u003C\u002Fp>\n\u003Cp>As with the APDU format, a header is attached, as shown below, so the actual data to be sent looks like this.\u003C\u002Fp>\n\u003Cp>・※The channel ID is obtained when the device is initialized.\u003C\u002Fp>\n\u003Cp>・※The seventh bit of the command is always 1\u003C\u002Fp>\n\u003Cp>DATA is the APDU data mentioned earlier. While the total data size is 71 bytes (0x47), the HID packet is 64 bytes, so only 57 bytes can be sent, as 7 bytes are required for the header for HID Transport. The rest of the data is sent as sequence data in the following form.\u003C\u002Fp>\n\u003Cp>Now read the response from the device.\u003C\u002Fp>\n\u003Cp>In other words, this time, the process is reversed from HID protocol → APDU format → U2F Raw Message Format to get the response from the device.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>About FIDO2\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The U2F host-side communication is the same protocol used in CTAP2 for FIDO2.\u003C\u002Fp>\n\u003Cp>CTAP2 has more PIN-related commands, more data to send, and a standardized format called CBOR.\u003C\u002Fp>\n","implementing-fido-u2f-ctap","2018-06-05","2026-04-28T06:39:17.519Z","2026-04-28T06:39:20.071Z",{"id":2924,"documentId":2925,"name":2926,"alternativeText":20,"caption":20,"focalPoint":20,"width":2927,"height":2928,"formats":2929,"hash":2962,"ext":25,"mime":29,"size":2963,"url":2964,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2965,"updatedAt":2965,"publishedAt":2965},573,"r4y6txei68gdyc4hnx2ilcek","blog-implementing-fido-u2f-ctap-1.png",1052,551,{"large":2930,"small":2938,"medium":2946,"thumbnail":2954},{"ext":25,"url":2931,"etag":2932,"hash":2933,"mime":29,"name":2934,"path":20,"size":2935,"width":32,"height":2936,"sizeInBytes":2937},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0.png","268b7b9af21435858e6a6e79ef5730f7","large_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0","large_blog-implementing-fido-u2f-ctap-1.png",98.28,524,98282,{"ext":25,"url":2939,"etag":2940,"hash":2941,"mime":29,"name":2942,"path":20,"size":2943,"width":41,"height":2944,"sizeInBytes":2945},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0.png","8842554524825a5262b2dd91b1d83106","small_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0","small_blog-implementing-fido-u2f-ctap-1.png",39.12,262,39121,{"ext":25,"url":2947,"etag":2948,"hash":2949,"mime":29,"name":2950,"path":20,"size":2951,"width":50,"height":2952,"sizeInBytes":2953},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0.png","e838bb14a28f63e4c032e01815767095","medium_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0","medium_blog-implementing-fido-u2f-ctap-1.png",66.91,393,66913,{"ext":25,"url":2955,"etag":2956,"hash":2957,"mime":29,"name":2958,"path":20,"size":2959,"width":124,"height":2960,"sizeInBytes":2961},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0.png","8a7fe4f9d17adb17167d81418536460d","thumbnail_blog_implementing_fido_u2f_ctap_1_b1ce1a97e0","thumbnail_blog-implementing-fido-u2f-ctap-1.png",15.28,128,15283,"blog_implementing_fido_u2f_ctap_1_b1ce1a97e0",15.24,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_implementing_fido_u2f_ctap_1_b1ce1a97e0.png","2026-04-28T06:38:58.140Z",[],{"id":2968,"documentId":2969,"title":2970,"content":2971,"slug":2972,"published":2973,"createdAt":2974,"updatedAt":2974,"publishedAt":2975,"locale":14,"authorManual":2382,"cover":2976,"tags":2987},71,"pog3lgxkor9n0a8fu2eqi00s","Programs for Testing Security Key by Yubico (as of 2018-05-16)","\u003Cblockquote>\n\u003Cp>\u003Cstrong>Introduction\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Following the \u003Ca href=\"https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=M30aZ2cxElo\">RSA conference\u003C\u002Fa> at the end of April, the WebAuthn and FIDO2 community has been abuzz with excitement.\u003C\u002Fp>\n\u003Cp>There have been \u003Ca href=\"https:\u002F\u002Fdeveloper.mozilla.org\u002Fja\u002FFirefox\u002FReleases\u002F60\">announcements of Firefox\u003C\u002Fa> supporting WebAuthn, as well as the article related to \u003Ca href=\"https:\u002F\u002Fdevelopers.google.com\u002Fweb\u002Fupdates\u002F2018\u002F05\u002Fwebauthn\">Google #IO 2018\u003C\u002Fa> which introduced WebAuthn for Chrome. Also, as mentioned in a \u003Ca href=\"https:\u002F\u002Fsoftgiken.wixsite.com\u002Fyubion\u002Fpost\u002Fyubico%E7%A4%BE%E3%81%8C%E3%80%81fido2%E5%AF%BE%E5%BF%9C%E3%81%AE%E3%83%91%E3%82%B9%E3%83%AF%E3%83%BC%E3%83%89%E3%83%AC%E3%82%B9%E3%83%AD%E3%82%B0%E3%82%A4%E3%83%B3%E3%82%92%E5%AE%9F%E7%8F%BE%E3%81%99%E3%82%8B%E6%96%B0%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%AD%E3%83%BC%E3%82%92%E7%99%BA%E8%A1%A8\">recent article\u003C\u002Fa>, Microsoft Windows 10 announced Azure AD login using FIDO2-enabled Security Key.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Security Key by Yubico\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_1_ecb0e89d94.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The Security Key by Yubico (Security Key) supports not only FIDO U2F but also FIDO 2.0 (CTAP2).\u003C\u002Fp>\n\u003Cp>CTAP2 is a communication protocol specification between Client (e.g., browser) and Authenticator (e.g., Security Key) established by the FIDO Alliance, and has been extended from CTAP1 of FIDO U2F to communicate in binary CBOR format, which allows PIN and Biometrics options to be inserted.\u003C\u002Fp>\n\u003Cp>In the past few days, there have been numerous releases of WebAuthn related news and sample programs, few of which will be discussed in this article.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Google Chrome Beta\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>The biggest update is that Google Chrome now supports CTAP2 (development version).\u003C\u002Fp>\n\u003Cp>Chrome Beta version 67 or higher (or Dev, Canary also worked)\u003C\u002Fp>\n\u003Cp>Chrome Beta version can be downloaded from\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.google.co.jp\u002Fchrome\u002Fbrowser\u002Fbeta.html\">https:\u002F\u002Fwww.google.co.jp\u002Fchrome\u002Fbrowser\u002Fbeta.html\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_2_71d3a1b318.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>CTAP2 can be enabled by starting Chrome with the option \n\u003Cstrong>--enable-features=WebAuthenticationCtap2\u003C\u002Fstrong> to enable CTAP2.\u003C\u002Fp>\n\u003Cp>Once the Chrome Beta is successfully launched, return to this page and \u003Cstrong>press F12 to type the following into the console\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Create credentials for the RP (app) at \u003Ca href=\"http:\u002F\u002Fwww.yubion.com\">www.yubion.com\u003C\u002Fa> and the user with id &quot;abcdefghijklmnopqrstuvwxyz123456&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_3_6d5d501d55.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the Security Key by Yubico (hereafter referred to as &quot;Security Key&quot;) is inserted into the PC, the user will be asked for permission to access it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_4_f3b3f21ed7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The response from the Security Key is displayed in the console.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>WebAuthn.org\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>A trial server is available at \u003Ca href=\"https:\u002F\u002Fwebauthn.org\u002F\">webauthn.org\u003C\u002Fa>, which requires a username and registration upon accessing. In this example, it was accessed through Chrome Beta with the Security Key plugged in.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_5_0b5ed1e8bc.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_6_85a5a054a3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_7_9de565d04e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The user will be asked to access the Security Key, press Allow, and touch the Security Key for UserPresense.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_8_1d301cf249.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The key registration is complete.\u003C\u002Fp>\n\u003Cp>Follow the same procedure to verify the login process.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_9_bfac6583bc.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In webauthn.org, detailed communication data can be displayed by opening ADVANCED.\u003C\u002Fp>\n\u003Cp>A closer look reveals that the AAGUID, which was empty at the time of U2F, has a value.\u003C\u002Fp>\n\u003Cp>Here, while CTAP2 is working as the AAGUID is present, the PIN option has not yet appeared to have been implemented.\u003C\u002Fp>\n\u003Cp>This raises the question of whether, if clientPin: &quot;true&quot; in getInfo, the request sent to the device must also have a pin.\u003C\u002Fp>\n\u003Cp>CTAP2 uses Diffie-Hellman Key Exchange using SHA256 and ECDH for encryption and transmission, as explained in the section on \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecs\u002Ffido-v2.0-ps-20170927\u002Ffido-client-to-authenticator-protocol-v2.0-ps-20170927.html#usingPinToken\">pinToken\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Yubico python-fido2\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.com\u002FYubico\u002Fpython-fido2\u002F\">https:\u002F\u002Fgithub.com\u002FYubico\u002Fpython-fido2\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>CTAP2 library in python from Yubico, the distributor of Security Key.\u003C\u002Fp>\n\u003Cp>On running example\u002Fget_info.py, the following will be seen:\u003C\u002Fp>\n\u003Cp>The AAGUID matches the example in Chrome.\u003C\u002Fp>\n\u003Cp>It is recommended to take a closer look at this library to understand CTAP2, PIN settings, and Authentication using PINs.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Although CTAP2 implementations are still emerging, it is expected to be available on many platforms and browsers in the future.\u003C\u002Fp>\n\u003Cp>Please check back here for more information and updates on the latest authentication technologies, such as FIDO.\u003C\u002Fp>\n","programs-for-testing-yubico-security-key","2018-05-16","2026-04-28T06:51:19.674Z","2026-04-28T06:51:22.198Z",{"id":33,"documentId":2977,"name":2978,"alternativeText":20,"caption":20,"focalPoint":20,"width":2673,"height":2673,"formats":2979,"hash":2984,"ext":25,"mime":29,"size":2683,"url":2985,"previewUrl":20,"provider":64,"provider_metadata":20,"createdAt":2986,"updatedAt":2986,"publishedAt":2986},"lg1j90euybpte91xf1d04e7u","blog-programs-for-testing-yubico-security-key-1.png",{"thumbnail":2980},{"ext":25,"url":2981,"etag":2677,"hash":2982,"mime":29,"name":2983,"path":20,"size":2680,"width":59,"height":59,"sizeInBytes":2681},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_programs_for_testing_yubico_security_key_1_ecb0e89d94.png","thumbnail_blog_programs_for_testing_yubico_security_key_1_ecb0e89d94","thumbnail_blog-programs-for-testing-yubico-security-key-1.png","blog_programs_for_testing_yubico_security_key_1_ecb0e89d94","https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_programs_for_testing_yubico_security_key_1_ecb0e89d94.png","2026-04-28T06:50:38.507Z",[],{"pagination":2989},{"page":2990,"pageSize":1954,"pageCount":2990,"total":2991},1,58,{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":2995},0,false,"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M2.25 21h19.5m-18-18v18m10.5-18v18m6-13.5V21M6.75 6.75h.75m-.75 3h.75m-.75 3h.75m3-6h.75m-.75 3h.75m-.75 3h.75M6.75 21v-3.375c0-.621.504-1.125 1.125-1.125h2.25c.621 0 1.125.504 1.125 1.125V21M3 3h12m-.75 4.5H21m-3.75 3.75h.008v.008h-.008zm0 3h.008v.008h-.008zm0 3h.008v.008h-.008z\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":2997},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M9 17.25v1.007a3 3 0 0 1-.879 2.122L7.5 21h9l-.621-.621A3 3 0 0 1 15 18.257V17.25m6-12V15a2.25 2.25 0 0 1-2.25 2.25H5.25A2.25 2.25 0 0 1 3 15V5.25m18 0A2.25 2.25 0 0 0 18.75 3H5.25A2.25 2.25 0 0 0 3 5.25m18 0V12a2.25 2.25 0 0 1-2.25 2.25H5.25A2.25 2.25 0 0 1 3 12V5.25\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":2999},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M2.25 15a4.5 4.5 0 0 0 4.5 4.5H18a3.75 3.75 0 0 0 1.332-7.257a3 3 0 0 0-3.758-3.848a5.25 5.25 0 0 0-10.233 2.33A4.5 4.5 0 0 0 2.25 15\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3001},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M21.75 17.25v-.228a4.5 4.5 0 0 0-.12-1.03l-2.268-9.64a3.375 3.375 0 0 0-3.285-2.602H7.923a3.375 3.375 0 0 0-3.285 2.602l-2.268 9.64a4.5 4.5 0 0 0-.12 1.03v.228m19.5 0a3 3 0 0 1-3 3H5.25a3 3 0 0 1-3-3m19.5 0a3 3 0 0 0-3-3H5.25a3 3 0 0 0-3 3m16.5 0h.008v.008h-.008zm-3 0h.008v.008h-.008z\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3003},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M2.25 12.75V12A2.25 2.25 0 0 1 4.5 9.75h15A2.25 2.25 0 0 1 21.75 12v.75m-8.69-6.44l-2.12-2.12a1.5 1.5 0 0 0-1.061-.44H4.5A2.25 2.25 0 0 0 2.25 6v12a2.25 2.25 0 0 0 2.25 2.25h15A2.25 2.25 0 0 0 21.75 18V9a2.25 2.25 0 0 0-2.25-2.25h-5.379a1.5 1.5 0 0 1-1.06-.44\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3005},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M3 13.125C3 12.504 3.504 12 4.125 12h2.25c.621 0 1.125.504 1.125 1.125v6.75C7.5 20.496 6.996 21 6.375 21h-2.25A1.125 1.125 0 0 1 3 19.875zm6.75-4.5c0-.621.504-1.125 1.125-1.125h2.25c.621 0 1.125.504 1.125 1.125v11.25c0 .621-.504 1.125-1.125 1.125h-2.25a1.125 1.125 0 0 1-1.125-1.125zm6.75-4.5c0-.621.504-1.125 1.125-1.125h2.25C20.496 3 21 3.504 21 4.125v15.75c0 .621-.504 1.125-1.125 1.125h-2.25a1.125 1.125 0 0 1-1.125-1.125z\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3007},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M16.5 10.5V6.75a4.5 4.5 0 1 0-9 0v3.75m-.75 11.25h10.5a2.25 2.25 0 0 0 2.25-2.25v-6.75a2.25 2.25 0 0 0-2.25-2.25H6.75a2.25 2.25 0 0 0-2.25 2.25v6.75a2.25 2.25 0 0 0 2.25 2.25\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3009},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M6 6.878V6a2.25 2.25 0 0 1 2.25-2.25h7.5A2.25 2.25 0 0 1 18 6v.878m-12 0q.354-.126.75-.128h10.5q.396.002.75.128m-12 0A2.25 2.25 0 0 0 4.5 9v.878m13.5-3A2.25 2.25 0 0 1 19.5 9v.878m0 0a2.3 2.3 0 0 0-.75-.128H5.25q-.396.002-.75.128m15 0A2.25 2.25 0 0 1 21 12v6a2.25 2.25 0 0 1-2.25 2.25H5.25A2.25 2.25 0 0 1 3 18v-6c0-.98.626-1.813 1.5-2.122\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3011},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M12 3v17.25m0 0c-1.472 0-2.882.265-4.185.75M12 20.25c1.472 0 2.882.265 4.185.75M18.75 4.97A48 48 0 0 0 12 4.5c-2.291 0-4.545.16-6.75.47m13.5 0q1.515.215 3 .52m-3-.52l2.62 10.726c.122.499-.106 1.028-.589 1.202a6 6 0 0 1-2.031.352a6 6 0 0 1-2.031-.352c-.483-.174-.711-.703-.59-1.202zm-16.5.52q1.485-.305 3-.52m0 0l2.62 10.726c.122.499-.106 1.028-.589 1.202a6 6 0 0 1-2.031.352a6 6 0 0 1-2.031-.352c-.483-.174-.711-.703-.59-1.202z\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3013},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M15.75 5.25a3 3 0 0 1 3 3m3 0a6 6 0 0 1-7.029 5.912c-.563-.097-1.159.026-1.563.43L10.5 17.25H8.25v2.25H6v2.25H2.25v-2.818c0-.597.237-1.17.659-1.591l6.499-6.499c.404-.404.527-1 .43-1.563A6 6 0 1 1 21.75 8.25\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3015},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M7.864 4.243A7.5 7.5 0 0 1 19.5 10.5c0 2.92-.556 5.709-1.568 8.269M5.742 6.364A7.47 7.47 0 0 0 4.5 10.5a7.46 7.46 0 0 1-1.15 3.993m1.989 3.559A11.2 11.2 0 0 0 8.25 10.5a3.75 3.75 0 1 1 7.5 0q0 .79-.064 1.565M12 10.5a14.94 14.94 0 0 1-3.6 9.75m6.633-4.596a18.7 18.7 0 0 1-2.485 5.33\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3017},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M8.25 3v1.5M4.5 8.25H3m18 0h-1.5M4.5 12H3m18 0h-1.5m-15 3.75H3m18 0h-1.5M8.25 19.5V21M12 3v1.5m0 15V21m3.75-18v1.5m0 15V21m-9-1.5h10.5a2.25 2.25 0 0 0 2.25-2.25V6.75a2.25 2.25 0 0 0-2.25-2.25H6.75A2.25 2.25 0 0 0 4.5 6.75v10.5a2.25 2.25 0 0 0 2.25 2.25m.75-12h9v9h-9z\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3019},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M19.5 14.25v-2.625a3.375 3.375 0 0 0-3.375-3.375h-1.5A1.125 1.125 0 0 1 13.5 7.125v-1.5a3.375 3.375 0 0 0-3.375-3.375H8.25m0 12.75h7.5m-7.5 3H12M10.5 2.25H5.625c-.621 0-1.125.504-1.125 1.125v17.25c0 .621.504 1.125 1.125 1.125h12.75c.621 0 1.125-.504 1.125-1.125V11.25a9 9 0 0 0-9-9\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3021},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M12 9v3.75m0-10.036A11.96 11.96 0 0 1 3.598 6A12 12 0 0 0 3 9.75c0 5.592 3.824 10.29 9 11.622c5.176-1.332 9-6.03 9-11.622c0-1.31-.21-2.57-.598-3.75h-.152c-3.196 0-6.1-1.25-8.25-3.286m0 13.036h.008v.008H12z\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3023},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M9 12.75L11.25 15L15 9.75m-3-7.036A11.96 11.96 0 0 1 3.598 6A12 12 0 0 0 3 9.749c0 5.592 3.824 10.29 9 11.623c5.176-1.332 9-6.03 9-11.622c0-1.31-.21-2.571-.598-3.751h-.152c-3.196 0-6.1-1.248-8.25-3.285\"\u002F>",{"left":2993,"top":2993,"width":74,"height":74,"rotate":2993,"vFlip":2994,"hFlip":2994,"body":3025},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M6 18L18 6M6 6l12 12\"\u002F>",1783406358633]