[{"data":1,"prerenderedAt":1310},["ShallowReactive",2],{"i-heroicons:building-office-2":3,"i-heroicons:computer-desktop":8,"i-heroicons:cloud":10,"i-heroicons:server":12,"i-heroicons:folder":14,"i-heroicons:chart-bar":16,"i-heroicons:lock-closed":18,"i-heroicons:rectangle-stack":20,"i-heroicons:scale":22,"i-heroicons:key":24,"i-heroicons:finger-print":26,"i-heroicons:cpu-chip":28,"i-heroicons:document-text":30,"i-heroicons:shield-exclamation":32,"i-heroicons:shield-check":34,"blog-page-2-en":36},{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":7},0,24,false,"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M2.25 21h19.5m-18-18v18m10.5-18v18m6-13.5V21M6.75 6.75h.75m-.75 3h.75m-.75 3h.75m3-6h.75m-.75 3h.75m-.75 3h.75M6.75 21v-3.375c0-.621.504-1.125 1.125-1.125h2.25c.621 0 1.125.504 1.125 1.125V21M3 3h12m-.75 4.5H21m-3.75 3.75h.008v.008h-.008zm0 3h.008v.008h-.008zm0 3h.008v.008h-.008z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":9},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M9 17.25v1.007a3 3 0 0 1-.879 2.122L7.5 21h9l-.621-.621A3 3 0 0 1 15 18.257V17.25m6-12V15a2.25 2.25 0 0 1-2.25 2.25H5.25A2.25 2.25 0 0 1 3 15V5.25m18 0A2.25 2.25 0 0 0 18.75 3H5.25A2.25 2.25 0 0 0 3 5.25m18 0V12a2.25 2.25 0 0 1-2.25 2.25H5.25A2.25 2.25 0 0 1 3 12V5.25\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":11},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M2.25 15a4.5 4.5 0 0 0 4.5 4.5H18a3.75 3.75 0 0 0 1.332-7.257a3 3 0 0 0-3.758-3.848a5.25 5.25 0 0 0-10.233 2.33A4.5 4.5 0 0 0 2.25 15\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":13},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M21.75 17.25v-.228a4.5 4.5 0 0 0-.12-1.03l-2.268-9.64a3.375 3.375 0 0 0-3.285-2.602H7.923a3.375 3.375 0 0 0-3.285 2.602l-2.268 9.64a4.5 4.5 0 0 0-.12 1.03v.228m19.5 0a3 3 0 0 1-3 3H5.25a3 3 0 0 1-3-3m19.5 0a3 3 0 0 0-3-3H5.25a3 3 0 0 0-3 3m16.5 0h.008v.008h-.008zm-3 0h.008v.008h-.008z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":15},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M2.25 12.75V12A2.25 2.25 0 0 1 4.5 9.75h15A2.25 2.25 0 0 1 21.75 12v.75m-8.69-6.44l-2.12-2.12a1.5 1.5 0 0 0-1.061-.44H4.5A2.25 2.25 0 0 0 2.25 6v12a2.25 2.25 0 0 0 2.25 2.25h15A2.25 2.25 0 0 0 21.75 18V9a2.25 2.25 0 0 0-2.25-2.25h-5.379a1.5 1.5 0 0 1-1.06-.44\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":17},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M3 13.125C3 12.504 3.504 12 4.125 12h2.25c.621 0 1.125.504 1.125 1.125v6.75C7.5 20.496 6.996 21 6.375 21h-2.25A1.125 1.125 0 0 1 3 19.875zm6.75-4.5c0-.621.504-1.125 1.125-1.125h2.25c.621 0 1.125.504 1.125 1.125v11.25c0 .621-.504 1.125-1.125 1.125h-2.25a1.125 1.125 0 0 1-1.125-1.125zm6.75-4.5c0-.621.504-1.125 1.125-1.125h2.25C20.496 3 21 3.504 21 4.125v15.75c0 .621-.504 1.125-1.125 1.125h-2.25a1.125 1.125 0 0 1-1.125-1.125z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":19},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M16.5 10.5V6.75a4.5 4.5 0 1 0-9 0v3.75m-.75 11.25h10.5a2.25 2.25 0 0 0 2.25-2.25v-6.75a2.25 2.25 0 0 0-2.25-2.25H6.75a2.25 2.25 0 0 0-2.25 2.25v6.75a2.25 2.25 0 0 0 2.25 2.25\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":21},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M6 6.878V6a2.25 2.25 0 0 1 2.25-2.25h7.5A2.25 2.25 0 0 1 18 6v.878m-12 0q.354-.126.75-.128h10.5q.396.002.75.128m-12 0A2.25 2.25 0 0 0 4.5 9v.878m13.5-3A2.25 2.25 0 0 1 19.5 9v.878m0 0a2.3 2.3 0 0 0-.75-.128H5.25q-.396.002-.75.128m15 0A2.25 2.25 0 0 1 21 12v6a2.25 2.25 0 0 1-2.25 2.25H5.25A2.25 2.25 0 0 1 3 18v-6c0-.98.626-1.813 1.5-2.122\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":23},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M12 3v17.25m0 0c-1.472 0-2.882.265-4.185.75M12 20.25c1.472 0 2.882.265 4.185.75M18.75 4.97A48 48 0 0 0 12 4.5c-2.291 0-4.545.16-6.75.47m13.5 0q1.515.215 3 .52m-3-.52l2.62 10.726c.122.499-.106 1.028-.589 1.202a6 6 0 0 1-2.031.352a6 6 0 0 1-2.031-.352c-.483-.174-.711-.703-.59-1.202zm-16.5.52q1.485-.305 3-.52m0 0l2.62 10.726c.122.499-.106 1.028-.589 1.202a6 6 0 0 1-2.031.352a6 6 0 0 1-2.031-.352c-.483-.174-.711-.703-.59-1.202z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":25},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M15.75 5.25a3 3 0 0 1 3 3m3 0a6 6 0 0 1-7.029 5.912c-.563-.097-1.159.026-1.563.43L10.5 17.25H8.25v2.25H6v2.25H2.25v-2.818c0-.597.237-1.17.659-1.591l6.499-6.499c.404-.404.527-1 .43-1.563A6 6 0 1 1 21.75 8.25\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":27},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M7.864 4.243A7.5 7.5 0 0 1 19.5 10.5c0 2.92-.556 5.709-1.568 8.269M5.742 6.364A7.47 7.47 0 0 0 4.5 10.5a7.46 7.46 0 0 1-1.15 3.993m1.989 3.559A11.2 11.2 0 0 0 8.25 10.5a3.75 3.75 0 1 1 7.5 0q0 .79-.064 1.565M12 10.5a14.94 14.94 0 0 1-3.6 9.75m6.633-4.596a18.7 18.7 0 0 1-2.485 5.33\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":29},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M8.25 3v1.5M4.5 8.25H3m18 0h-1.5M4.5 12H3m18 0h-1.5m-15 3.75H3m18 0h-1.5M8.25 19.5V21M12 3v1.5m0 15V21m3.75-18v1.5m0 15V21m-9-1.5h10.5a2.25 2.25 0 0 0 2.25-2.25V6.75a2.25 2.25 0 0 0-2.25-2.25H6.75A2.25 2.25 0 0 0 4.5 6.75v10.5a2.25 2.25 0 0 0 2.25 2.25m.75-12h9v9h-9z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":31},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M19.5 14.25v-2.625a3.375 3.375 0 0 0-3.375-3.375h-1.5A1.125 1.125 0 0 1 13.5 7.125v-1.5a3.375 3.375 0 0 0-3.375-3.375H8.25m0 12.75h7.5m-7.5 3H12M10.5 2.25H5.625c-.621 0-1.125.504-1.125 1.125v17.25c0 .621.504 1.125 1.125 1.125h12.75c.621 0 1.125-.504 1.125-1.125V11.25a9 9 0 0 0-9-9\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":33},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M12 9v3.75m0-10.036A11.96 11.96 0 0 1 3.598 6A12 12 0 0 0 3 9.75c0 5.592 3.824 10.29 9 11.622c5.176-1.332 9-6.03 9-11.622c0-1.31-.21-2.57-.598-3.75h-.152c-3.196 0-6.1-1.25-8.25-3.286m0 13.036h.008v.008H12z\"\u002F>",{"left":4,"top":4,"width":5,"height":5,"rotate":4,"vFlip":6,"hFlip":6,"body":35},"\u003Cpath fill=\"none\" stroke=\"currentColor\" stroke-linecap=\"round\" stroke-linejoin=\"round\" stroke-width=\"1.5\" d=\"M9 12.75L11.25 15L15 9.75m-3-7.036A11.96 11.96 0 0 1 3.598 6A12 12 0 0 0 3 9.749c0 5.592 3.824 10.29 9 11.623c5.176-1.332 9-6.03 9-11.622c0-1.31-.21-2.571-.598-3.751h-.152c-3.196 0-6.1-1.248-8.25-3.285\"\u002F>",{"data":37,"meta":1305},[38,119,175,243,296,349,422,499,553,614,674,710,755,808,861,914,957,1009,1061,1099,1128,1181,1217,1252],{"id":39,"documentId":40,"title":41,"content":42,"slug":43,"published":44,"createdAt":45,"updatedAt":45,"publishedAt":46,"locale":47,"authorManual":48,"cover":49,"tags":100},109,"bb7r7m691c2qcsvrc25t0o9g","What are Passkeys? (Part 2)","\u003Cp>In \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-1?lang=en\">Part 1\u003C\u002Fa>, I introduced passkey &quot;in a broad sense&quot;, a mechanism originally called WebAuthn. This time, I will explain the passkey &quot;in the narrow sense&quot;. It will be the story of the &quot;?&quot; part in the figure below.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_1_a30245af38.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>(Click to enlarge)\u003C\u002Fp>\n\u003Ch3>■ Secret stash and its associated problems\u003C\u002Fh3>\n\u003Cp>In the passkey (WebAuthn) authentication introduced so far, the authentication factor (secret information) so not flow over the network, and only authentication information (result) is exchanged. That&#39;s not to say that there are no secrets, but there is data called a &quot;private key&quot; that is used when creating authentication information. The private key must be stored all the time for authentication. Let&#39;s draw a diagram of where the authentication method that has been explained so far is stored.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_2_6d34ea3e06.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>(Click to enlarge)\u003C\u002Fp>\n\u003Cp>In the case of in-device or smartphone authentication, secret information is stored in the TPM of the device. Also, the security key itself is like a TPM, so the secret information is stored in the key as it is. There are some minor differences, but what they all have in common is that they are all factors of &quot;\u003Cstrong>possession\u003C\u002Fstrong>&quot; and that &quot;\u003Cstrong>the private key stored inside cannot be taken out\u003C\u002Fstrong> (*1)&quot;.\u003C\u002Fp>\n\u003Cp>If you have a keen intuition, you may have guessed from the story so far, but with this mechanism, \u003Cstrong>re-registration of authentication is required\u003C\u002Fstrong> when replacing or buying a new device. As a method of re-registration, for example, you can add the authentication information of the new device by logging in with the device for which the authentication information is currently registered. However, regardless of the external security key, it is troublesome to prove that the login on the old device and the registration on the new device is the same users for PCs and smartphones with a built-in TPM in the device(*2). Also, in general, when replacing a smartphone, there are many cases where the old device is taken over and the new device is obtained, and at the same time, there may be cases where there is no time to have the old device and the new device.\u003C\u002Fp>\n\u003Cp>(*1) TPM (or security key) internally creates a &quot;private key&quot; and a &quot;public key&quot; used to verify whether the information is created with the private key when registering, and only the &quot;public key&quot; is returned as data. During authentication, the private key is used internally and only the authentication information is returned, so the private key is not extracted from the TPM.\u003C\u002Fp>\n\u003Cp>(*2) If hybrid authentication can be used, it is possible to perform Hybrid authentication using the old device from the new device, log in once, and then register the new device. If Hybrid authentication cannot be used, you can think of a method such as logging in with the old device and issuing a temporary URL for registering the new device.\u003C\u002Fp>\n\u003Ch3>■ Share private key between devices (multi-device FIDO credential)\u003C\u002Fh3>\n\u003Cp>All of the methods I&#39;ve talked about so far involve having the private key in some physical device. And, as a common problem, it turned out that there was a problem that re-registration was necessary when replacing the device.\u003C\u002Fp>\n\u003Cp>The mission of the FIDO Alliance, to which our company belongs, is to contribute to &quot;reducing the world&#39;s overdependence on passwords&quot;. But even if you create a strong authentication mechanism that replaces passwords, general users will not introduce it if its convenience is low. Therefore, we came up with a mechanism called &quot;\u003Cstrong>Multi-device FIDO Credential\u003C\u002Fstrong> (MDC)&quot; that shares the private key between devices. This is the &quot;\u003Cstrong>narrow sense\u003C\u002Fstrong>&quot; of the \u003Cstrong>passkey\u003C\u002Fstrong> that I have been talking about since part 1.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_3_d06ad879b8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>(Click to enlarge)\u003C\u002Fp>\n\u003Cp>As shown in the diagram above, the private key of MDC is stored on a server on the Internet. When there is an authentication request, the server on the cloud will output the authentication information as same as what was done by the TPM or security key in other examples. The company that provides this cloud-based mechanism is called a &quot;passkey provider&quot;.\u003C\u002Fp>\n\u003Cp>By doing this, the existing authentication can be used on new devices without complicated operations when replacing or buying new devices. Currently, Apple, Google, and Microsoft, which provide major OSs, are actively implementing MDC. On the other hand, because it is a new technology, many issues can be seen, and various discussions are underway centering on the FIDO Alliance.\u003C\u002Fp>\n\u003Ch3>■ Try the &quot;narrow sense&quot; passkey (Multi-device FIDO credential)\u003C\u002Fh3>\n\u003Cp>Apple products are one step ahead when it comes to implementing MDC. I would like to try MDC using a mac and iPad. Both are currently updated to the latest OS and logged in with the same AppleID. Both use Safari browser.\u003C\u002Fp>\n\u003Cp>Access \u003Ca href=\"https:\u002F\u002Fwebauthn.io\u002F\">webauthn.io\u003C\u002Fa> using Safari on your mac, enter your username in the same way as when you used PIN and click &quot;Register&quot;, you will be prompted for Touch ID. (The required authentication is different depending on the model and setting status.)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_4_7d173a915a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Follow the on-screen instructions to authenticate your fingerprint to complete the registration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_5_9e006fa735.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, open the \u003Ca href=\"https:\u002F\u002Fwebauthn.io\u002F\">webauthn.io\u003C\u002Fa> page in the same way with Safari on your iPad.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_6_a65137ef18.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Actually, it will remember the username you entered, so tap &quot;Authenticate&quot; without entering anything.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_7_fb2e1e6755.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Follow the on-screen instructions to perform fingerprint authentication with Touch ID.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_8_e14c39718e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_9_93927c15da.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>As you can see, the authentication information set on the mac side can be used on the iPad side beyond the boundaries of device.\u003C\u002Fp>\n\u003Ch3>■ Summary\u003C\u002Fh3>\n\u003Cp>So far, I have explained about &quot;passkey&quot;, but how was it? I think I was able to convey to some extent the form of evolution from &quot;password&quot; to &quot;passkey&quot;. Because it has not been long since the passkey was announced, there are still many issues to be addressed, such as the need to support OS, browsers, and WEB applications, the search for an easy-to-understand use interface, and the detailed examination of specifications. However, I feel that the goal of &quot;\u003Cstrong>A world without passwords\u003C\u002Fstrong>&quot; is just around the corner. I would like to accelerate this trend and aim for safer and easier-to-use authentication.\u003C\u002Fp>\n\u003Ch3>■ Digression: Regarding the definition of the word &quot;passkey&quot;\u003C\u002Fh3>\n\u003Cp>At this time, it is not clear what exactly the term &quot;passkey&quot; refers to. In this blog, I have selected and explained what I belive to be correct within the scope of the information I have. In this series of blog posts, we take the stance that &quot;passkey&quot; means &quot;WebAuthn&quot; or &quot;FIDO authentication&quot; in a broad sense, and &quot;multi-device FIDO credential (MDC)&quot; in a narrow sense. On the WEB, we often see cases where the Hybrid authentication part is called a &quot;passkey&quot;.\u003C\u002Fp>\n\u003Cp>Regarding the definition of this notation, the FIDO Alliance described it in \u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fwhite-paper-multi-device-fido-credentials\u002F\">a white paper published in March 2022\u003C\u002Fa> as follows:\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Note that some companies are calling FIDO credentials “passkeys” in their product implementations, in particular when those FIDO credentials may be multi\u0002device credentials.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cblockquote>\n\u003Cp>Note that any use of the term “passkey” in this document refers to such third-party usage of the term and is not a formal term of FIDO Alliance or its specifications.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>In other words, the FIDO Alliance does not define the terms Passkey or Passkeys. (If there is a story such as a clear definition in subsequent presentations, please let me know.)\u003C\u002Fp>\n\u003Cp>As a engineer like myself, I don&#39;t like words with vague definitions. But on the other hand, I think that the word &quot;passkey&quot; is very easy to understand as a term used to convey to many non-computer engineers that &quot;it&#39;s a new type of authentication that replaces passwords&quot;. We hope that the word &quot;passkey&quot; will spread FIDO authentication technology around the world, and we hope that we can help.\u003C\u002Fp>\n\u003Ch3>■ Reference link:\u003C\u002Fh3>\n\u003Cp>[Experimental site]\u003C\u002Fp>\n\u003Cp>WebAuthn.io\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwebauthn.io\u002F\">https:\u002F\u002Fwebauthn.io\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[FIDO Alliance]\u003C\u002Fp>\n\u003Cp>White Paper: Multi-Device FIDO Credentials (FIDO Alliance)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fwhite-paper-multi-device-fido-credentials\">https:\u002F\u002Ffidoalliance.org\u002Fwhite-paper-multi-device-fido-credentials\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>[Each company&#39;s opinion]\u003C\u002Fp>\n\u003Cp>Security of Passkeys in the Google Password Manager (Google)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsecurity.googleblog.com\u002F2022\u002F10\u002FSecurityofPasskeysintheGooglePasswordManager.html\">https:\u002F\u002Fsecurity.googleblog.com\u002F2022\u002F10\u002FSecurityofPasskeysintheGooglePasswordManager.html\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>About the security of passkeys (Apple)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT213305\">https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT213305\u003C\u002Fa>\u003C\u002Fp>\n","what-are-passkeys-part-2","2023-02-15","2026-04-28T07:24:09.186Z","2026-04-28T07:24:12.431Z","en","YubiOnstaff",{"id":50,"documentId":51,"name":52,"alternativeText":53,"caption":53,"focalPoint":53,"width":54,"height":55,"formats":56,"hash":95,"ext":58,"mime":62,"size":96,"url":97,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":99,"updatedAt":99,"publishedAt":99},976,"srvo14coid3co8e92fulibah","blog-what-are-passkeys-part-2-1.png",null,3830,2011,{"large":57,"small":68,"medium":77,"thumbnail":86},{"ext":58,"url":59,"etag":60,"hash":61,"mime":62,"name":63,"path":53,"size":64,"width":65,"height":66,"sizeInBytes":67},".png","https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_what_are_passkeys_part_2_1_a30245af38.png","26882b9f5c2ff29160b487d5b24e7115","large_blog_what_are_passkeys_part_2_1_a30245af38","image\u002Fpng","large_blog-what-are-passkeys-part-2-1.png",119.63,1000,525,119631,{"ext":58,"url":69,"etag":70,"hash":71,"mime":62,"name":72,"path":53,"size":73,"width":74,"height":75,"sizeInBytes":76},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_what_are_passkeys_part_2_1_a30245af38.png","2e41093ff41bc527075a12004cb54cd6","small_blog_what_are_passkeys_part_2_1_a30245af38","small_blog-what-are-passkeys-part-2-1.png",47.94,500,263,47940,{"ext":58,"url":78,"etag":79,"hash":80,"mime":62,"name":81,"path":53,"size":82,"width":83,"height":84,"sizeInBytes":85},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_what_are_passkeys_part_2_1_a30245af38.png","978b2b3a49500b2ef9acecd4e46a9abe","medium_blog_what_are_passkeys_part_2_1_a30245af38","medium_blog-what-are-passkeys-part-2-1.png",80.61,750,394,80612,{"ext":58,"url":87,"etag":88,"hash":89,"mime":62,"name":90,"path":53,"size":91,"width":92,"height":93,"sizeInBytes":94},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_what_are_passkeys_part_2_1_a30245af38.png","1616f4fc70449be82588542b1d81899e","thumbnail_blog_what_are_passkeys_part_2_1_a30245af38","thumbnail_blog-what-are-passkeys-part-2-1.png",15.53,245,129,15527,"blog_what_are_passkeys_part_2_1_a30245af38",172.33,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_2_1_a30245af38.png","aws-s3","2026-04-28T07:23:06.811Z",[101,107,113],{"id":102,"documentId":103,"name":104,"slug":53,"createdAt":105,"updatedAt":105,"publishedAt":106},12,"aire52m2y26x0uq2lb8m0nwy","FIDO","2026-04-28T01:49:06.707Z","2026-04-28T01:49:08.676Z",{"id":108,"documentId":109,"name":110,"slug":53,"createdAt":111,"updatedAt":111,"publishedAt":112},44,"ndyi3ro2mlncggjsp6vy47ue","Passkeys","2026-04-28T05:22:55.540Z","2026-04-28T05:22:57.559Z",{"id":114,"documentId":115,"name":116,"slug":53,"createdAt":117,"updatedAt":117,"publishedAt":118},96,"cqdyo5o0fawjwtv8ytsu59hk","Glossary","2026-04-28T06:20:09.585Z","2026-04-28T06:20:11.559Z",{"id":120,"documentId":121,"title":122,"content":123,"slug":124,"published":125,"createdAt":126,"updatedAt":126,"publishedAt":127,"locale":47,"authorManual":48,"cover":128,"tags":171},107,"cda39260upjqsfk6lby9ivzh","What are Passkeys? (Part 1)","\u003Cp>Updated: Mar 7, 2023\u003C\u002Fp>\n\u003Cp>Recently, words such as &quot;Passkeys&quot; can be seen in IT-related news. It&#39;s a hot topic in the security community, but I don&#39;t think the general public understands it. To be honest, I can&#39;t say that I understand the whole picture, but I would like to explain it with the meaning of the summary in my mind.\u003C\u002Fp>\n\u003Ch3>■ What is a passkey?\u003C\u002Fh3>\n\u003Cp>Passkey is a general term for \u003Cstrong>new WEB authentication technology that replaces passwords\u003C\u002Fstrong>. The word &quot;passkey&quot; itself has multiple scopes at the moment, and it&#39;s hard to understand, but the fact that what was called &quot;WebAuthn&quot; in the past came to be called &quot;\u003Cstrong>passkey\u003C\u002Fstrong>&quot; \u003Cstrong>in broad\u003C\u002Fstrong>. First of all, I think it would be quicker for you to experience the passkey (＝WebAuthn) in its broadest sense, so I would like to introduce the demo site and explain how it works.\u003C\u002Fp>\n\u003Cp>&quot;WebAuthn.io&quot;\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwebauthn.io\u002F\">https:\u002F\u002Fwebauthn.io\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>You can experience user registration and user authentication using WebAuthn on this site. Feel free to try it out.\u003C\u002Fp>\n\u003Ch3>■Try passkeys &quot;in the broadest sense&quot; (WebAuthn)\u003C\u002Fh3>\n\u003Cp>First, let&#39;s register. Enter your username, and click &quot;Register&quot; to display the registration popup. From this point onwards, the behavior will vary depending on the browser, OS, and OS login (logon) status, so please use this as an example only. I&#39;m using Windows 11, and Edge(the latest), and log on to Windows using my Microsoft account.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_1_0816a70caa.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In my case, I have three options:\u003C\u002Fp>\n\u003Col>\n\u003Cli>External security key or built-in sensor:\nAuthentication via FIDO2 security key or Windows Hello (on Windows).\u003C\u002Fli>\n\u003Cli>Smartphone name (Device logged in with another Chrome \u002F Android device connected with (3)):\nThis operation verification is mainly logged in with a work Google account, and the work profile is set only for the smartphone that is normally used. Probably for that reason, the name of the smartphone was displayed by default. If you select this, the operation of (3) will be performed without reading the QR code.\u003C\u002Fli>\n\u003Cli>A different device:\nThis is a method of using another smartphone as an external security key. Read the QR code on the screen with the camera and authenticate with the lock screen authentication on the smartphone side.\nTo use it, the smartphone must also support this function. I directly confirmed iOS15, Android13, or later. Even if the OS supports it, the authentication relay may not be possible depending on the camera application, so if it does not work, it is a good idea to try several camera applications.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>(1) corresponds to so-called FIDO2 authentication, (2) and (3) correspond to Hybrid authentication (formerly known as caBLE) in FIDO2 authentication. Hybrid authentication will be explained in an aside.\u003C\u002Fp>\n\u003Cp>For now, let&#39;s register with a PIN for Windows Hello, one of the FIDO2 authentication methods (You need to set the PIN in advance from Windows Settings → &quot;Accounts&quot; → &quot;Sign-in options&quot;). This corresponds to the actual movement of the explanation part of the PIN explained in the article &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifferences-between-password-and-pin?lang=en\">Differences Between Password and PIN\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_2_1e95356424.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;External security key or built-in sensor&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_3_0dc1dc41b4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the PIN input screen is displayed, enter the set PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_4_a0bb68bde1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Registration has been completed!\u003C\u002Fp>\n\u003Cp>Then let&#39;s try authentication. I think that the username is set at the time of registration, so click &quot;Authenticate&quot; as it is.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_5_fe8f402a1d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter your PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_6_fcceaf4dbe.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Authentication succeeded!\u003C\u002Fp>\n\u003Cp>The reason why these PINs are not sent to the server during registration and authentication is as explained in &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifferences-between-password-and-pin?lang=en\">Differences Between Password and PIN\u003C\u002Fa>&quot;. It transmits authentication information protected by a TPM (security chip), making it much more resistant to attacks over the network than password authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_7_7f9f64569a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>(quoted from &quot;\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifferences-between-password-and-pin?lang=en\">Differences Between Password and PIN\u003C\u002Fa>&quot;)\u003C\u002Fp>\n\u003Cp>This time, I tried registering and authenticating with a PIN as an example, but as you can see from the multiple options at the time of registration, &quot;passkey&quot; supports various authentication methods.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Various authentication supported by the OS (PIN, fingerprint, face authentication).\u003C\u002Fli>\n\u003Cli>External security key authentication (PIN\u002Ffingerprint authentication on the security side).\u003C\u002Fli>\n\u003Cli>Authentication by smartphone (PIN, fingerprint, face authentication on the smartphone side).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>All of these authentications meet the requirements of multi-factor authentication, and as with the PIN example, authentication factors (the PIN itself, fingerprint information, etc.) do not flow over the network. So they are established as a sufficiently strong authentication mechanism.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_8_67b9d97d28.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>(Click to enlarge)\u003C\u002Fp>\n\u003Cp>These mechanisms that have been explained so far are no different from the technologies that have been implemented under the names of &quot;WebAuthn&quot; and &quot;FIDO2&quot;. At first, I explained that the word &quot;passkey&quot; has multiple meanings, but the explanation up to this point is only a &quot;broad sense&quot; of the passkey. Next time, I will explain the &quot;narrow meaning&quot; of the word &quot;passkey&quot; and the core part of passkey that OS vendors (Apple, Google, Microsoft) are implementing.\u003C\u002Fp>\n\u003Ch3>■ Digression ①: Phishing resistance\u003C\u002Fh3>\n\u003Cp>Originally, one of the mechanisms implemented in WebAuthn\u002FFIDO2 since the term &quot;passkey&quot; did not exist is called phishing resistance. I think many people have heard the word &quot;phishing scam&quot;, but to put it simply, it is &quot;a scam that leads you to a fake site with a similar URL and makes you enter your authentication information to steal your account, information, money, etc.&quot; called phishing.\u003C\u002Fp>\n\u003Cp>WebAuthn is resistant to such phishing attempts. Since the password is manually entered by the user, even if the URL (domain) of the fraudulent site is different, the password may be entered carelessly and the authentication factor (here, the password) may be passed to a malicious third party. However, WebAuthn always checks the domain name mechanically and passes the authentication information (result) only to the matching site. Your authentication factors, and also your authentication information is never passed to a third party.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_9_b34be37942.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Currently, the damage caused by phishing does not appear to decrease but with the spread of passkey, it is believed that account hijacking by fake sites will be considerably suppressed.\u003C\u002Fp>\n\u003Ch3>■ Digression ②: Hybrid authentication (former name: caBLE)\u003C\u002Fh3>\n\u003Cp>Hybrid authentication as briefly explained above, is a mechanism that uses another device such as a smartphone as an external security key. In the case of Google Chrome, there is authentication with an Android device logged in with the same Google account and device authentication using a QR code. As the word &quot;BLE&quot; is included in the old name, both methods ultimately connect devices via BLE (Bluetooth Low Energy) and exchange authentication information. Android device authentication for the same account is supported from Chrome version 94 (2021\u002F09\u002F21), and Hybrid authentication using a QR code is supported from version 100 (2022\u002F03\u002F29). You can use it not only on Android devices but also on third-party products such as iPhones by applying the latest updates.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fstatic.wixstatic.com\u002Fmedia\u002Fe87c25_306bb7981ba740f39576c104cc352f8b~mv2.png\u002Fv1\u002Ffill\u002Fw_49,h_26,al_c,q_85,usm_0.66_1.00_0.01,blur_2,enc_avif,quality_auto\u002Fe87c25_306bb7981ba740f39576c104cc352f8b~mv2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When it comes to authentication on smartphones, one-time password authentication by SMS is often seen. But in the case of SMS authentication, there is a weakness in that the authentication can be broken if the attacker can check the SMS in some way because the one-time password can be delivered even if the smartphone is in a remote location. On the other hand, in this Hybrid authentication, the device to be authenticated and the smartphone that authenticates perform short-range communication via BLE. So it is possible to reliably satisfy the &quot;possession&quot; of the authentication factor, and the &quot;knowledge&quot; or &quot;inherence&quot; authentication factor is also confirmed by the authentication mechanism of the OS on the smartphone side. From there, you can have strong multi-factor authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_11_fe6ab63325.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Continue to \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fwhat-are-passkeys-part-2?lang=en\">the next part\u003C\u002Fa>.\u003C\u002Fp>\n","what-are-passkeys-part-1","2023-02-14","2026-04-28T07:22:45.236Z","2026-04-28T07:22:48.120Z",{"id":129,"documentId":130,"name":131,"alternativeText":53,"caption":53,"focalPoint":53,"width":132,"height":133,"formats":134,"hash":167,"ext":58,"mime":62,"size":168,"url":169,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":170,"updatedAt":170,"publishedAt":170},966,"zovq0i1aqht6lt22ngxz1qx3","blog-what-are-passkeys-part-1-1.png",1954,1046,{"large":135,"small":143,"medium":151,"thumbnail":159},{"ext":58,"url":136,"etag":137,"hash":138,"mime":62,"name":139,"path":53,"size":140,"width":65,"height":141,"sizeInBytes":142},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_what_are_passkeys_part_1_1_0816a70caa.png","dfe943a1f15b57a023d5a50a229161e1","large_blog_what_are_passkeys_part_1_1_0816a70caa","large_blog-what-are-passkeys-part-1-1.png",255.45,535,255449,{"ext":58,"url":144,"etag":145,"hash":146,"mime":62,"name":147,"path":53,"size":148,"width":74,"height":149,"sizeInBytes":150},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_what_are_passkeys_part_1_1_0816a70caa.png","ba4b92d0b5220f96135efb09e886111f","small_blog_what_are_passkeys_part_1_1_0816a70caa","small_blog-what-are-passkeys-part-1-1.png",81.26,268,81262,{"ext":58,"url":152,"etag":153,"hash":154,"mime":62,"name":155,"path":53,"size":156,"width":83,"height":157,"sizeInBytes":158},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_what_are_passkeys_part_1_1_0816a70caa.png","9dc6568ffc61026f5b6e59895e824d68","medium_blog_what_are_passkeys_part_1_1_0816a70caa","medium_blog-what-are-passkeys-part-1-1.png",160.16,401,160157,{"ext":58,"url":160,"etag":161,"hash":162,"mime":62,"name":163,"path":53,"size":164,"width":92,"height":165,"sizeInBytes":166},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_what_are_passkeys_part_1_1_0816a70caa.png","f96ce2b32fa7d3a0ef59a4185eafa890","thumbnail_blog_what_are_passkeys_part_1_1_0816a70caa","thumbnail_blog-what-are-passkeys-part-1-1.png",30.06,131,30057,"blog_what_are_passkeys_part_1_1_0816a70caa",150.28,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_what_are_passkeys_part_1_1_0816a70caa.png","2026-04-28T07:21:47.052Z",[172,173,174],{"id":102,"documentId":103,"name":104,"slug":53,"createdAt":105,"updatedAt":105,"publishedAt":106},{"id":108,"documentId":109,"name":110,"slug":53,"createdAt":111,"updatedAt":111,"publishedAt":112},{"id":114,"documentId":115,"name":116,"slug":53,"createdAt":117,"updatedAt":117,"publishedAt":118},{"id":176,"documentId":177,"title":178,"content":179,"slug":180,"published":181,"createdAt":182,"updatedAt":182,"publishedAt":183,"locale":47,"authorManual":48,"cover":184,"tags":229},73,"y25ef9qpa8sxxwzki6sm1sk2","Protect Your Apple ID with a Security Key","\u003Cp>January 23rd (local time), Apple released the latest update for iOS, iPadOS, and macOS. This release supports physical authentication device security key as two-factor authentication for Apple ID. When signing in with Apple ID, after entering the password, a 6-digit verification code is displayed on the trusted device (iPhone, iPad, macOS device), and security was strengthened by entering the verification code.\u003C\u002Fp>\n\u003Cp>This time, I will introduce &quot;What is the advantage of using security keys?&quot;, &quot;What are the conditions of use?&quot;, &quot;What kind of security key should I choose?&quot;, &quot;How to set it?&quot;, &quot;How to authenticate?&quot;.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Table of Contents\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Ca href=\"#viewer-79vns\">\u003Cstrong>Precautions\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-cshbb\">\u003Cstrong>Advantages of using security keys\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-3422j\">\u003Cstrong>Conditions of use of security key\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-lm29\">\u003Cstrong>How to choose a security key\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-86md6\">\u003Cstrong>About FIDO Security Key\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-ehero\">\u003Cstrong>Set up the security key\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-c3m2j\">\u003Cstrong>How to set up the security key\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-49mtp\">\u003Cstrong>How to set up on iPhone or iPad\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-878s8\">\u003Cstrong>How to set up on Mac\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-dsoko\">\u003Cstrong>How to authenticate with a security key\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-3ifiv\">\u003Cstrong>FAQ\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Precautions\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Cstrong>About inquiry\u003C\u002Fstrong>\nFor inquiries about security keys, don&#39;t hesitate to get in touch with us using our \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">\u003Cstrong>contact form\u003C\u002Fstrong>\u003C\u002Fa>. If you have any questions about setting up your Apple ID, please contact Apple.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>About account recovery after setting the security key\u003C\u002Fstrong>\nWe recommend that you should register at least two security keys. One should be kept in a safe place as a backup, and you can use it in case your main key was lost. If you lose all your security keys, you could be locked out of your Apple ID account permanently.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Disclaimer\u003C\u002Fstrong>\nWe do not guarantee any problems regarding the security key setting for Apple ID protection. Please make the settings at your own risk.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>Advantages of using security keys\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The bottom line is that using physical security keys for two-factor authentication can prevent a variety of attacks, including phishing attacks.\u003C\u002Fp>\n\u003Cp>Phishing attacks often use email or SMS to redirect users to fake sites to steal Apple IDs, passwords, and verification codes. If you use a security key as your second factor, you&#39;ll use the security key every time you authenticate, protecting you from attacks.\u003C\u002Fp>\n\u003Cp>Recently, it has become a convenient world where you can do anything with just a smartphone, but the number of cases of being victimized by such attacks is increasing. So it is recommended for those who want more robust security.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Conditions of use of security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>To use a security key as two-factor authentication for your Apple ID, the following conditions must be met.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Have at least two\u003C\u002Fstrong> FIDO® Certified* security keys for Apple devices.\n→ Details are explained in the &quot;\u003Ca href=\"#viewer-lm29\">\u003Cstrong>How to choose a security key\u003C\u002Fstrong>\u003C\u002Fa>&quot; section.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>iOS 16.3, iPadOS 16.3, or macOS Ventura 13.2 or later\u003C\u002Fstrong> installed on all devices that you sign in with your Apple ID.\n→ Refer to \u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT201222\">\u003Cstrong>here\u003C\u002Fstrong>\u003C\u002Fa> for details on compatible devices.\u003C\u002Fli>\n\u003Cli>You have set \u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT204915\">\u003Cstrong>Two-factor authentication for Apple ID\u003C\u002Fstrong>\u003C\u002Fa>.\nIf you have to enter a verification code when logging in with your Apple ID, it means two-factor authentication has already been set.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecifications\u002F\">\u003Cstrong>WebAuthn\u003C\u002Fstrong>\u003C\u002Fa>-compatible browsers such as Safari, Chrome, Edge, and Firefox can be used. (The latest version is recommended.)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ Please check \u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT213154\">\u003Cstrong>here\u003C\u002Fstrong>\u003C\u002Fa> for which the security key cannot be used with an Apple ID.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>How to choose a security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>As introduced on Apple&#39;s official page, the security key used for two-factor authentication of Apple ID must be compatible with &quot;\u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecifications\u002F\">\u003Cstrong>FIDO\u003C\u002Fstrong>\u003C\u002Fa>&quot;. &quot;YubiKey (by Yubico)&quot;, which is also introduced on Apple&#39;s official page, supports FIDO and can be selected according to the interface of the Apple device to be used. We are an authorized reseller of Yubico and sell YubiKeys. If you are looking for it, please purchase it from the \u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">\u003Cstrong>YubiKey shop\u003C\u002Fstrong>\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">\u003Cstrong>Amazon\u003C\u002Fstrong>\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Click \u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-us\u002FHT201736\">\u003Cstrong>here\u003C\u002Fstrong>\u003C\u002Fa> to find your Mac port.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>List of YubiKeys\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_1_b6374f1029.png\" alt=\"\">\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The upper YubiKey 5 series is a model that supports multiple protocols (OTP, PIV, OpenPGP, etc.) including FIDO. The Security Key series in the middle row is a relatively inexpensive model that supports the FIDO protocol only. The YubiKey Bio series at the bottom is the only biometric authentication model and supports the FIDO protocol.\u003C\u002Fp>\n\u003Cp>If you are using an iPhone, we recommend NFC-compatible ones (those with NFC in the product name). YubiKey 5Ci is recommended when connecting to an iPhone, iPad, or macOS device.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">\u003Cstrong>Buy at the YubiKey Shop\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">\u003Cstrong>Buy on Amazon\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>About FIDO Security Key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Ffidoalliance.org\u002Fspecifications\u002F\">\u003Cstrong>FIDO\u003C\u002Fstrong>\u003C\u002Fa> is a highly secure authentication method that uses public key cryptography and is characterized by its robust phishing resistance. I won&#39;t go into the detailed technical specifications here. Among the FIDO protocols, there are differences in security key operation depending on whether FIDO2 or FIDO U2F is supported, so I will briefly explain the differences.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FIDO U2F\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FIDO U2F is designed to act as a second factor of authentication. For example, after entering a password, it is used to confirm possession by a touch operation of the security key. However, it does not confirm the fingerprint-by-touch operation but confirms that you have it to the last.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FIDO2\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FIDO2 is designed to work as passwordless while remaining compatible with FIDO U2F. For example, after entering the ID, insert the security key and confirm the PIN or biometric. FIDO2 enables \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifference-between-2-step-verification-2-factor-authentication-and-multi-factor-authentication-mfa?lang=en\">\u003Cstrong>two-factor authentication\u003C\u002Fstrong>\u003C\u002Fa> based on possession and knowledge or inherence with a single security key.\u003C\u002Fp>\n\u003Cp>(All YubiKeys introduced in this article support FIDO2.)\u003C\u002Fp>\n\u003Cp>If you have a security key that supports FIDO2, please refer to the next section &quot;Set up the security key&quot; to add a PIN or enroll your fingerprint.\u003C\u002Fp>\n\u003Cp>※ When logging in with an Apple ID, the behavior changes depending on whether the PIN for the security key is set or not. Those with a PIN will work as FIDO2, and those without a PIN will only require the touch of the security key.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Set up the security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>FIDO2-compatible security key does not have a PIN set in the initial state. Please set the security key PIN based on the setting information below. You can enroll your fingerprint for the biometric key after setting the PIN.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If you are using a macOS device, please refer to the following page:\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting---fingerprint-setting-for-macos?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for macOS\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>If you are using a Windows device, please refer to the following page:\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for Windows\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ When logging in with an Apple ID, the behavior changes depending on whether the PIN for the security key is set or not. Those with a PIN will work as FIDO2, and those without a PIN will only require the touch of the security key.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>How to set up the security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Before setting the security key, prepare two security keys.\u003C\u002Fp>\n\u003Cp>※ For information on purchasing a security key, refer to \u003Ca href=\"#viewer-lm29\">\u003Cstrong>How to choose a security key\u003C\u002Fstrong>\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>About security key registration:\u003C\u002Fstrong>\nWhen registering a security key, if the registration process takes too long or the NFC response is poor, the error message &quot;This security key cannot be registered&quot; may appear. In that case, please try again.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>About using the verification code:\u003C\u002Fstrong>\nAfter setting a security key, the security key is required for two-factor authentication. You will no longer be able to authenticate with the verification code that you have been using. If all security keys are deleted, it will revert to verifying with a verification code.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>About account recovery after security key setting:\u003C\u002Fstrong>\nWe recommend that you should register at least two security keys. One should be kept in a safe place as a backup, and you can use it in case your main key was lost. If you lose all your security keys, you could be locked out of your Apple ID account permanently.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>About security key reset:\u003C\u002Fstrong>\nThe FIDO2 security key will be locked if the PIN is incorrect 8 times in a row. In that case, you will need to \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting-fingerprint-setting-for-windows?lang=en\">\u003Cstrong>reset the security key\u003C\u002Fstrong>\u003C\u002Fa>. After resetting, you will lose all the authentication information you have registered so far, so you will need to set it again.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The setting is explained according to the Apple device you are using.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-49mtp\">\u003Cstrong>How to set up on iPhone or iPad\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-878s8\">\u003Cstrong>How to set up on Mac\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>How to set up on iPhone or iPad\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>In this article, &quot;YubiKey 5 NFC&quot; and &quot;YubiKey 5Ci&quot; are used.\u003C\u002Fp>\n\u003Col>\n\u003Cli>Open &quot;Settings&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_2_f167a2e813.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"2\">\n\u003Cli>Tap your username.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_3_db34abd43c.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Tap &quot;Password &amp; Security&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_4_d3d12cddc9.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"4\">\n\u003Cli>Tap &quot;Add Security Keys&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_5_12783d0e35.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"5\">\n\u003Cli>Tap &quot;Add Security Keys&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_6_1313e3a30f.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"6\">\n\u003Cli>Tap &quot;Continue&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_7_7f26ca38bb.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"7\">\n\u003Cli>Enter your iPhone passcode.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_8_098ec0d016.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"8\">\n\u003Cli>Connect your security key and touch the button. Or hold the NFC-compatible security key over it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_9_0c628cc299.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_10_10770c0acd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of using NFC\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_11_19ffb97db6.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of connecting\u003C\u002Fp>\n\u003Cp>※ In the case of YubiKey 5Ci, there are small metal parts on the left and right, and it reacts when touched there. Even with other security keys, the button part is blinking, so I think you won&#39;t get lost too much.\u003C\u002Fp>\n\u003Col start=\"9\">\n\u003Cli>Enter the &quot;PIN&quot; set for your security key.\n※ If your security key is not set a PIN, this process will be skipped and only the touch of the security key will be required. (See \u003Ca href=\"#viewer-86md6\">\u003Cstrong>About FIDO Security Key\u003C\u002Fstrong>\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_12_9f35b515ae.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"10\">\n\u003Cli>After entering the PIN, a message will be displayed. So touch your security again. Or hold your security key over it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>※ The message will not be displayed if the NFC is held up.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_13_ab956091a9.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"11\">\n\u003Cli>Enter any name for your security key.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_14_25a865290f.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"12\">\n\u003Cli>Since registration of the second key starts, connect your security key and touch the button. Or hold the NFC-compatible security key over it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_15_3cf82a2e15.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_10_10770c0acd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of using NFC\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_11_19ffb97db6.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of connecting\u003C\u002Fp>\n\u003Cp>※ In the case of YubiKey 5Ci, there are small metal parts on the left and right, and it reacts when touched there. Even with other security keys, the button part is blinking, so I think you won&#39;t get lost too much.\u003C\u002Fp>\n\u003Col start=\"13\">\n\u003Cli>Enter the &quot;PIN&quot; set for your security key.\n※ If your security key is not set a PIN, this process will be skipped and only the touch of the security key will be required. (See \u003Ca href=\"#viewer-86md6\">\u003Cstrong>About FIDO Security Key\u003C\u002Fstrong>\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_12_9f35b515ae.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"14\">\n\u003Cli>After entering the PIN, a message will be displayed. So touch your security again. Or hold your security key over it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_16_0971bbc3d4.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"15\">\n\u003Cli>Enter any name for your security key and proceed to the next step.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_17_9c2f54a10a.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"16\">\n\u003Cli>Finally, check the device associated with your Apple ID and select one of the following:\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>Stay signed in to all devices.\u003C\u002Fli>\n\u003Cli>Select devices that you don&#39;t want to continue to have access to your account and sign out of them.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_18_aeb86d889e.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"17\">\n\u003Cli>Click &quot;Done&quot; to finish the operation.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_19_1fcc804804.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The security key setting is complete.\u003C\u002Fp>\n\u003Cp>For the authentication method, please check the &quot;\u003Cstrong>How to authenticate the security key\u003C\u002Fstrong>&quot; section.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>How to set up on Mac\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This article uses &quot;YubiKey 5Ci&quot; and &quot;YubiKey Bio - FIDO Edition&quot;. The first is registered by connecting YubiKey 5Ci and entering a PIN. And the second is registered by connecting YubiKey Bio - FIDO Edition and biometrics (fingerprint).\u003C\u002Fp>\n\u003Cp>※ This time, for the sake of explanation, we are testing a pattern of PIN and biometrics (fingerprint).\u003C\u002Fp>\n\u003Col>\n\u003Cli>Click &quot;System Settings...&quot; from the Apple menu.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_20_3645f65c30.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"2\">\n\u003Cli>Click your username, and click &quot;Password &amp; Security&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_21_00b3b18f25.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Click &quot;Add...&quot; on the right side of the Security Keys component.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_22_75abbcf1fa.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"4\">\n\u003Cli>Click &quot;Add Security Keys&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_23_2fbff82b82.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"5\">\n\u003Cli>Click &quot;Continue&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_24_3d38c2a15c.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"6\">\n\u003Cli>Enter your Mac passcode.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_25_7c434134b4.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"7\">\n\u003Cli>Click &quot;Continue&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_26_8c01763548.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"8\">\n\u003Cli>Connect your security key, and touch the button.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_27_1fabef7d6c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_28_a2d053421d.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of non-bio\u003C\u002Fp>\n\u003Cp>※ In the case of YubiKey 5Ci, there are small metal parts on the left and right, and it reacts when touched there. Even with other security keys, the button part is blinking, so I think you won&#39;t get lost too much.\u003C\u002Fp>\n\u003Col start=\"9\">\n\u003Cli>Enter the &quot;PIN&quot; set for your security key.\n※ If your security key is not set a PIN, this process will be skipped and only the touch of the security key will be required. (See \u003Cstrong>About FIDO Security Key\u003C\u002Fstrong>)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>※ If you are using a biometric (fingerprint) key, there is no need to enter a PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_29_b65c751d36.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"10\">\n\u003Cli>After entering PIN, the following message will be displayed, so touch the button of the connected security key.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_30_109c42ae4e.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"11\">\n\u003Cli>Enter any name for your security key and click &quot;Continue&quot;.\n　※ Proceed to the next step after pressing the Return key in the input field.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_31_77afb63d75.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"12\">\n\u003Cli>Click &quot;Continue&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_32_5d0d6c1e73.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"13\">\n\u003Cli>Connect your security key, and touch the button.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>※ The second key registration is described as a biometric (fingerprint) key registration. If you are using a non-biometric key, the operation is the same as the first registration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_33_14441f22cd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_34_a33c18d80e.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of biometric\u003C\u002Fp>\n\u003Cp>※ For the YubiKey Bio, touch the fingerprint sensor in the middle (you should touch the fingerprint sensor and its edge ring).\u003C\u002Fp>\n\u003Col start=\"14\">\n\u003Cli>Enter any name for your security key and click &quot;Continue&quot;.\n　※ Proceed to the next step after pressing the Return key in the input field.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_35_d2936de2c0.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"15\">\n\u003Cli>Finally, check the device associated with your Apple ID and select one of the following:\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>Stay signed in to all devices.\u003C\u002Fli>\n\u003Cli>Select devices that you don&#39;t want to continue to have access to your account and sign out of them.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_36_f7d0744a39.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"16\">\n\u003Cli>Once completed, you will see the message below. Click &quot;Done&quot; to finish the operation.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_37_b0fc3c0cfd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The security key setting is complete.\u003C\u002Fp>\n\u003Cp>For the authentication method, please check the &quot;\u003Ca href=\"#viewer-dsoko\">\u003Cstrong>How to authenticate with a security key\u003C\u002Fstrong>\u003C\u002Fa>&quot; section.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>How to authenticate with a security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>This time, I will use an iPhone and take an iCloud login as an example.\u003C\u002Fp>\n\u003Cp>(The authentication flow is the same for Mac.)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Authentication may fail if the authentication operation takes a long time. Specifically, if it takes a long time to complete the authentication operation (touch operation, PIN input, fingerprint confirmation) after the security key is requested, authentication may fail.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Col>\n\u003Cli>Enter your Apple ID end password.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_38_ba1405b13b.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"2\">\n\u003Cli>Tap &quot;Continue&quot;.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_39_f49726eae1.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Connect your security key and touch the button. Or hold the NFC-compatible security key over it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_40_bc8eebae6b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_41_088a3e7bc7.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of using NFC\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_42_99ef4803ba.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the case of connecting\u003C\u002Fp>\n\u003Col start=\"4\">\n\u003Cli>Enter the &quot;PIN&quot; set for your security key.\n※ If your security key is not set a PIN, this process will be skipped and only the touch of the security key will be required. (See \u003Ca href=\"#viewer-86md6\">\u003Cstrong>About FIDO Security Key\u003C\u002Fstrong>\u003C\u002Fa>)\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>※ If you are using a biometric (fingerprint) key, there is no need to enter a PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_43_0ecb177118.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"5\">\n\u003Cli>Touch your security button again. Or hold the NFC-compatible security key over it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_44_19f3e94288.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"6\">\n\u003Cli>Choose whether to trust the browser or not.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cul>\n\u003Cli>Don&#39;t trust:\nRequire two-factor authentication every time.\u003C\u002Fli>\n\u003Cli>Trust:\nIf you trust it, it won&#39;t require two-factor authentication when you log in on that device for 30 days.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_45_29b4c2a678.png\" alt=\"\">\u003C\u002Fp>\n\u003Col start=\"7\">\n\u003Cli>Login completed.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_46_a651de4740.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>FAQ\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cstrong>Why is &quot;Add Security Keys&quot; not displayed in &quot;Password &amp; Security&quot;?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Please check &quot;Conditions of use of security key&quot;. If the setting items are not displayed even though the conditions are met, please contact Apple.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>An error message is displayed when registering the security key and registration is not completed. What should I do now?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>When registering a security key, if the registration process takes too long or the NFC response is poor, the error message &quot;This security key cannot be registered&quot; may appear. In that case, please try again.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What is the maximum number of security keys that can be set?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Up to 6 keys can be registered.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Can I go back to using the verification code?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>By deleting all security keys, it is possible to return to verification code authentication.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>My security key is blocked. What should I do?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FIDO2 security keys will be blocked if the PIN is incorrect 8 times in a row. In that case, you will need to reset your security key. After resetting, you will lose all the authentication information you have registered so far, so you will need to set it again. For security key setting, see &quot;Set up the security key&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>What happens if I lose all my security keys?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you lose all your security keys, Apple cannot help you access your account. So keep your backup key safe.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Authentication using the security key fails. What should I do?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>There are several reasons for authentication failure, please check below:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The authentication operation is taking too long:\nSpecifically, if it takes a long time to complete the authentication operation (touch operation, PIN input, fingerprint confirmation) after the security key is requested, authentication may fail.\u003C\u002Fli>\n\u003Cli>Check if the security key is connected halfway.\u003C\u002Fli>\n\u003Cli>If you are using a USB hub, try connecting it directly to your device and check.\u003C\u002Fli>\n\u003Cli>Your security key is blocked:\nAfter 8 consecutive failed PIN attempts, the security key will be blocked. Please check &quot;My security key is blocked. What should I do?&quot;.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>I forgot my security key PIN. What should I do?\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you forgot your PIN, you will need to reset your security key. As a precaution, after you reset your security key, all authentication information will be lost, so you will need to set it up again. For security key setting, see &quot;Set up the security key&quot;.\u003C\u002Fp>\n","protect-apple-id-with-security-key","2023-02-06","2026-04-28T06:55:32.176Z","2026-04-28T06:55:35.816Z",{"id":185,"documentId":186,"name":187,"alternativeText":53,"caption":53,"focalPoint":53,"width":188,"height":189,"formats":190,"hash":224,"ext":58,"mime":62,"size":225,"url":226,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":227,"updatedAt":227,"publishedAt":228},676,"tg200evgo3cemibw9zhql8ey","blog-protect-apple-id-with-security-key-1.png",1060,680,{"large":191,"small":199,"medium":207,"thumbnail":215},{"ext":58,"url":192,"etag":193,"hash":194,"mime":62,"name":195,"path":53,"size":196,"width":65,"height":197,"sizeInBytes":198},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_protect_apple_id_with_security_key_1_b6374f1029.png","2f2712999247d96a51eff01c83185db2","large_blog_protect_apple_id_with_security_key_1_b6374f1029","large_blog-protect-apple-id-with-security-key-1.png",134.07,642,134065,{"ext":58,"url":200,"etag":201,"hash":202,"mime":62,"name":203,"path":53,"size":204,"width":74,"height":205,"sizeInBytes":206},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_protect_apple_id_with_security_key_1_b6374f1029.png","84961bcd5277885c15b36e50aa5a03a3","small_blog_protect_apple_id_with_security_key_1_b6374f1029","small_blog-protect-apple-id-with-security-key-1.png",45.73,321,45729,{"ext":58,"url":208,"etag":209,"hash":210,"mime":62,"name":211,"path":53,"size":212,"width":83,"height":213,"sizeInBytes":214},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_protect_apple_id_with_security_key_1_b6374f1029.png","bacd389230706e1614b2e04a8e33b8b7","medium_blog_protect_apple_id_with_security_key_1_b6374f1029","medium_blog-protect-apple-id-with-security-key-1.png",86.47,481,86472,{"ext":58,"url":216,"etag":217,"hash":218,"mime":62,"name":219,"path":53,"size":220,"width":221,"height":222,"sizeInBytes":223},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_protect_apple_id_with_security_key_1_b6374f1029.png","c16e86ded06ad7d4c1d7505c81da077f","thumbnail_blog_protect_apple_id_with_security_key_1_b6374f1029","thumbnail_blog-protect-apple-id-with-security-key-1.png",15.83,243,156,15826,"blog_protect_apple_id_with_security_key_1_b6374f1029",37.99,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_protect_apple_id_with_security_key_1_b6374f1029.png","2026-04-28T06:51:38.674Z","2026-04-28T06:51:38.675Z",[230,231,237],{"id":102,"documentId":103,"name":104,"slug":53,"createdAt":105,"updatedAt":105,"publishedAt":106},{"id":232,"documentId":233,"name":234,"slug":53,"createdAt":235,"updatedAt":235,"publishedAt":236},28,"ctdhuf8ybynihdblggcicfqi","SecurityKey","2026-04-28T05:16:07.443Z","2026-04-28T05:16:09.282Z",{"id":238,"documentId":239,"name":240,"slug":53,"createdAt":241,"updatedAt":241,"publishedAt":242},108,"nyxtb4vjpdejk3vwhn6u6or0","Apple","2026-04-28T06:55:27.357Z","2026-04-28T06:55:29.195Z",{"id":244,"documentId":245,"title":246,"content":247,"slug":248,"published":249,"createdAt":250,"updatedAt":250,"publishedAt":251,"locale":47,"authorManual":48,"cover":252,"tags":294},25,"i66ur4ae6up4ek8n271o1ny2","Differences Between Password and PIN","\u003Cp>Both passwords and PINs are secret words (or numbers) that only you know. And, you have to enter text for both. A PIN is shorter and uses fewer types of characters. So at first glance PIN tends to be considered &quot;weak&quot;, but Microsoft and others say that &quot;PIN is more secure than password&quot;. I&#39;m sure you&#39;ve seen this during the initial setup of Windows (10, 11), but why?\u003C\u002Fp>\n\u003Cp>The big difference between a password and a PIN is how the characters you type are handled.\u003C\u002Fp>\n\u003Cp>The password is used for authentication, but the PIN is &quot;not used for authentication&quot;.\u003C\u002Fp>\n\u003Cp>Writing it might lead to misunderstandings, so I&#39;m going to give you an example and explain it in a little more detail.\u003C\u002Fp>\n\u003Cp>We will proceed with the discussion assuming access to a WEB service that supports login by password and login by PIN(*1) on a PC.\u003C\u002Fp>\n\u003Cp>(*1) From a technical point of view, we assume a WEB service that supports login using &quot;WebAuthn&quot;.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Password\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>When you log in by entering your ID and password, the entered character information is sent to the WEB service server as is. The server receives the ID and password, checks whether the password matches or not, and allows logging in if there is no problem.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_differences_between_password_and_pin_1_c6cbb4ed57.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>PIN\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>If you log in by entering your ID and PIN, first your PIN is used to access the security chip called &quot;TPM&quot; (*2) in your computer. A TPM creates a credential that only the TPM can create. The ID and the credential created by the TPM are sent to the server, and if the server determines that there is no problem, login is permitted.\u003C\u002Fp>\n\u003Cp>(*2) A precise explanation of the TPM will be lengthy, so I will omit it, but please think of it here as a chip that can create much stronger encryption than a password.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_differences_between_password_and_pin_2_6ea1c1494d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Earlier, I wrote that the PIN is &quot;not used for authentication&quot;, but to be precise, it is &quot;used for TPM authentication&quot;. However, since the TPM is in the PC at hand, the PIN itself will not flow over the network.\u003C\u002Fp>\n\u003Cp>With the content so far, I think that the characteristics of the PIN have become a little clearer. There are two major differences from the password:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>・PIN does not low over the network.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>・PIN authentication cannot be performed without a PC and a PIN.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>From these features, I think you can see that it is strong against attacks such as eavesdropping on the network, and has \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdifference-between-2-step-verification-2-factor-authentication-and-multi-factor-authentication-mfa?lang=en\">two-factor authentication\u003C\u002Fa> of knowledge (PIN) and possession (PC), which is much stronger than a password.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Finally\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>This time, I used a PC as an example, but in fact, not only PCs but also smartphones and tablets have similar mechanisms. In addition, the FIDO2 security keys that we sell are used in combination with PCs and smartphones, but they can play the role of the TPM that came out in this story. It&#39;s like an external TPM.\u003C\u002Fp>\n\u003Cp>We are also developing solutions using security keys, so if you are interested, please take a look at our solutions and blogs. If you are looking for an authentication device, you can buy it from the link below.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKeyShop Authorized Reseller\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">https:\u002F\u002Fykey.yubion.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Amazon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&amp;marketplaceID=A1VC38T7YXB528\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Thanks for reading until the end.\u003C\u002Fp>\n","differences-between-password-and-pin","2023-02-01","2026-04-28T06:20:44.983Z","2026-04-28T06:20:47.749Z",{"id":84,"documentId":253,"name":254,"alternativeText":53,"caption":53,"focalPoint":53,"width":255,"height":256,"formats":257,"hash":290,"ext":58,"mime":62,"size":291,"url":292,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":293,"updatedAt":293,"publishedAt":293},"qvxf989g1upcg0zehb2ez401","blog-differences-between-password-and-pin-1.png",3936,1525,{"large":258,"small":266,"medium":274,"thumbnail":282},{"ext":58,"url":259,"etag":260,"hash":261,"mime":62,"name":262,"path":53,"size":263,"width":65,"height":264,"sizeInBytes":265},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_differences_between_password_and_pin_1_c6cbb4ed57.png","7b8d7a5dc4930cde187a0a04cb43c31d","large_blog_differences_between_password_and_pin_1_c6cbb4ed57","large_blog-differences-between-password-and-pin-1.png",74.43,387,74433,{"ext":58,"url":267,"etag":268,"hash":269,"mime":62,"name":270,"path":53,"size":271,"width":74,"height":272,"sizeInBytes":273},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_differences_between_password_and_pin_1_c6cbb4ed57.png","4be33089e7d26fd1e53ad1eebf112557","small_blog_differences_between_password_and_pin_1_c6cbb4ed57","small_blog-differences-between-password-and-pin-1.png",28.88,194,28876,{"ext":58,"url":275,"etag":276,"hash":277,"mime":62,"name":278,"path":53,"size":279,"width":83,"height":280,"sizeInBytes":281},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_differences_between_password_and_pin_1_c6cbb4ed57.png","98782ee5969d9219e060fc9f667d910b","medium_blog_differences_between_password_and_pin_1_c6cbb4ed57","medium_blog-differences-between-password-and-pin-1.png",49.66,291,49655,{"ext":58,"url":283,"etag":284,"hash":285,"mime":62,"name":286,"path":53,"size":287,"width":92,"height":288,"sizeInBytes":289},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_differences_between_password_and_pin_1_c6cbb4ed57.png","eb3a4fac749bad4ddc63a3beccc1a0e7","thumbnail_blog_differences_between_password_and_pin_1_c6cbb4ed57","thumbnail_blog-differences-between-password-and-pin-1.png",11.07,95,11066,"blog_differences_between_password_and_pin_1_c6cbb4ed57",138.43,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_differences_between_password_and_pin_1_c6cbb4ed57.png","2026-04-28T06:20:34.441Z",[295],{"id":114,"documentId":115,"name":116,"slug":53,"createdAt":117,"updatedAt":117,"publishedAt":118},{"id":297,"documentId":298,"title":299,"content":300,"slug":301,"published":302,"createdAt":303,"updatedAt":303,"publishedAt":304,"locale":47,"authorManual":48,"cover":305,"tags":347},23,"mvmpui47dd0yz47118fgsh7k","Difference Between 2-step Verification, 2-factor Authentication and Multi-factor Authentication(MFA)","\u003Cp>Many Web services use &quot;password&quot; authentication. However, due to various attacks in recent years, it is no longer possible to guarantee security strength with only &quot;password&quot; authentication. &quot;\u003Cstrong>Two-step verification\u003C\u002Fstrong>&quot;, &quot;\u003Cstrong>Two-factor authentication\u003C\u002Fstrong>&quot;, and &quot;\u003Cstrong>Multi-factor authentication (MFA)\u003C\u002Fstrong>&quot; are authentication methods that have emerged to increase the strength of authentication. This time, I would like to explain the differences between them.\u003C\u002Fp>\n\u003Ch2>Table of Contents\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-44hqb\">3 factors of authentication\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-dgl0b\">Two-step verification\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-369dv\">Two-factor authentication\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-fa4ac\">Multi-factor authentication\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-9qcn7\">Finally\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>3 factors of authentication\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Before getting into the main topic, let me explain the important &quot;3 factors of authentication&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The factors of authentication are roughly divided into three: &quot;Knowledge Information&quot;, &quot;Possession Information&quot;, and &quot;Inherence Information&quot;.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Authentication by Knowledge Information\u003C\u002Fstrong>\nA method of authenticating with knowledge information known only to the user, such as a password, PIN, secret question, etc. Password-based authentication is relatively easy to introduce, but it has its disadvantages. There is a risk of unauthorized use due to brute force attacks that attempt passwords many times and phishing attacks that steal passwords. There is also the risk of expanding the damage by using the same password on multiple sites. In this way, it is no longer possible to guarantee security strength with authentication using only passwords.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Authentication by Possession Information\u003C\u002Fstrong>\nA method of authenticating information held by the user, such as an IC card (such as an employee ID card), a security key for a physical device, or a smartphone. In authentication by IC card, the information in the card is read and authenticated. Security key authentication supports multiple authentication formats (one-time password, FIDO, etc.). With authentication by smartphone, it is possible to authenticate with an app or receive a code by SMS. Although it depends on the form of authentication, it is not shared like a password, so it is a relatively strong authentication method. However, you need to be careful as there is a risk of loss or theft.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Authentication by Inherence Information\u003C\u002Fstrong>\nA method of authentication using the user&#39;s physical characteristics such as fingerprints, face, or veins. By using biometrics, there is no need to remember passwords or forget the authentication device, enabling highly convenient and secure authentication. However, this authentication method does not authenticate with 100% accuracy. It may not be possible to identify due to changes in the body due to aging or damage to the body due to an accident. In addition, if biometric information is fraudulently forged in some way, there is a risk of unauthorized access to the biometric login system.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>These are the 3 factors of authentication. The authentication methods described below are methods of increasing security strength while compensating for the disadvantages of each authentication factor by dividing authentication into multiple times or combining authentication factors.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Two-step verification\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>An authentication method that authenticates by dividing one of the three factors of authentication into two times.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_verification_vs_2_factor_authentication_mfa_2_2a1d48a4a2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>As a common one, after entering &quot;ID &amp; password (knowledge)&quot;, by entering the &quot;confirmation code (knowledge)&quot; received by e-mail, etc., two-step verification is performed in which the &quot;knowledge information&quot; is authenticated in two steps. By using this authentication method, even if password authentication is broken by a third party, authentication cannot be performed without knowing the confirmation code. This authentication has a higher security strength than password-only authentication.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Two-factor authentication\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>An authentication method that combines two different authentication factors out of the three authentication factors of &quot;knowledge information&quot;, &quot;possession information&quot;, and &quot;inherence information&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_verification_vs_2_factor_authentication_mfa_3_7c20222f81.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A familiar example is ATM authentication. By inserting a &quot;cash card (possession)&quot; into an ATM and entering a &quot;PIN code (knowledge)&quot;, two-factor authentication based on possession and knowledge is completed, and you can withdraw money. Web services and applications also implement two-factor authentication by asking for an authentication device after entering &quot;ID &amp; password&quot;. Even if one of the pieces of information is stolen, it cannot be authenticated without the two pieces of information. Compared to single-factor authentication and two-step verification introduced so far, it is an authentication method with a higher security strength.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Multi-factor authentication (MFA)\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>An authentication method that combines two or more of the three authentication factors of &quot;knowledge information&quot;, &quot;possession information&quot; and &quot;inherence information&quot;. By this definition, two-factor authentication is also included in multi-factor authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_verification_vs_2_factor_authentication_mfa_4_b6e1b23a2b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>To give a specific example of MFA, when logging in to a Web service such as Salesforce using the security key of a biometric authentication device, after entering &quot;ID &amp; password (knowledge)&quot;, &quot;security key (possession)&quot; is required, and &quot;fingerprint (inherence)&quot; is verified for identity verification. Here, multi-factor authentication is realized by verifying everything including two or more factors of &quot;knowledge&quot;, &quot;possession&quot;, and &quot;inherence&quot;. Since authentication includes two or more different factors, it is an authentication method with high-security strength.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Finally\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>SNS or web services such as Google and Twitter, which are used for business and private purposes, also have &quot;multi-factor authentication (MFA)&quot; settings, so we recommend setting MFA to prevent account hijacking. We also handle security keys used for MFA, which can be purchased from the following site. For a quote, please contact us using the contact form.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKeyShop Authorized Reseller\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">https:\u002F\u002Fykey.yubion.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Amazon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&amp;marketplaceID=A1VC38T7YXB528\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contact\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Thanks for reading until the end.\u003C\u002Fp>\n","2-step-verification-vs-2-factor-authentication-mfa","2023-01-23","2026-04-28T06:20:14.548Z","2026-04-28T06:20:17.314Z",{"id":306,"documentId":307,"name":308,"alternativeText":53,"caption":53,"focalPoint":53,"width":255,"height":309,"formats":310,"hash":342,"ext":58,"mime":62,"size":343,"url":344,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":345,"updatedAt":345,"publishedAt":346},390,"rhl05wqdhq2acvwrzhmvtary","blog-2-step-verification-vs-2-factor-authentication-mfa-1.png",1181,{"large":311,"small":319,"medium":326,"thumbnail":334},{"ext":58,"url":312,"etag":313,"hash":314,"mime":62,"name":315,"path":53,"size":316,"width":65,"height":317,"sizeInBytes":318},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42.png","47e88ade77577f575f038f46b115516b","large_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42","large_blog-2-step-verification-vs-2-factor-authentication-mfa-1.png",69.2,300,69196,{"ext":58,"url":320,"etag":321,"hash":322,"mime":62,"name":323,"path":53,"size":232,"width":74,"height":324,"sizeInBytes":325},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42.png","cd680b409676ccc4edd31d89f722259f","small_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42","small_blog-2-step-verification-vs-2-factor-authentication-mfa-1.png",150,28003,{"ext":58,"url":327,"etag":328,"hash":329,"mime":62,"name":330,"path":53,"size":331,"width":83,"height":332,"sizeInBytes":333},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42.png","3d9f8a469e0374bcd056c81726d6375e","medium_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42","medium_blog-2-step-verification-vs-2-factor-authentication-mfa-1.png",46.03,225,46034,{"ext":58,"url":335,"etag":336,"hash":337,"mime":62,"name":338,"path":53,"size":339,"width":92,"height":340,"sizeInBytes":341},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42.png","16499245474c648dc92b5ade9fdf3c84","thumbnail_blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42","thumbnail_blog-2-step-verification-vs-2-factor-authentication-mfa-1.png",10.47,74,10468,"blog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42",147.77,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_verification_vs_2_factor_authentication_mfa_1_0aa4d4be42.png","2026-04-28T06:19:52.520Z","2026-04-28T06:19:52.521Z",[348],{"id":114,"documentId":115,"name":116,"slug":53,"createdAt":117,"updatedAt":117,"publishedAt":118},{"id":350,"documentId":351,"title":352,"content":353,"slug":354,"published":355,"createdAt":356,"updatedAt":356,"publishedAt":357,"locale":47,"authorManual":48,"cover":358,"tags":401},89,"k77fgn8dswsmm62bou2hu49b","Two-factor Authentication Login to Twitter with YubiKey","\u003Cp>Updated: Mar 6, 2023\u003C\u002Fp>\n\u003Cp>I think that many people use Twitter, both individuals, and corporations. But have you ever paid attention to the security of the Twitter account to prevent the account from being hijacked by leaking the password?\u003C\u002Fp>\n\u003Cp>Twitter supports \u003Cstrong>two-factor authentication\u003C\u002Fstrong>, so by setting up two-factor authentication, you can take measures against unauthorized access such as hijacking.\u003C\u002Fp>\n\u003Cp>If you haven&#39;t set it yet, we recommend that you should do so.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Table of Contents\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-b5esu\">About Twitter&#39;s two-factor authentication\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-45a29\">How does it compare to other authentication methods?\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-a8i2p\">About the device to use\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-1dbqg\">How to set up two-factor authentication\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-frq52\">a. When setting on a PC\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-bcj91\">b. When setting on a smartphone\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-1sj29\">How to log in\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-462r6\">a. For PC\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-9leqf\">b. For smartphone\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Ca href=\"#viewer-6ptb7\">Summary\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>About Twitter\u003C\u002Fstrong>\u003Cstrong>&#39;s two-factor authentication\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_1_6e809df973.png\" alt=\"Twitterの2要素認証\">\u003C\u002Fp>\n\u003Cp>Twitter&#39;s two-factor authentication supports the following three types:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>・Text message (SMS)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>・Application app (TOTP)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>・Security key (FIDO)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>As described on Twitter&#39;s help center page, of the three methods, if you set the \u003Cstrong>&quot;Security key&quot;\u003C\u002Fstrong>, you don&#39;t need any other backup method. So, if you can use the security key, I recommend you set it up.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fhelp.twitter.com\u002Fja\u002Fmanaging-your-account\u002Ftwo-factor-authentication\">https:\u002F\u002Fhelp.twitter.com\u002Fen\u002Fmanaging-your-account\u002Ftwo-factor-authentication\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Note:\u003C\u002Fstrong> If you add security keys to add extra protection to your two-factor authentication, you no longer need to use other backup methods to add extra protection. A security key can be used as the only authentication method, with other authentication methods turned off.\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>In this article, I will introduce how to set a &quot;\u003Cstrong>Security key\u003C\u002Fstrong>&quot; using &quot;\u003Cstrong>YubiKey 5 NFC&quot;.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>How does it compare to other authentication methods?\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>A little extra on the benefits of choosing a security key.\u003C\u002Fp>\n\u003Cp>Both text message (SMS) and authentication app (TOTP) are two-factor authentication methods for enhancing security, but both are for entering letters and numbers notified (or displayed in the app). So, it is challenging to prevent man-in-the-middle attacks such as phishing.\u003C\u002Fp>\n\u003Cp>Even though you have set up two-factor authentication to improve security, it turns out that the security is not as high as you thought.\u003C\u002Fp>\n\u003Cp>Security key uses the \u003Cstrong>FIDO\u003C\u002Fstrong> protocol, which \u003Cstrong>prevents man-in-the-middle attacks such as phishing\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Therefore, you can get a high-security strength compared to other methods.\u003C\u002Fp>\n\u003Cp>Also, entering the text from SMS and TOTP is quite troublesome...\u003C\u002Fp>\n\u003Cp>If you set up a YubiKey, you will able to log in by touching the YubiKey without having to enter characters that are notified or displayed in the app each time.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>About the device to use\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>This time, I wanted to use Twitter on both my PC and my smartphone, and I wanted to use NFC on my smartphone, so I used the &quot;YubiKey 5 NFC&quot;, which has an NFC function.\u003C\u002Fp>\n\u003Cp>You can insert it into a USB port when using it on a PC, and authenticate via NFC when using it on a smartphone.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_2_99a6330fab.jpeg\" alt=\"YubiKey 5 NFC\">\u003C\u002Fp>\n\u003Cp>Any \u003Cstrong>FIDO-compatible key\u003C\u002Fstrong> can be used as a security key, so if you have a FIDO device other than the YubiKey, you can try the same setting.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■\u003C\u002Fstrong> \u003Cstrong>How to set up two-factor authentication\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>You can set up two-factor authentication on your PC or smartphone.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>a.\u003C\u002Fstrong> \u003Cstrong>When setting on a PC\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>From the Twitter menu, select &quot;Settings and privacy&quot;, then select &quot;Security&quot; under &quot;Security and account access&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_3_3e0a786475.png\" alt=\"Twitterの設定メニュー\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_4_3c66fb0872.png\" alt=\"Twitterの設定メニュー\">\u003C\u002Fp>\n\u003Cp>Select &quot;Two-factor authentication&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_5_8fa05ecf1c.png\" alt=\"2要素認証を選択\">\u003C\u002Fp>\n\u003Cp>From &quot;Two-factor authentication&quot;, check &quot;Security key&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_6_debc603a68.png\" alt=\"2要素認証 - セキュリティキー選択\">\u003C\u002Fp>\n\u003Cp>You will be asked for a password when you change the settings for the first time, so enter your password and select &quot;Confirm&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_7_b6f5c3e5be.png\" alt=\"パスワード入力\">\u003C\u002Fp>\n\u003Cp>The security key enrollment sequence begins. Select &quot;Add key&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_8_f5e161bb43.png\" alt=\"セキュリティキー登録開始\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_9_e7e5574a8d.png\" alt=\"セキュリティキーを追加\">\u003C\u002Fp>\n\u003Cp>Connect the YubiKey to your PC.\u003C\u002Fp>\n\u003Cp>Since the YubiKey 5 NFC is a FIDO2-compatible device, you will be prompted for a PIN.\u003C\u002Fp>\n\u003Cp>Enter your PIN and click OK.\u003C\u002Fp>\n\u003Cp>※ If your device supports U2F (in short, FIDO1), you will not be asked to enter the PIN because there is no PIN.\u003C\u002Fp>\n\u003Cp>Added on 2023\u002F3\u002F6:\u003C\u002Fp>\n\u003Cp>※ Even if your device supports FIDO2, you will not be asked to enter the PIN \u003Cstrong>if the PIN is not set on your device\u003C\u002Fstrong>, such as a new key or after resetting the PIN. Please note that the behavior changes depending on the setting state of the device.\u003C\u002Fp>\n\u003Cp>Also, PIN entry is required only during registration, and PIN entry is not required during authentication (when logging in), regardless of whether you are using a FIDO2-compatible device or a U2F device.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_10_213d576c68.png\" alt=\"PIN入力\">\u003C\u002Fp>\n\u003Cp>Touch your Yubikey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_11_4ee7108f01.png\" alt=\"セキュリティキータッチ\">\u003C\u002Fp>\n\u003Cp>After successful registration, you will be presented with an input field to name your key.\u003C\u002Fp>\n\u003Cp>Arbitrarily set a descriptive name and click &quot;Next&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_12_6762e5e480.png\" alt=\"セキュリティキーの名前入力\">\u003C\u002Fp>\n\u003Cp>You have successfully registered your key.\u003C\u002Fp>\n\u003Cp>As mentioned in the message, it is a good idea to register multiple keys in advance if you have other keys in case of unexpected situations such as key loss.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_13_cfa16dbace.png\" alt=\"メッセージ表示\">\u003C\u002Fp>\n\u003Cp>The setup is complete.\u003C\u002Fp>\n\u003Cp>Click &quot;Get Backup Code&quot; to see your backup code.\u003C\u002Fp>\n\u003Cp>We recommend that you keep a backup code just in case you lose your key so that you can still log in.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_14_576f6ea4ec.png\" alt=\"キー登録完了\">\u003C\u002Fp>\n\u003Cp>When you return to the Two-factor authentication screen you can see that the &quot;Security key&quot; item is checked.\u003C\u002Fp>\n\u003Cp>If you want to register another security key, you can open &quot;Manage security keys&quot; and add another key.\u003C\u002Fp>\n\u003Cp>If you want to cancel the two-factor authentication of the security key, it will be canceled by removing this check.\u003C\u002Fp>\n\u003Cp>At that time, the registered YubiKey information will also be cleared, so if you want to set up two-factor authentication again, you will need to register the key again.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_15_cf9900ebd0.png\" alt=\"セキュリティキーにチェック済み\">\u003C\u002Fp>\n\u003Cp>After the setting, you will need the security key when you log in. However, once logged in, the logged-in state is maintained, so it seems that it is not necessary every time you open Twitter.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>b.\u003C\u002Fstrong> \u003Cstrong>When setting on a smartphone\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>You can also register the security key from your smartphone. However, it seems that it cannot be done from the Twitter application, and a message is displayed to set from the browser.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fstatic.wixstatic.com\u002Fmedia\u002Fe87c25_76f45aa249544b7caa1e113ac6629917~mv2.jpg\u002Fv1\u002Ffill\u002Fw_147,h_301,al_c,q_80,usm_0.66_1.00_0.01,blur_2,enc_avif,quality_auto\u002Fe87c25_76f45aa249544b7caa1e113ac6629917~mv2.jpg\" alt=\"ブラウザへの誘導\">\u003C\u002Fp>\n\u003Cp>Open Twitter in your browser and proceed with the settings.\u003C\u002Fp>\n\u003Cp>Open &quot;Security and account access&quot; of Settings and select &quot;Security&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_17_122b78e12a.jpeg\" alt=\"セキュリティとアカウントアクセス\">\u003C\u002Fp>\n\u003Cp>Select &quot;Two-factor authentication&quot;.\u003C\u002Fp>\n\u003Cp>Select &quot;Security key&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_18_56b5309723.jpeg\" alt=\"セキュリティ - 2要素認証\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_19_1f800e91f8.jpeg\" alt=\"セキュリティキーを選択\">\u003C\u002Fp>\n\u003Cp>You will be asked for a password when setting up for the first time. Enter and continue.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_20_447d847b80.png\" alt=\"パスワード入力\">\u003C\u002Fp>\n\u003Cp>The security key registration sequence will start, so follow the instruction on the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_21_ba1a84ec5a.jpeg\" alt=\"登録開始\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_22_5626f56684.jpeg\" alt=\"セキュリティキー追加開始\">\u003C\u002Fp>\n\u003Cp>The security key registration will start.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_23_b6c28ba3ee.jpeg\" alt=\"セキュリティキー登録開始\">\u003C\u002Fp>\n\u003Cp>Since I am using an NFC compatible key this time, select &quot;Use security with NFC&quot;. If you have a USB Type-C or Bluetooth compatible device, please select the corresponding method.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_24_a5a18c41bf.jpeg\" alt=\"NFC選択\">\u003C\u002Fp>\n\u003Cp>You will be asked for a security key.\u003C\u002Fp>\n\u003Cp>In order to use NFC this time, it is necessary to \u003Cstrong>turn on the NFC function of your smartphone\u003C\u002Fstrong> in advance.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_25_851cf664cc.jpeg\" alt=\"NFC登録\">\u003C\u002Fp>\n\u003Cp>Hold your YubiKey over your smartphone&#39;s NFC position.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_26_339bf3342f.jpeg\" alt=\"NFCにYubiKeyをかざす\">\u003C\u002Fp>\n\u003Cp>Registration has been completed. Move your YubiKey away from your smartphone.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_27_441054a887.png\" alt=\"デバイス登録完了\">\u003C\u002Fp>\n\u003Cp>After successful registration, you will be presented with an input field to name your key.\u003C\u002Fp>\n\u003Cp>Arbitrarily set a descriptive name and click Next.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_28_6c63a2247f.jpeg\" alt=\"名前を付ける\">\u003C\u002Fp>\n\u003Cp>Your key has been registered. As mentioned in the message, it is a good idea to register multiple keys in advance if you have other keys in case of unexpected situation such as key loss.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_29_c5fd519c05.jpeg\" alt=\"登録後のメッセージ表示\">\u003C\u002Fp>\n\u003Cp>Setup is complete.\u003C\u002Fp>\n\u003Cp>Click &quot;Get Backup Code&quot; to see your backup code.\u003C\u002Fp>\n\u003Cp>We recommend that you keep a backup code just in case you lose your key so that you can still log in.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_30_de1d2e7ce2.jpeg\" alt=\"登録完了\">\u003C\u002Fp>\n\u003Cp>After setting, you will need a security key when you log in. However, once logged in, the logged in state is maintained, so it seems that it is not necessary every time you open Twitter.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>■\u003C\u002Fstrong> \u003Cstrong>How to log in\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Now that the two-factor authentication setting is complete, let&#39;s check the behavior when logging in.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>a.\u003C\u002Fstrong> \u003Cstrong>For PC\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Let&#39;s take a look at the case of PC first.\u003C\u002Fp>\n\u003Cp>Enter your login ID on the login screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_31_c8b3ed4a70.png\" alt=\"PCからTwitterにログイン\">\u003C\u002Fp>\n\u003Cp>Enter your password.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_32_58a76e64d3.png\" alt=\"パスワード入力\">\u003C\u002Fp>\n\u003Cp>If two-factor authentication is not set, login will be completed here, but since the security key has been set, you will be asked for the security key.\u003C\u002Fp>\n\u003Cp>Connect your YubiKey to your PC.\u003C\u002Fp>\n\u003Cp>The display changes to ask you touch the key.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_33_3d4239ff02.png\" alt=\"セキュリティキーの要求メッセージ\">\u003C\u002Fp>\n\u003Cp>The center of the YubiKey will light up, so touch it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_34_e773ab44f8.jpeg\" alt=\"YubiKeyにタッチ\">\u003C\u002Fp>\n\u003Cp>After successful authentication, login is completed.\u003C\u002Fp>\n\u003Cp>In this way, you can no longer log in without a YubiKey.\u003C\u002Fp>\n\u003Cp>It is pretty simple to operate, just plug it into a USB and touch it.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>b.\u003C\u002Fstrong> \u003Cstrong>For smartphone\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Ch3>\u003C\u002Fh3>\n\u003Cp>Let&#39;s look at the login behavior on a smartphone in the same way.\u003C\u002Fp>\n\u003Cp>Afeter entering the password, the authenticator selection is displayed.\u003C\u002Fp>\n\u003Cp>If you select &quot;Use a security key&quot; and proceed to the next step, authentication of the security key will start.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_35_afba4ad59f.jpeg\" alt=\"認証選択\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_36_e906ed9446.jpeg\" alt=\"セキュリティキーの使用\">\u003C\u002Fp>\n\u003Cp>Since NFC is used this time, select &quot;Use security with NFC&quot;.\u003C\u002Fp>\n\u003Cp>A message will be displayed asking you to hold the security key over your smartphone.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_24_a5a18c41bf.jpeg\" alt=\"セキュリティ使用方法選択\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_25_851cf664cc.jpeg\" alt=\"セキュリティキーをかざすメッセージ\">\u003C\u002Fp>\n\u003Cp>Hold your YubiKey over your smartphone&#39;s NFC position.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_26_339bf3342f.jpeg\" alt=\"スマホにYubiKeyをかざす\">\u003C\u002Fp>\n\u003Cp>After successful authentication, login is completed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_27_441054a887.png\" alt=\"認証成功\">\u003C\u002Fp>\n\u003Cp>Even on smartphone, it was possible to restrict login without a YubiKey.\u003C\u002Fp>\n\u003Cp>By using NFC, you can easily log in with two-factor authentication without the need to connect into USB port.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>By using YubiKey for Twitter&#39;s two-factor authentication, \u003Cstrong>the security strength is higher\u003C\u002Fstrong> than other two-factor authentication methods, and itwas possible to log in with \u003Cstrong>a simpler operation\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Above all, because it is \u003Cstrong>a physical key\u003C\u002Fstrong>, it also has the advantage of being easy to manage.\u003C\u002Fp>\n\u003Cp>It is difficult to notice if the password is stolen, but one of the advantage of the physical key is that if it is lost, it will be noticed immediately.\u003C\u002Fp>\n\u003Cp>The YubiKey used this time can be used to enhance the security of various services other than Twitter, so please try using it in various places.\u003C\u002Fp>\n\u003Cp>You can buy YubiKeys and other authentication devices we handle from the following sites.\u003C\u002Fp>\n\u003Cp>For a quote, please contact us using the inquiry form.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKeyShop Authorized Reseller\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">https:\u002F\u002Fykey.yubion.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Amazon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&amp;marketplaceID=A1VC38T7YXB528\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contact\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Thanks for reading until the end.\u003C\u002Fp>\n","twitter-two-factor-authentication-yubikey","2023-01-19","2026-04-28T07:09:26.581Z","2026-04-28T07:09:29.596Z",{"id":359,"documentId":360,"name":361,"alternativeText":53,"caption":53,"focalPoint":53,"width":362,"height":363,"formats":364,"hash":397,"ext":58,"mime":62,"size":398,"url":399,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":400,"updatedAt":400,"publishedAt":400},818,"f6oi0wty9qw1tvqpmb3v6y3z","blog-twitter-two-factor-authentication-yubikey-1.png",2372,1350,{"large":365,"small":373,"medium":381,"thumbnail":389},{"ext":58,"url":366,"etag":367,"hash":368,"mime":62,"name":369,"path":53,"size":370,"width":65,"height":371,"sizeInBytes":372},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_twitter_two_factor_authentication_yubikey_1_6e809df973.png","264727a1aca713bd6a3d45abf363d98d","large_blog_twitter_two_factor_authentication_yubikey_1_6e809df973","large_blog-twitter-two-factor-authentication-yubikey-1.png",107.48,569,107483,{"ext":58,"url":374,"etag":375,"hash":376,"mime":62,"name":377,"path":53,"size":378,"width":74,"height":379,"sizeInBytes":380},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_twitter_two_factor_authentication_yubikey_1_6e809df973.png","c6920e91a2257791e00dd1b1cf0e32f2","small_blog_twitter_two_factor_authentication_yubikey_1_6e809df973","small_blog-twitter-two-factor-authentication-yubikey-1.png",39.73,285,39727,{"ext":58,"url":382,"etag":383,"hash":384,"mime":62,"name":385,"path":53,"size":386,"width":83,"height":387,"sizeInBytes":388},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_twitter_two_factor_authentication_yubikey_1_6e809df973.png","13f6d525873029313638e15e11d12515","medium_blog_twitter_two_factor_authentication_yubikey_1_6e809df973","medium_blog-twitter-two-factor-authentication-yubikey-1.png",71.66,427,71661,{"ext":58,"url":390,"etag":391,"hash":392,"mime":62,"name":393,"path":53,"size":394,"width":92,"height":395,"sizeInBytes":396},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_twitter_two_factor_authentication_yubikey_1_6e809df973.png","b9ebb952ff033f65a3e1d252cda7d48e","thumbnail_blog_twitter_two_factor_authentication_yubikey_1_6e809df973","thumbnail_blog-twitter-two-factor-authentication-yubikey-1.png",13.06,139,13060,"blog_twitter_two_factor_authentication_yubikey_1_6e809df973",69.54,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_twitter_two_factor_authentication_yubikey_1_6e809df973.png","2026-04-28T07:06:29.359Z",[402,403,409,410,416],{"id":102,"documentId":103,"name":104,"slug":53,"createdAt":105,"updatedAt":105,"publishedAt":106},{"id":404,"documentId":405,"name":406,"slug":53,"createdAt":407,"updatedAt":407,"publishedAt":408},38,"jaxvzpgjcychnf89jrn3x4py","MFA","2026-04-28T05:19:23.626Z","2026-04-28T05:19:25.485Z",{"id":232,"documentId":233,"name":234,"slug":53,"createdAt":235,"updatedAt":235,"publishedAt":236},{"id":411,"documentId":412,"name":413,"slug":53,"createdAt":414,"updatedAt":414,"publishedAt":415},22,"e0nti57slk8t0ag21prw0zr2","YubiKey","2026-04-28T05:13:37.740Z","2026-04-28T05:13:39.579Z",{"id":417,"documentId":418,"name":419,"slug":53,"createdAt":420,"updatedAt":420,"publishedAt":421},112,"vai4rak43g28bzg219a14a3d","Twitter","2026-04-28T07:09:21.731Z","2026-04-28T07:09:23.576Z",{"id":423,"documentId":424,"title":425,"content":426,"slug":427,"published":428,"createdAt":429,"updatedAt":429,"publishedAt":430,"locale":47,"authorManual":48,"cover":431,"tags":474},17,"clcdm05jrld7dd1wf5pxzlr0","Deploy YubiOn Portal in Amazon WorkSpaces Environment","\u003Cp>Updated: Feb 6, 2023\u003C\u002Fp>\n\u003Cp>About 8 months ago, I published an \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fdeploying-yubion-portal-in-the-citrix-virtual-apps-and-desktops-desktop-delivery-environment?lang=en\">article\u003C\u002Fa> about creating a Citrix desktop delivery environment in a lab environment and installing YubiOn Portal there. I haven&#39;t been able to experiment with this kind of virtual desktop environment for a while due to other development work. But this time, I had an opportunity to touch AWS WorkSpaces, so I would like to introduce YubiOn Portal there.\u003C\u002Fp>\n\u003Ch2>■ Configuration\u003C\u002Fh2>\n\u003Cp>As for the configuration, I think it can be said that it is a very general environment where you can say &quot;I tried Amazon WorkSpaces&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Last time, I built everything necessary for the lab environment, so you may have the impression that there were more things to do than the contents of the article. But cloud services are convenient in such cases. On the other hand, I&#39;m also nervous that it might end up with a high bill. This time, I tried to do it for free as much as possible. But I will explain the story of the price at the end.\u003C\u002Fp>\n\u003Ch2>■ Build your WorkSpaces\u003C\u002Fh2>\n\u003Cp>If you just want to try out Amazon WorkSpaces, you should be able to make the necessary settings according to the instructions provided by AWS.\u003C\u002Fp>\n\u003Ch3>① Build a directory\u003C\u002Fh3>\n\u003Cp>First, create a &quot;Directory&quot; to place WorkSpaces. This is the part corresponding to Active Directory in Windows.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_2_5d603585ba.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If it is just a trial, I think there is no problem with the &quot;Simple AD&quot; type. It seems that a compatible server called &quot;Samba 4 Active Directory Compatible Server&quot; is used instead of pure Microsoft AD.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.aws.amazon.com\u002Fdirectoryservice\u002Flatest\u002Fadmin-guide\u002Fdirectory_simple_ad.html\">Simple Active Directory - AWS Directory Service (amazon.com)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>&quot;AWS Managed Microsoft AD&quot; runs using pure Microsoft Windows Server 2019, so if you want to fully use the functions provided by Microsoft, you should use this.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.aws.amazon.com\u002Fdirectoryservice\u002Flatest\u002Fadmin-guide\u002Fdirectory_microsoft_ad.html\">AWS Managed Microsoft AD - AWS Directory Service (amazon.com)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>&quot;AD Connector&quot; is a bit different, and is an option for linking with AD in the existing intranet. I think that it will be used for purposes such as migrating things that were used locally in the company to the cloud.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.aws.amazon.com\u002Fdirectoryservice\u002Flatest\u002Fadmin-guide\u002Fdirectory_ad_connector.html\">Active Directory Connector - AWS Directory Service (amazon.com)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Next, enter the directory information.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_3_d163bed8d1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>It&#39;s a trial, so the size is small. Don&#39;t think too much about the organization name, DNS name, NetBIOS name, etc., end st them in the same way as a normal AD construction. If you forget the administrator password, you will not be able to manage it as AD, so please handle it strictly.\u003C\u002Fp>\n\u003Cp>Next, we will configure the network settings.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_4_10c3b4b8d3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Here too, there is no problem if you follow the instructions on the screen to create a virtual network that uses WorkSpaces. However, if you create a subnet as a private subnet, and you just create a VPC and 2 subnets according to the instructions on this screen, you will not be able to access the Internet from that space. I will explain this later, so for now I will create a VPC and 2 private subnets and allocate them.\u003C\u002Fp>\n\u003Cp>(We will cut the public subnet later, so please leave room for additional subnets in the VPC.)\u003C\u002Fp>\n\u003Cp>After setting up here, check the contents on the &quot;Review &amp; create&quot; screen and create the directory.\u003C\u002Fp>\n\u003Cp>As is often the case with AWS, after you click &quot;Create&quot;, you have to wait for a while as it will be created in the background.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_5_175694c329.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the status becomes &quot;Active&quot;, creation is complete. Finally, to use this directory with WorkSpaces, we need to &quot;Register&quot; it. (Select the directory → &quot;Action&quot; → &quot;Register&quot;)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_6_cf4f0e573f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Specify the subnet you set earlier and register it.\u003C\u002Fp>\n\u003Ch3>② Create WorkSpaces\u003C\u002Fh3>\n\u003Cp>Next, we will create WorkSpaces. Although it is called &quot;WorkSpaces&quot;, as far as the behavior is concerned, I think that one WorkSpace can be considered as one virtual machine. Not limited to this point, when using AWS, I think it is important to understand in your way what the specific terms of AWS refer to.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_7_ce63f29b47.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Create WorkSpaces with the &quot;Create WorkSpaces&quot; button on the above screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_8_be2cc854da.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select the created directory and click &quot;Next&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_9_718749c099.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>To create a new user, click &quot;Create additional user&quot; to move to the create screen. If you want to assign a user that already exists in the directory (such as deleting the previously created WorkSpaces and recreating it with the same user), you do not need to create a user here.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_10_0f631ed4f3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter your user information. You can create up to 5 people, but here I set only 1 person and click &quot;Next&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_11_cc027dca91.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once the user has been created, you will automatically proceed to the &quot;Identify Users&quot; screen. This screen is a little confusing. It means that WorkSpaces will be created for the specified number of users, rather than allowing the specified user to log in to 1 newly created WorkSpace. Since I want to create only 1 this time, select only the user created earlier and click &quot; Next&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_12_5e2a033e6d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Then proceed to the step &quot;Select Bundle&quot;. The &quot;bundle&quot; here is something like a template that is the base of WorkSpaces. The biggest difference is the OS, but there are other differences such as the presence or absence of Office and client protocol (communication protocol for actual remote operation).\u003C\u002Fp>\n\u003Cp>This time, select &quot;Standard with Windows 10 (Server 2019 based)&quot; with &quot;WSP&quot; as the client protocol. We will discuss the client protocol later.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_13_08d4db14a0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, set the running mode, etc. As explained on the screen, the power is always on as a virtual machine (AlwaysOn), or it automatically stops when not in use (AutoStop). If it is for the experiment, I think that there is no problem with AutoStop. For tags, make settings as necessary.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_14_6e0aed7342.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Then there are the customization options. In actual operation, encryption should be properly performed, and the user volume should be selected appropriately according to the usage, but since it is an experiment, I will leave it as the default.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_15_9fc1bbbd05.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Finally, review the settings. If there seems to be no problem, click &quot;Create WorkSpaces&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_16_4a1481edad.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Creating will start a background process as usual. It will take several tens of minutes to create these WorkSpaces, so please be patient. When creation is completed, an email saying &quot;WorkSpaces for you has been created&quot; will fly to the email address specified when creating an additional user.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_17_2dcb3eeb00.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>According to the contents of the email, set the user password, install the client application, and try to connect.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_18_440417c201.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_19_acc696862f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you can connect to WorkSpaces as in the above image, first of all, I think that it is over to the point of &quot;trying to run WorkSpaces&quot;.\u003C\u002Fp>\n\u003Ch2>■ Network settings\u003C\u002Fh2>\n\u003Cp>For now, I can access the virtual PC set up in WorkSpaces, but even \n if start the pre-installed Firefox on WorkSpaces, I can&#39;t connect to the Internet. Currently, the private part on the left side of the schematic diagram has been completed, and if you think about it in terms of a home LAN, it is in the stage of &quot;I tried building a LAN in my house&quot;. So, next, we will create the public part on the right, which is the part that corresponds to the Internet connection router in the image of the home LAN.\u003C\u002Fp>\n\u003Cp>(A typical home internet router includes a LAN side gateway and DHCP server, so it&#39;s a little different from the image,...)\u003C\u002Fp>\n\u003Cp>Everything is created on the &quot;VPC&quot; screen of the AWS management console.\u003C\u002Fp>\n\u003Ch3>③ Create an Internet gateway and attach it to VPC\u003C\u002Fh3>\n\u003Cp>First, create an Internet gateway. There is nothing too difficult here, just choose a name and create it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_20_4d6cafe6d7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once created, link it to an existing VPC. Select &quot;Attach to a VPC&quot; from the action menu to attach.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_21_9ba4d3a0d2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_22_729ba5d8fd.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>④ Create a public subnet\u003C\u002Fh3>\n\u003Cp>Create a subnet for access from the Internet side. Place the NAT gateway within this subnet. Public subnets are created in the same way as private subnets. Create by specifying an IPv4 CIDR block that is different from the existing private subnet within the range of your VPC.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_23_bbb4338b19.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>⑤ Create a NAT gateway\u003C\u002Fh3>\n\u003Cp>From the NAT gateway management screen, click &quot;Create NAT gateway&quot; to display the creation screen. As the subnet, specify the public subnet created earlier, set the connectivity type to the public, and assign an Elastic IP.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_24_65a9c31eca.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>⑥ Create a public route table\u003C\u002Fh3>\n\u003Cp>A set of virtual devices has been prepared, but as it stands, information about what route to take to get to the Internet is not set. Currently, I think that the same route table created by default is used for the 3 subnets, but it is necessary to specify different route information for the private side and the public side, so I will create 1 public route table. Select &quot;Create route table&quot; from the route table management screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_25_53d30cde6b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Name it whatever you like and specify the VPC you&#39;re currently using.\u003C\u002Fp>\n\u003Ch3>⑦ Set route table association for the public subnet\u003C\u002Fh3>\n\u003Cp>Select the public subnet from the subnet management screen and open the &quot;Route table&quot; tab.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_26_5dd7cb3cc1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;Edit rote table association&quot;, select the route table ID, set the public route table created earlier, and click &quot;Save&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_27_f6aae1da80.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>⑧ Configure routing for the public route table\u003C\u002Fh3>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_28_73fe95a923.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>From the route table management screen, select the created public route table, open the &quot;Routes&quot; tab, and click &quot;Edit routes&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_29_85ac2faa6a.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>By default, I think that the routing is set to go to local if it is within the VPC subnet range, but I will add a route that goes to the Internet gateway if it is &quot;0.0.0.0\u002F0&quot; and click &quot;Save changes&quot;.\u003C\u002Fp>\n\u003Ch3>⑨ Set the routing of the private route table\u003C\u002Fh3>\n\u003Cp>As in the previous section, edit the default route table route associated with the private subnet.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_30_fc3fc8cd76.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Here, add a route that goes to the NAT gateway if it is &quot;0.0.0.0\u002F0&quot;.\u003C\u002Fp>\n\u003Cp>With the settings up to this point, I think you will be able to access the Internet from WorkSpaces. Connect to your WorkSpaces again and try accessing the Internet with Firefox.\u003C\u002Fp>\n\u003Ch2>■ YubiOn Portal introduction and use in the logon section\u003C\u002Fh2>\n\u003Cp>Now I will install YubiOn Portal to the created WorkSpaces. Regarding the reuse of the main points when introducing Citrix products, the following points are almost common in virtual environments, especially in virtual environments with automatic logon to Windows.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Installation must be done for each WorkSpace.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Currently, account and YubiKey assignments also need to be done for each WorkSpace.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Forced YubiKey logon must be enabled in the policy.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If not enabled, the WorkSpaces authentication mechanism will skip the Windows logon part.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Cache logon, screen lock when YubiKey is removed, etc. cannot be used.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Both require YubiKey and USB communication, so they cannot be used in environments where USB is not directly connected.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>If you have multiple WorkSpaces, those machines must have different SIDs.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>YubiOn Portal identifies each terminal based on SID and does not support situations where there are multiple terminals with the same SID.\u003C\u002Fp>\n\u003Cp>After completing the setup, access from the WorkSpaces client.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_31_4123396e82.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After entering your WorkSpaces login information and signing in, the YubiOn Portal Windows logon screen will be displayed on the WorkSpaces screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_32_687faec987.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Here, you will be able to log on by entering your password + YubiKey. With WorkSpaces alone, the Windows logon part was omitted, but by introducing YubiOn Portal, it will be possible to enforce two-factor authentication when displaying the desktop.\u003C\u002Fp>\n\u003Ch2>■ Summary\u003C\u002Fh2>\n\u003Cp>The above is how to install YubiOn Portal for the Amazon WorkSpaces environment.\u003C\u002Fp>\n\u003Cp>As same as the previous introduction to Citrix products, I think there will be issues in terms of setup for large-scale use. Currently, I think that the method is to list the SIDs of the created WorkSpaces and install them using the kitting installation option, etc. However, we are looking for a way to automatically register from the created WorkSpaces with YubiOn Portal installed.\u003C\u002Fp>\n\u003Cp>There are 3 digressions below so I will write them together.\u003C\u002Fp>\n\u003Ch3>■ Digression ①: WorkSpaces client protocol\u003C\u002Fh3>\n\u003Cp>WorkSpaces has &quot;PCoIP&quot; and &quot;WSP&quot; as client protocols. Both are protocols for transferring input and output (video, audio, mouse operation, key input, etc.) of WorkSpaces terminals, but their origins are very different.\u003C\u002Fp>\n\u003Cp>① PCoIP (PC over IP)\u003C\u002Fp>\n\u003Cp>A protocol developed by Teradici Co. of Canada (acquired by HP Co. in 2021). In addition to Amazon WorkSpaces, it is also used by VMware&#39;s VMware Horizon.\u003C\u002Fp>\n\u003Cp>② WSP\u003C\u002Fp>\n\u003Cp>A protocol originally developed by Amazon, an abbreviation for &quot;WorkSpaces Streaming Protocol&quot;.\u003C\u002Fp>\n\u003Cp>The comparison between the two is detailed in AWS help.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.aws.amazon.com\u002Fworkspaces\u002Flatest\u002Fadminguide\u002Famazon-workspaces-protocols.html\">Protocols for Amazon WorkSpaces - Amazon WorkSpaces\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The reason why WorkSpaces supports two protocols is speculation. At first, PCoIP was adopted, but to deal with an unstable network environment and support cameras, it was necessary to reconsider the protocol itself and develop a separate WSP. Assuming such circumstances, I think that WSP will become mainstream in WorkSpaces in the future.\u003C\u002Fp>\n\u003Cp>In this procedure, I used WSP, but YubiOn Portal itself works normally even if PCoIP is used. However, when using PCoIP, there is a problem after entering the authentication information in the WorkSpaces client, we have to wait about 1 minute until the Windows logon screen is displayed. Presumably, in the case of PCoIP connections, I suspect there is a mechanism to wait for Windows to log on properly (or time to) using the credentials sent by the WorkSpaces client.\u003C\u002Fp>\n\u003Ch3>■ Digression ②: How FIDO Logon works in WorkSpaces\u003C\u002Fh3>\n\u003Cp>It is related to digression ①. When using the PCoIP protocol, a mechanism called USB transfer can be used.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdocs.aws.amazon.com\u002Fworkspaces\u002Flatest\u002Fuserguide\u002Fusb-redirection.html\">WorkSpaces USB redirection - Amazon WorkSpaces\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In addition to the contents of the above help, in the other to use it, it is necessary to set USB transfer permission in the AD group policy. (I will omit that part this time.)\u003C\u002Fp>\n\u003Cp>I also experimented to see if FIDO Logon can be used. In conclusion, it is possible. However, there are some problems, and I think that it is not practical at the moment.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>As the problem mentioned in digression ① (waiting for about 1 minute until connection) is the same for FIDO Logon.\u003C\u002Fli>\n\u003Cli>YubiKey is the only device officially supported by Amazon and the flexibility of key selection for FIDO2 authentication is lost.\u003C\u002Fli>\n\u003Cli>It seems to be dependent on the environment, but when I tried it, there was a phenomenon that the WorkSpaces client could not recognize the device after removing and reinserting the device or reconnecting to WorkSpaces. (including supposed YubiKeys)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Technically speaking, it may be quite difficult to transfer USB device communication, which is usually exchanged in milliseconds, over the Internet in 100 milliseconds. In addition, there is also the idea that the FIDO mechanism itself is a requirement from the security point of view that the related devices are in the hands of the user. None of the USB\u002FNFC\u002FBLE supported by FIDO2 are originally designed to send communications to remote locations. DaaS authentication, including the pros and cons of transferring USB devices, may be an issue that the industry should continue to consider in the future.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_33_45a5132c79.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>■ Digression ③: Billing for AWS charges\u003C\u002Fh3>\n\u003Cp>The truth is that since it&#39;s just a trial, so if possible, I want to use it for free. However, the charges are as follows.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_34_b34baf3f0e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>In the &quot;Bundle&quot; settings, I chose the item &quot;Free tier eligible&quot;, so the &quot;Software&quot; portion is free. However, it seems that the operation of the instance and the user registration of the directory are not free. And, although it is not described in the above image, I think that parts other than WorkSpaces (such as VPC) are also charged.\u003C\u002Fp>\n","deploy-yubion-portal-in-amazon-workspaces","2022-12-27","2026-04-28T06:16:38.476Z","2026-04-28T06:16:41.441Z",{"id":432,"documentId":433,"name":434,"alternativeText":53,"caption":53,"focalPoint":53,"width":435,"height":436,"formats":437,"hash":470,"ext":58,"mime":62,"size":471,"url":472,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":473,"updatedAt":473,"publishedAt":473},328,"fkb9803t2ai8tcwz9f8yn9b0","blog-deploy-yubion-portal-in-amazon-workspaces-1.png",4180,2453,{"large":438,"small":446,"medium":454,"thumbnail":462},{"ext":58,"url":439,"etag":440,"hash":441,"mime":62,"name":442,"path":53,"size":443,"width":65,"height":444,"sizeInBytes":445},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145.png","a3e29b0d92865c4ce786e06a4f1199f6","large_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145","large_blog-deploy-yubion-portal-in-amazon-workspaces-1.png",99.98,587,99981,{"ext":58,"url":447,"etag":448,"hash":449,"mime":62,"name":450,"path":53,"size":451,"width":74,"height":452,"sizeInBytes":453},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145.png","73aa96676b546a80753286b807a384a2","small_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145","small_blog-deploy-yubion-portal-in-amazon-workspaces-1.png",38.88,293,38877,{"ext":58,"url":455,"etag":456,"hash":457,"mime":62,"name":458,"path":53,"size":459,"width":83,"height":460,"sizeInBytes":461},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145.png","5b06cac1759ab7fdb67d3e7da0f21077","medium_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145","medium_blog-deploy-yubion-portal-in-amazon-workspaces-1.png",65.19,440,65187,{"ext":58,"url":463,"etag":464,"hash":465,"mime":62,"name":466,"path":53,"size":467,"width":92,"height":468,"sizeInBytes":469},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145.png","e6ae459f8b60106ce39841dcb91c6c05","thumbnail_blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145","thumbnail_blog-deploy-yubion-portal-in-amazon-workspaces-1.png",14.95,144,14948,"blog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145",250.81,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_in_amazon_workspaces_1_3f393ac145.png","2026-04-28T06:13:42.500Z",[475,481,487,493],{"id":476,"documentId":477,"name":478,"slug":53,"createdAt":479,"updatedAt":479,"publishedAt":480},20,"hww1z9wzs2ue2bz8z8aslu0x","YubiOnPortal","2026-04-28T04:15:58.811Z","2026-04-28T04:16:00.686Z",{"id":482,"documentId":483,"name":484,"slug":53,"createdAt":485,"updatedAt":485,"publishedAt":486},90,"n9u5mo7asrxetrc7s5uptn6z","AWS","2026-04-28T06:16:19.352Z","2026-04-28T06:16:21.281Z",{"id":488,"documentId":489,"name":490,"slug":53,"createdAt":491,"updatedAt":491,"publishedAt":492},92,"iyvx8lyirvmfur5dbvk7w5e8","AWSWorkSpaces","2026-04-28T06:16:26.772Z","2026-04-28T06:16:28.643Z",{"id":494,"documentId":495,"name":496,"slug":53,"createdAt":497,"updatedAt":497,"publishedAt":498},94,"joorjtxv4v5db878nos2772i","VirtualMachine","2026-04-28T06:16:33.917Z","2026-04-28T06:16:35.731Z",{"id":500,"documentId":501,"title":502,"content":503,"slug":504,"published":505,"createdAt":506,"updatedAt":506,"publishedAt":507,"locale":47,"authorManual":48,"cover":508,"tags":543},65,"amr6cqnto39er0jdr6jhmfmh","Multi-factor Authentication Login to AWS Management Console with YubiKey","\u003Cp>Logging in to the AWS Management Console supports \u003Cstrong>multi-factor authentication (MFA)\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>One-time passwords (TOTP) that can be used on smartphones such as Google Authenticator are often used, but \u003Cstrong>authentication devices such as YubiKey\u003C\u002Fstrong> can also be used.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Click here to purchase a YubiKey\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">Purchase from YubiKey Shop (Authorized Reseller)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">Buy on Amazon\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This article introduces \u003Cstrong>how to set up multi-factor authentication login to the AWS management console using YubiKey\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Unlike one-time passwords, you don&#39;t have to worry about entering passwords, so I think this is more convenient to use.\u003C\u002Fp>\n\u003Cp>Previously, only one device could be set per user, but now it is possible to set multiple devices.\u003C\u002Fp>\n\u003Cp>AWS has changed its specification over time.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Any authentication device that supports FIDO can be used\u003C\u002Fstrong>. Currently, FIDO2 is the latest standard when it comes to FIDO, but AWS uses U2F (FIDO1 in a nutshell) function among FIDO. Therefore, slightly older FIDO keys such as YubiKey 4 can also be used.\u003C\u002Fp>\n\u003Cp>I would like it to support FIDO2 if possible.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Table of Contents\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-a89bu\">\u003Cstrong>Prepare for Setting\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-3cr9k\">\u003Cstrong>Registration Setting Procedure\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-c7gg9\">\u003Cstrong>Login Confirmation Procedure\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-8bp2b\">\u003Cstrong>Register Other Authentication Devices\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-a3ajm\">\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Now let&#39;s set up multi-factor authentication.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Prepare for Setting\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Multi-factor authentication can be set by logging in to the AWS console and \u003Cstrong>setting it yourself\u003C\u002Fstrong>, or by \u003Cstrong>an administrator user setting for another user\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>This time, I will introduce the procedure to set it as an IAM user.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>To configure settings for another user, log in to the AWS console as a administrator user. Open &quot;User&quot; settings in &quot;IAM&quot;, select target user, amd click &quot;Muti-factor authentication (MFA)&quot; in &quot;Authentication information&quot; to set up authentication device registration in the same way as in the article.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>For the setting, the operating IAM user must have \u003Cstrong>permission to set up multi-factor authentication\u003C\u002Fstrong>. If you do not have the authority, set the authority in advance as necessary.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Permission to register for multi-factor authentication\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>iam:EnableMFADevice\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Permission to delete registered multi-factor authentication\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>iam:DeactivateMFADevice\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Registration Setting Procedure\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The following steps are performed in the following environment.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Browser:\u003C\u002Fstrong> Edge 109.0.1518.70\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Authentication Device:\u003C\u002Fstrong> YubiKey 5 NFC\u003C\u002Fp>\n\u003Cp>First, log in to the AWS console as usual.\u003C\u002Fp>\n\u003Cp>After logging in, click your name in the top right, then \u003Cstrong>click &quot;Security credentials\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_1_74d6a07b39.png\" alt=\"セキュリティ認証情報を選択\">\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Assign MFA device\u003C\u002Fstrong>&quot; button under &quot;Multi-factor authentication (MFA)&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_2_0158c28cfc.png\" alt=\"MFAデバイスの割り当て設定\">\u003C\u002Fp>\n\u003Cp>Enter any device name, \u003Cstrong>select &quot;Security Key\u003C\u002Fstrong>&quot; and click &quot;\u003Cstrong>Next\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_3_316fdc4b83.png\" alt=\"MFAデバイスの設定\">\u003C\u002Fp>\n\u003Cp>Security key setup will start.\u003C\u002Fp>\n\u003Cp>Click &quot;OK&quot; to proceed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_4_96c152c92e.png\" alt=\"セキュリティーキーのセットアップポップアップ\">\u003C\u002Fp>\n\u003Cp>Then click &quot;OK&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_5_104b81510a.png\" alt=\"セットアップの続行ポップアップ\">\u003C\u002Fp>\n\u003Cp>If the YubiKey is not connected to USB, you will be prompted to do so.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_6_8c322fc95a.png\" alt=\"セキュリティキーの接続要求\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Connect your YubiKey to a USB port\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_7_adcd2147f6.jpeg\" alt=\"YubiKeyをUSBに接続\">\u003C\u002Fp>\n\u003Cp>After connecting the YubiKey, you will be prompted for a \u003Cstrong>PIN\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_8_d026389a4e.png\" alt=\"PINの入力\">\u003C\u002Fp>\n\u003Cpre>\u003Ccode>In the case of a fingerprint type authentication device, a fingerprint verification will be asked instead of PIN input.\nAlso, PIN input will not be displayed for FIDO authentication devices that do not support PIN or fingerprints(※).\n※ Slightly old devices that do not support FIDO2 (U2F only), such as YubiKey 4.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>A message will appear asking you to touch your YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_9_873fe2fefd.png\" alt=\"セキュリティキーのタッチ要求\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The letter\u003C\u002Fstrong> &quot;\u003Cstrong>Y\u003C\u002Fstrong>&quot; \u003Cstrong>of the connected YubiKey will light up, so touch it\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_10_3e970d2fa7.jpeg\" alt=\"YubiKeyにタッチ\">\u003C\u002Fp>\n\u003Cp>登録が完了するとこのようなメッセージが表示されます。\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_11_3d0671bea7.png\" alt=\"登録完了メッセージ\">\u003C\u002Fp>\n\u003Cp>Looking at the contents, it seems that \u003Cstrong>up to 8\u003C\u002Fstrong> authentication devices can be registered.\u003C\u002Fp>\n\u003Cp>※ After registering a maximum of 8 devices, the &quot;Assign MFA device&quot; button will be disabled.\u003C\u002Fp>\n\u003Cp>The added key will be displayed in the list.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_12_ac598c615b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When I thought: &quot;Where can I check the entered device name?&quot;, it was included in the &quot;Identifier&quot;.\u003C\u002Fp>\n\u003Cp>The setting is completed.\u003C\u002Fp>\n\u003Cp>You will now have \u003Cstrong>multi-factor authentication on your next login\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Login Confirmation Procedure\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Sign out once, and try to use the YubiKey when logging in.\u003C\u002Fp>\n\u003Cp>Display the login screen of the AWS console.\u003C\u002Fp>\n\u003Cp>Enter your username and password to sign in.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_13_6c2a1bb7f5.png\" alt=\"追加の検証としてセキュリティキーのタッチ要求\">\u003C\u002Fp>\n\u003Cp>You will be asked to connect a security key as \u003Cstrong>additional verification\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_14_d786c07b1f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When you connect the YubiKey to USB, you will be asked to touch your key.\u003C\u002Fp>\n\u003Cp>You \u003Cstrong>will not be asked to enter a PIN\u003C\u002Fstrong> when logging in. It&#39;s how U2F works.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_15_e770f6937d.png\" alt=\"追加の検証としてセキュリティキーのタッチ要求\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Touch your YubiKey.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_16_5bd15cbac5.jpeg\" alt=\"YubiKeyにタッチ\">\u003C\u002Fp>\n\u003Cp>If the authentication is successful, the console screen will open.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_17_b079913ceb.png\" alt=\"ログイン成功画面\">\u003C\u002Fp>\n\u003Cp>You were able to successfully \u003Cstrong>log in with multi-factor authentication using YubiKey\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Register Other Authentication Devices\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>I used YubiKey5 NFC in the procedure, but you \u003Cstrong>can use any authentication device that supports FIDO\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>I will try to register with other authentication devices sold by our company.\u003C\u002Fp>\n\u003Ch4>YubiKey Bio (Yubico)\u003C\u002Fh4>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_18_81776c087b.jpeg\" alt=\"YubiKey Bio\">\u003C\u002Fp>\n\u003Cp>※ My YubiKey Bio is Type C, but I don&#39;t have a Type C connection port on my PC, so I used a USB adapter.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKey Bio\u003C\u002Fstrong> is a device that can perform FIDO2 biometric authentication (fingerprint).\u003C\u002Fp>\n\u003Ch4>Idem Key (GoTrust)\u003C\u002Fh4>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_19_cd8bb28fbc.jpeg\" alt=\"IdemKey\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Idem Key\u003C\u002Fstrong> is an authentication device that sets a FIDO2 PIN, just like YubiKey5 NFC.\u003C\u002Fp>\n\u003Ch4>ATKey.Pro (AUTHENTREND)\u003C\u002Fh4>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_20_4e98084a94.jpeg\" alt=\"ATKey.Pro\">\u003C\u002Fp>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>\u003C\u002Fh4>\n\u003Cp>\u003Cstrong>ATKey.Pro\u003C\u002Fstrong> is an authentication device that can perform FIDO2 biometric authentication (fingerprint).\u003C\u002Fp>\n\u003Ch4>\u003C\u002Fh4>\n\u003Ch4>YubiKey4 (Yubico)\u003C\u002Fh4>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_21_b352f35f8b.jpeg\" alt=\"YubiKey4\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKey4\u003C\u002Fstrong> is a U2F device. ※ Currently not available.\u003C\u002Fp>\n\u003Cp>All of these authentication devices \u003Cstrong>could be used\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>From here on, it&#39;s a small story level, but the operation at the time of registration and authentication differs slightly depending on the device.\u003C\u002Fp>\n\u003Cp>The authentication devices tested this time can be divided into the following types:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FIDO2 (PIN)\u003C\u002Fstrong> …YubiKey5 NFC, Idem Key, etc.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FIDO2 (biometric authentication)\u003C\u002Fstrong> …YubiKey Bio, ATKey.Pro, etc.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>FIDO U2F\u003C\u002Fstrong> …YubiKey4, etc.\u003C\u002Fp>\n\u003Cp>And the behavior for each type is as follows:\u003C\u002Fp>\n\u003Cp>\u003Cstrong>At registration:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FIDO2 (PIN): Touch after entering a PIN\u003C\u002Fp>\n\u003Cp>FIDO2 (biometric authentication): biometric check + touch\u003C\u002Fp>\n\u003Cp>FIDO U2F: touch only\u003C\u002Fp>\n\u003Cp>\u003Cstrong>At authentication:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>FIDO2 (PIN): touch only\u003C\u002Fp>\n\u003Cp>FIDO2 (biometric authentication): biometric check + touch\u003C\u002Fp>\n\u003Cp>FIDO U2F: touch only\u003C\u002Fp>\n\u003Cp>Since the implementation on the AWS side is U2F, if the authentication device used is FIDO2, the behavior seems to change little by little.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>By setting up multi-factor authentication using YubiKey, you can log in \u003Cstrong>more securely and easily\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>As I wrote at the beginning, the one-time password (TOTP) is convenient because it can be used with a smartphone. But as the number of IDs to be used increases, it becomes difficult just to search for the right ID. And it is surprisingly troublesome to enter the TOTP each time. So authentication devices are more convenient to use, right?\u003C\u002Fp>\n\u003Cp>From the point of view of management, it is also easy to manage, since all you have to do is manage physical devices.\u003C\u002Fp>\n\u003Cp>If your company doesn&#39;t have company-issued smartphones, it&#39;s uneasy to put one-time password information on your smartphone from a security perspective. But if it&#39;s a physical device, it&#39;s possible to hand over the device to the user only when necessary.\u003C\u002Fp>\n\u003Cp>If you have a FIDO authentication device such as YubiKey, why not give it a try?\u003C\u002Fp>\n\u003Cp>You can purchase YubiKeys and other authentication devices we sell from the following sites.\u003C\u002Fp>\n\u003Cp>For a quote, please contact us using the inquiry form.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>YubiKey Shop (Authorized Reseller)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fykey.yubion.com\u002F\">https:\u002F\u002Fykey.yubion.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Amazon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&amp;marketplaceID=A1VC38T7YXB528\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Contact\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Thank you for reading to the end.\u003C\u002Fp>\n","aws-mfa-login-with-yubikey","2022-12-21","2026-04-28T06:46:57.334Z","2026-04-28T06:47:00.614Z",{"id":509,"documentId":510,"name":511,"alternativeText":53,"caption":53,"focalPoint":53,"width":512,"height":513,"formats":514,"hash":539,"ext":58,"mime":62,"size":540,"url":541,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":542,"updatedAt":542,"publishedAt":542},618,"z6x9jby29zdkc7glu1ypppi3","blog-aws-mfa-login-with-yubikey-1.png",866,958,{"small":515,"medium":523,"thumbnail":531},{"ext":58,"url":516,"etag":517,"hash":518,"mime":62,"name":519,"path":53,"size":520,"width":521,"height":74,"sizeInBytes":522},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_aws_mfa_login_with_yubikey_1_74d6a07b39.png","7b659bbb7d6322f501aa493057937e44","small_blog_aws_mfa_login_with_yubikey_1_74d6a07b39","small_blog-aws-mfa-login-with-yubikey-1.png",62.66,452,62664,{"ext":58,"url":524,"etag":525,"hash":526,"mime":62,"name":527,"path":53,"size":528,"width":529,"height":83,"sizeInBytes":530},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_aws_mfa_login_with_yubikey_1_74d6a07b39.png","d31a24a67492d197b1242c69ab3d6eec","medium_blog_aws_mfa_login_with_yubikey_1_74d6a07b39","medium_blog-aws-mfa-login-with-yubikey-1.png",113.28,678,113279,{"ext":58,"url":532,"etag":533,"hash":534,"mime":62,"name":535,"path":53,"size":536,"width":537,"height":222,"sizeInBytes":538},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_aws_mfa_login_with_yubikey_1_74d6a07b39.png","8011911071c31b6c471504f5e5a85d64","thumbnail_blog_aws_mfa_login_with_yubikey_1_74d6a07b39","thumbnail_blog-aws-mfa-login-with-yubikey-1.png",11.92,141,11919,"blog_aws_mfa_login_with_yubikey_1_74d6a07b39",28.11,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_aws_mfa_login_with_yubikey_1_74d6a07b39.png","2026-04-28T06:45:04.869Z",[544,545,546,547],{"id":102,"documentId":103,"name":104,"slug":53,"createdAt":105,"updatedAt":105,"publishedAt":106},{"id":232,"documentId":233,"name":234,"slug":53,"createdAt":235,"updatedAt":235,"publishedAt":236},{"id":482,"documentId":483,"name":484,"slug":53,"createdAt":485,"updatedAt":485,"publishedAt":486},{"id":548,"documentId":549,"name":550,"slug":53,"createdAt":551,"updatedAt":551,"publishedAt":552},102,"uqbg02l5gzj5wkl3gqtns0wx","SettingGuide","2026-04-28T06:46:52.463Z","2026-04-28T06:46:54.313Z",{"id":554,"documentId":555,"title":556,"content":557,"slug":558,"published":559,"createdAt":560,"updatedAt":560,"publishedAt":561,"locale":47,"authorManual":48,"cover":562,"tags":607},67,"od0ivtvg3vrogamhmge02vpx","[PPAP Measures] Ready-to-use file transfer service YubiOn SecureFileTransfer","\u003Cp>On November 30th, 2022, we released &quot;YubiOn SecureFileTransfer (beta version)&quot;, a file transfer cloud service that can be used for PPAP countermeasures.\u003C\u002Fp>\n\u003Cp>This time, I would like to introduce how actually to use &quot;YubiOn SecureFileTransfer&quot;, including the procedure.\u003C\u002Fp>\n\u003Cp>The first half is a rough overview, and the second half describes the actual procedure. So, if you want to know the outline, you can read only the first half.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-32f5\">[First half] YubiOn SecureFileTransfer Introduction\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-b4pl9\">[Second half] How to use YubiOn SecureFileTransfer\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ At the time of this article, the beta version was used, so please understand that the operation and specifications may change due to future product updates.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>[First half]\u003C\u002Fstrong> \u003Cstrong>YubiOn SecureFileTransfer\u003C\u002Fstrong> \u003Cstrong>Introduction\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>I will introduce the general features of YubiOn SecureFileTransfer.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-6a98s\">PPAP headed for repeal\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-cr270\">What can YubiOn SecureFileTransfer do?\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-3ggg0\">Overview of communication using YubiOn SecureFileTransfer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-eurq\">Advantages of YubiOn SecureFileTransfer\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>PPAP headed for repeal\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>We are introducing it under the name of PPAP countermeasure product, but I think some people may be wondering: \u003Cstrong>What exactly is PPAP?\u003C\u002Fstrong> So let me briefly explain this.\u003C\u002Fp>\n\u003Cp>For example, imagine a situation where you want to email someone a confidential file.\u003C\u002Fp>\n\u003Cp>If it&#39;s a regular file, you can attach it. But it&#39;s a confidential file, so you can&#39;t just attach it to an email. It is very dangerous if the e-mail is stolen, it will be a leakage of information.\u003C\u002Fp>\n\u003Cp>So, you compressed the file you want to send to a ZIP file with a password. Then, you attached the ZIP file to an email and send it. But you need to tell your recipient the decompression password. So you sent another email with only the password...\u003C\u002Fp>\n\u003Cp>I&#39;m sure many of you have used this method before.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616.jpeg\" alt=\"PPAPのパターン\">\u003C\u002Fp>\n\u003Cp>PPAP Pattern\u003C\u002Fp>\n\u003Cp>This method of telling the password after attaching the ZIP file with a password is commonly called \u003Cstrong>PPAP\u003C\u002Fstrong>. If you&#39;ve done it before, you&#39;ll know that this procedure is quite cumbersome. Moreover, it has been pointed out that it is not effective as a security measure. Certainly, suppose there is a risk of your e-mail being stolen. In that case, even if you send the password with a separate email, there is a high possibility that both of them will be stolen after all, and you can imagine that &quot;It may not be very effective?&quot;.\u003C\u002Fp>\n\u003Cp>The Japanese government is also shifting toward prohibiting PPAP, and after November 26th, 2020, the Cabinet Office and Cabinet Secretariat announced that PPAP will be abolished.\u003C\u002Fp>\n\u003Cp>The movement to abolish PPAP is also spreading among general companies. And it is expected to accelerate in the future. The use of password-protected ZIP files will become unusable for communication with those companies. Attaching a file to the email itself carries the risk of a computer virus, and in the future, if you attach a password-protected ZIP file, you may be scolded by your business partner as &quot;Insane!&quot;.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>What can YubiOn SecureFileTransfer do?\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>As mentioned above, PPAP and email attachments are becoming more and more discouraged. However, if you want to send a file in the middle of an email exchange, file attachments are very easy and convenient. If you can&#39;t use attachments, you may be in trouble.\u003C\u002Fp>\n\u003Cp>This is where YubiOn SecureFileTransfer finally comes into play. This is \u003Cstrong>a cloud service that allows you to send files\u003C\u002Fstrong> securely \u003Cstrong>without attaching them to emails\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Since it is not attached to the email,\u003C\u002Fstrong> it is \u003Cstrong>a PPAP countermeasure\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Let&#39;s take a look at an overview of the exchange.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Overview of communication using YubiOn SecureFileTransfer\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Suppose someone who wants to send a file (sender) sends an email to someone who will receive the file (recipient).\u003C\u002Fp>\n\u003Cp>※ The sender needs to register in advance to use YubiOn SecureFileTransfer, but here assume that registration has already been completed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_2_3489377912.png\" alt=\"1.ファイルをアップロード\">\u003C\u002Fp>\n\u003Col>\n\u003Cli>Upload file\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>First, \u003Cstrong>the sender\u003C\u002Fstrong> \u003Cstrong>uploads\u003C\u002Fstrong> the file he\u002Fshe wants to send to YubiOn SecureFileTransfer.\u003C\u002Fp>\n\u003Cp>At this time, he\u002Fshe can specify the recipient&#39;s email address and can restrict people other than the specified email address from downloading the file.\u003C\u002Fp>\n\u003Cp>※ You can choose not to specify an email address. In this case, there is no download limit; anyone can download the file.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_3_4f2cba3a1b.png\" alt=\"2.ダウンロードURLを通知\">\u003C\u002Fp>\n\u003Col start=\"2\">\n\u003Cli>Notify download URL\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>When the upload is complete, the download URL will be displayed, so \u003Cstrong>email the\u003C\u002Fstrong> \u003Cstrong>URL\u003C\u002Fstrong> to the person you want to send the file (recipient).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_4_189c40e05b.png\" alt=\"3.ファイルをダウンロード\">\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Download the file\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>The recipient\u003C\u002Fstrong> accesses the download URL and \u003Cstrong>downloads the file\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>At this time, if an email address is specified, its owner will be asked to log in. Only specified accounts can download. If no email address is specified, you can download the file without logging in.\u003C\u002Fp>\n\u003Cp>You have transferred the file successfully.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Advantages of\u003C\u002Fstrong> \u003Cstrong>YubiOn SecureFileTransfer\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>As you can see, exchanging files using YubiOn SecureFileTransfer \u003Cstrong>does not attach files to emails\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>In addition, you can specify an email address \u003Cstrong>to prevent unauthorized file downloads by third parties\u003C\u002Fstrong>. Therefore, even if a third party steals the content of the email, the file will not be.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Files are encrypted and stored in the cloud\u003C\u002Fstrong>. In addition, \u003Cstrong>the upload and download paths are encrypted with SSL\u002FTLS\u003C\u002Fstrong>, so files can be sent and received securely.\u003C\u002Fp>\n\u003Cp>As with other functions, you can know whether uploaded files have been downloaded, and you can also delete uploaded files. As a result, if you delete the uploaded file after confirming the recipient&#39;s download, you can operate more safely without exposing the file more than necessary.\u003C\u002Fp>\n\u003Cp>In the case of attaching to an email, if the destination email address or the attached file is incorrect, it may be irreversible. But if you use YubiOn SecureFileTransfer, you can delete the file. It also avoids the risk of these human errors.\u003C\u002Fp>\n\u003Cp>In addition, since files to be uploaded can be up to 1GB, it can be used even when sending files that are too large to be attached by email.\u003C\u002Fp>\n\u003Cp>You can use it free now, so please register and give it a try.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion-securefiletransfer\">https:\u002F\u002Fwww.yubion.com\u002Fyubion-securefiletransfer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>In the second half, I will introduce the specific operation procedure.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>[Second half] How to use YubiOn SecureFileTransfer\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>YubiOn SecureFileTransfer is a cloud service that can be used immediately after registration.\u003C\u002Fp>\n\u003Cp>This section describes the procedure for actually using the service to send and receive files.\u003C\u002Fp>\n\u003Cp>The general flow of usage is as follows:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-6mcvc\">[Sender] Register for YubiOn SecureFileTransfer\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-8ejsq\">[Sender] Upload the file you want to send\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-90kmo\">[Sender] Notify the download URL to the recipient\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-1b31u\">[Recipient] Download the file\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Now I will explain the specific steps.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Register for\u003C\u002Fstrong> \u003Cstrong>YubiOn SecureFileTransfer\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Register an account to use YubiOn SecureFileTransfer.\u003C\u002Fp>\n\u003Cp>Click the &quot;Sign up&quot; button on the top of the product page.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion-securefiletransfer\">https:\u002F\u002Fwww.yubion.com\u002Fyubion-securefiletransfer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_5_7b601a94df.png\" alt=\"SecureFileTransferの利用開始\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_6_fda32be290.png\" alt=\"新規登録 - 注意事項\">\u003C\u002Fp>\n\u003Cp>After reading the &quot;Privacy Policy&quot; and &quot; Terms of Service&quot;, check the checkbox to agree and click the &quot;Next&quot; button.\u003C\u002Fp>\n\u003Cp>Next, we will register an account. There are 2 ways:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-47kkg\">If you have a Google account\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-1ktf4\">If you don&#39;t have a Google account\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>[If you have a Google account]\u003C\u002Fh4>\n\u003Cp>If you have a Google account, you can easily register with your Google account.\u003C\u002Fp>\n\u003Cp>Click the Google icon in &quot;Register using an external service account&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_7_f1c2202efb.png\" alt=\"ユーザー登録\">\u003C\u002Fp>\n\u003Cp>If you use multiple Google accounts, please select which account to use.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_8_83b6a45cc9.png\" alt=\"ユーザー登録完了\">\u003C\u002Fp>\n\u003Cp>Linking with Google is done and registration is complete.\u003C\u002Fp>\n\u003Cp>This method is fast, right?\u003C\u002Fp>\n\u003Ch4>[If you don&#39;t have a Google account]\u003C\u002Fh4>\n\u003Cp>If you don&#39;t have a Google, you will need to register your email address and confirm your email.\u003C\u002Fp>\n\u003Cp>Enter the name, email address, password, and confirmation password to be registered in &quot;Register by entering user information&quot; and click the register button at the bottom of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_9_83708bddc1.png\" alt=\"ユーザー登録 (手入力)\">\u003C\u002Fp>\n\u003Cp>Click &quot;OK&quot; on the confirmation message.\u003C\u002Fp>\n\u003Cp>The user&#39;s temporary registration screen will be displayed. At this time, a registration email will be sent to the email address you entered.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_10_72076494a9.png\" alt=\"仮登録画面\">\u003C\u002Fp>\n\u003Cp>Check the email with your email client and click the link in the content.\u003C\u002Fp>\n\u003Cp>The expiration time is 1 hour. If the expiration time has expired, you will have to start over from registration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_11_b7e180c7c8.png\" alt=\"ユーザー登録承認リクエストメール\">\u003C\u002Fp>\n\u003Cp>When you access the URL, an email address input screen opens\nEnter the registered email address, click the &quot;Confirm&quot; button, and enter the registered password to log in.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_12_c4847f66c7.png\" alt=\"メールアドレス確認画面\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_13_143ea58ca4.png\" alt=\"パスワード入力\">\u003C\u002Fp>\n\u003Cp>Enter the correct password to complete registration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_14_96b4effbe9.png\" alt=\"メールアドレス確認完了\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Upload the file you want to send\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>Log in to YubiOn SecureFileTransfer with your registered email address.\u003C\u002Fp>\n\u003Cp>Select &quot;Upload&quot; from the left menu to open the Upload screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_15_09227e1c9f.png\" alt=\"アップロード画面へのリンク\">\u003C\u002Fp>\n\u003Cp>Enter the &quot;Outline&quot; items.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_16_3994cee952.png\" alt=\"アップロードの設定\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>From:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The sender&#39;s email address.\u003C\u002Fp>\n\u003Cp>If you have multiple email addresses, you can add your email address in advance on the setting screen. Then, you can select from the pull-down menu.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>To:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>This setting determines whether to specify the destination (recipient) email address.\u003C\u002Fp>\n\u003Cp>If you select &quot;Unlimited&quot;, anyone who knows the URL will be able to download the file. The recipients can download without registering for YubiOn SecureFileTransfer.\u003C\u002Fp>\n\u003Cp>If you select &quot;Only the specified mail address&quot;, enter the recipient&#39;s email address. You can also specify multiple email addresses by clicking the plus icon.\u003C\u002Fp>\n\u003Cp>The recipient must log in to YubiOn SecureFileTransfer when downloading from the URL. ※ Registration is required if the recipient has not registered.\u003C\u002Fp>\n\u003Cp>Selecting &quot;Only the specified mail address&quot; provides higher security strength, so it is usually safer to specify.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Title:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The file title when the uploaded file is downloaded. Any name is OK.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Options:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you click the &quot;Open options&quot; button, the option settings will be displayed. But, since the setting value is fixed in the beta version, you cannot change it now.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_17_5b0c43766c.png\" alt=\"アップロードのオプション\">\u003C\u002Fp>\n\u003Cp>Specify the file to be uploaded by clicking the &quot;Select file&quot; button in the &quot;List of files in archive&quot; or by dragging and dropping the file.\u003C\u002Fp>\n\u003Cp>You can specify multiple files.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_18_618b240200.png\" alt=\"アップロードするファイルを選択\">\u003C\u002Fp>\n\u003Cp>Click the &quot;Upload&quot; button and click &quot;OK&quot; on the confirmation message.\u003C\u002Fp>\n\u003Cp>The file upload will start.\u003C\u002Fp>\n\u003Cp>Files are automatically zipped and uploaded.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_19_3537ac6c0d.png\" alt=\"アップロード完了画面\">\u003C\u002Fp>\n\u003Cp>When the upload is completed, a screen like this will be displayed.\u003C\u002Fp>\n\u003Cp>Send the download URL displayed here to the person you want to send the file.\u003C\u002Fp>\n\u003Cp>We will send an email this time.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Notify the download URL to the recipient\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>To tell the download URL to the recipient, open the mailer and write the email text.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_20_8083b0e37f.png\" alt=\"メール内容例\">\u003C\u002Fp>\n\u003Cp>Copy and paste the download URL in the text.\u003C\u002Fp>\n\u003Cp>The file download expiration date is set to 3 days by default, so write it just in case.\u003C\u002Fp>\n\u003Cp>Send the email.\u003C\u002Fp>\n\u003Cp>The sender operation is completed.\u003C\u002Fp>\n\u003Cp>From the next step onwards, we will look at the operations on the recipient side.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Download the file\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>From here, we will check the operation on the recipient side.\u003C\u002Fp>\n\u003Cp>An email has arrived from the sender, so click the download URL in the email text.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_21_57fb3c3b9f.png\" alt=\"受信したメール例\">\u003C\u002Fp>\n\u003Cp>When you access the URL, the YubiOn SecureFileTransfer login screen will be displayed.\u003C\u002Fp>\n\u003Cp>By the way, if the sender uploads without specifying an email address, the download screen will open directly instead of the login screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_22_8ef1e2c085.png\" alt=\"ログイン画面\">\u003C\u002Fp>\n\u003Cp>If you have registered for YubiOn SecureFileTransfer before, you will need to log in, but if you are using it for the first time, you will need to register by clicking the &quot;Sign up&quot; link.\u003C\u002Fp>\n\u003Cp>The registration operation is the same as the content of &quot;\u003Ca href=\"#viewer-6mcvc\">Register for YubiOn SecureFileTransfer\u003C\u002Fa>&quot; above, so I will omit it here. Please note that the registered email address must match the email address specified by the sender.\u003C\u002Fp>\n\u003Cp>If the registration is successful, the received file screen will be displayed after login.\u003C\u002Fp>\n\u003Cp>If the download screen is not displayed, open the received file screen from &quot;Inbox&quot; on the left menu.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_23_921c14b6ee.png\" alt=\"ダウンロード画面\">\u003C\u002Fp>\n\u003Cp>The contents of the files are displayed in the &quot;List of files in archive&quot;.\u003C\u002Fp>\n\u003Cp>Click the &quot;Download&quot; button.\u003C\u002Fp>\n\u003Cp>Click the &quot;Save&quot; button to download the file.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_24_abaacfe66d.png\" alt=\"ファイルをダウンロード\">\u003C\u002Fp>\n\u003Cp>The file name is the name specified by the sender in the &quot;Title&quot;.\u003C\u002Fp>\n\u003Cp>The files have been successfully sent.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>Introduction of other functions\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>I would like to add \u003Cstrong>a function that allows the sender to check\u003C\u002Fstrong> after uploading.\u003C\u002Fp>\n\u003Cp>On the sender side, the information of the sent file is displayed in a list on the &quot;Outbox&quot; screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_25_90b27e8af6.png\" alt=\"送信ファイル一覧画面\">\u003C\u002Fp>\n\u003Cp>Click the title to view information about the uploaded file.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_26_a6044ecf9d.png\" alt=\"送信ファイル詳細画面\">\u003C\u002Fp>\n\u003Cp>When you open the detailed information, \u003Cstrong>you can check the URL of the download page again\u003C\u002Fstrong>, so please check from here if you failed to copy the URL.\u003C\u002Fp>\n\u003Cp>In addition, the number of times the file has been downloaded is displayed in the &quot;Number of downloads possible&quot;, so \u003Cstrong>you can check whether the file has been downloaded\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>Currently, it is not possible to see who downloaded it, but we plan to make it possible to check detailed information in future updates.\u003C\u002Fp>\n\u003Cp>By the way, \u003Cstrong>if the download expiration date has passed, the file will be deleted\u003C\u002Fstrong> and will disappear from the list, so please be careful.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Cstrong>YubiOn SecureFileTransfer is a service that allows you to transfer files without attaching them to emails.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>It is a PPAP countermeasure because it does not attach files to the email.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Uploaded files are safe because you can limit who can download them.\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>That was the introduction of YubiOn SecureFileTransfer.\u003C\u002Fp>\n\u003Cp>You can use it for free, so please take this opportunity to try it.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion-securefiletransfer\">https:\u002F\u002Fwww.yubion.com\u002Fyubion-securefiletransfer\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>We will continue to update and aim to make the product even more convenient and easier to use.\u003C\u002Fp>\n\u003Cp>If you have any comments or impressions, such as things you noticed while using the service, to suggestions for ways to use it, please send them from the &quot;FeedBack&quot; form that appears when you click your name in the upper right corner of the login.\u003C\u002Fp>\n\u003Cp>We will use it as a reference for future updates.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_27_1196cd19c9.png\" alt=\"フィードバックへのリンク\">\u003C\u002Fp>\n\u003Cp>Thank you for reading to the end.\u003C\u002Fp>\n","how-to-use-yubion-securefiletransfer","2022-12-14","2026-04-28T06:49:41.409Z","2026-04-28T06:49:44.846Z",{"id":563,"documentId":564,"name":565,"alternativeText":53,"caption":53,"focalPoint":53,"width":566,"height":567,"formats":568,"hash":603,"ext":570,"mime":574,"size":604,"url":605,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":606,"updatedAt":606,"publishedAt":606},639,"q6641s85iues4plrwsgntpuq","blog-how-to-use-yubion-securefiletransfer-1.jpeg",2472,1172,{"large":569,"small":579,"medium":587,"thumbnail":595},{"ext":570,"url":571,"etag":572,"hash":573,"mime":574,"name":575,"path":53,"size":576,"width":65,"height":577,"sizeInBytes":578},".jpeg","https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616.jpeg","68e9bd15821836bcc81ffd80edf069c8","large_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616","image\u002Fjpeg","large_blog-how-to-use-yubion-securefiletransfer-1.jpeg",24.46,474,24462,{"ext":570,"url":580,"etag":581,"hash":582,"mime":574,"name":583,"path":53,"size":584,"width":74,"height":585,"sizeInBytes":586},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616.jpeg","3ea3b156e3efb68ee897da44d47e565e","small_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616","small_blog-how-to-use-yubion-securefiletransfer-1.jpeg",10.6,237,10596,{"ext":570,"url":588,"etag":589,"hash":590,"mime":574,"name":591,"path":53,"size":592,"width":83,"height":593,"sizeInBytes":594},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616.jpeg","3534fbf047b9cc34eee1ba5d94673d8b","medium_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616","medium_blog-how-to-use-yubion-securefiletransfer-1.jpeg",17.15,356,17145,{"ext":570,"url":596,"etag":597,"hash":598,"mime":574,"name":599,"path":53,"size":600,"width":92,"height":601,"sizeInBytes":602},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616.jpeg","318fb5f8dd171a0aeaeb21c9bc1fce64","thumbnail_blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616","thumbnail_blog-how-to-use-yubion-securefiletransfer-1.jpeg",4.38,116,4381,"blog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616",77.66,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_use_yubion_securefiletransfer_1_a7d7ee0616.jpeg","2026-04-28T06:47:18.364Z",[608],{"id":609,"documentId":610,"name":611,"slug":53,"createdAt":612,"updatedAt":612,"publishedAt":613},104,"k1gb1qbio0gpaudcqjphi8mc","PPAP","2026-04-28T06:49:36.593Z","2026-04-28T06:49:38.427Z",{"id":615,"documentId":616,"title":617,"content":618,"slug":619,"published":620,"createdAt":621,"updatedAt":621,"publishedAt":622,"locale":47,"authorManual":48,"cover":623,"tags":665},35,"za1r8f0khw9v4j4lxasg8he8","FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for macOS","\u003Cp>You are using macOS or Linux(GUI), and you have bought a FIDO2 security key, but where to set the PIN? Or where to enroll the fingerprint? I think some people would be confused. This article describes how to set a PIN and fingerprint for a FIDO2-compatible security key for macOS or Linux users.\u003C\u002Fp>\n\u003Cp>There are 3 main patterns for setting FIDO2-compatible security keys.\u003C\u002Fp>\n\u003Cp>(Hereafter, FIDO2-compatible security keys are abbreviated as security keys.)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>Security key setup for Windows (10, 11)\u003C\u002Fstrong>\n\u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2-security-key-pin-setting---fingerprint-setting-for-windows?lang=en\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for Windows\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Setup using Chrome browser for macOS and Linux\u003C\u002Fstrong>\n→ Here is how to do it. Below are links to each section.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-f3jhj\">How to access the security key setup screen\u003C\u002Fa>\n\u003Ca href=\"#viewer-9tsdn\">How to register PIN\u003C\u002Fa>\n\u003Ca href=\"#viewer-8q4fj\">How to enroll fingerprints\u003C\u002Fa>\n　→ Please refer to these instructions to add another fingerprint too.\n\u003Ca href=\"#viewer-1t357\">How to remove fingerprints\u003C\u002Fa>\n\u003Ca href=\"#viewer-effk8\">How to change the PIN\u003C\u002Fa>\n\u003Ca href=\"#viewer-3iasv\">How to reset the security key\u003C\u002Fa>\n　→ If your security key has been blocked, please follow these steps to reset it.\n\u003Ca href=\"#viewer-s2gk\">Buy a security key\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Setup using tools provided by each authentication device vendor\u003C\u002Fstrong>\n→ Please check the website of each authentication device vendor.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>Environment Information\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Ch3>\u003Cstrong>PC\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>macOS Monterey (12.6)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Browser\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Chrome (version 90 or later)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Security Key\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>YubiKey 5 NFC (non-biometric)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>YubiKey Bio (biometric)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ The above security keys were used for the explanation, but the same operation is possible with other security keys.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Notes\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>Leaving the setup screen for too long\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The next operation may fail if the security key setup screen is left for too long.\u003C\u002Fli>\n\u003Cli>When you are asked to operate with the security key, if you leave it too long, it may fail due to timeout.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Information about PIN change\u003C\u002Fstrong>\nEven if you change the PIN of a security key that has already been registered on multiple websites, you can use it without any problems.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>About security key reset\u003C\u002Fstrong>\nIf you enter the wrong PIN 8 times in a row, you will be asked to reset your security key. After resetting, all the credentials that have been registered on websites and apps so far will also be removed.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>If the security key does not respond\u003C\u002Fstrong>\nPlease try the following operations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If it is connected via a USB hub, etc., try to connect it to the PC directly.\u003C\u002Fli>\n\u003Cli>If there is still no response after connecting to the PC directly, please try on another PC.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ If there is still no response after trying the above ways, please contact the vendor where you bought the security key. Please use the inquiry form to inquire about keys purchased from us.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Setting security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>When you buy a security key, by default it has no PIN or fingerprint.\u003C\u002Fp>\n\u003Cp>First, I will explain how to set a PIN.\u003C\u002Fp>\n\u003Cp>※ Fingerprint-enabled devices also require a PIN.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to access the security key setup screen ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>First, insert your security key into the USB port.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Open the Chrome browser, click the &quot;\u003Cstrong>︙\u003C\u002Fstrong>&quot; three-dot reader at the top right of the screen, and click &quot;\u003Cstrong>Settings\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_2_ddb8b9cb90.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;\u003Cstrong>Privacy and security\u003C\u002Fstrong>&quot; on the left side of the screen.\u003C\u002Fp>\n\u003Cp>※ Please note that it is not displayed in guest mode.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_3_2f555b76ed.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;\u003Cstrong>Security\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_4_197058f323.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Scroll to the bottom of the screen and click &quot;\u003Cstrong>Manage security keys\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>※ This item is not displayed on Windows machines.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_5_c45023ad95.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The security key management menu will be displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_6_5ac5552770.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to register PIN ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section explains how to register a PIN. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-f3jhj\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click &quot;\u003Cstrong>Create a PIN\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_7_a81a3fe807.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to touch your security key, so touch your security key button (a metal part, a biometric sensor, a part where the light is blinking, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_8_120eeab19b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_9_c10c359f7b.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter a new PIN in the \u003Cstrong>PIN\u003C\u002Fstrong> field and enter a confirmation PIN in the \u003Cstrong>Confirm PIN\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>※ PIN can be set from 4 to 63 characters (length range defined by FIDO2 specification).\u003C\u002Fp>\n\u003Cp>※ Click the eye icon to see what you are currently entering.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Save\u003C\u002Fstrong>&quot; button after entering.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_10_5cf5823e92.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button when you have finished creating your PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_11_eb2b0f89f5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The PIN setting is completed.\u003C\u002Fp>\n\u003Cp>For other settings, please refer to the following.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-effk8\">How to change the PIN\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-3iasv\">How to reset the security key\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please refer to &quot;\u003Ca href=\"#viewer-8q4fj\">How to enroll fingerprints\u003C\u002Fa>&quot; to enroll your fingerprint.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to enroll fingerprints ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>You must set a PIN before enrolling your fingerprints. If the PIN setting has not been completed yet, set a PIN by referring to &quot;\u003Ca href=\"#viewer-9tsdn\">How to register PIN\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003Cp>This section describes how to enroll your fingerprints to your security key. The explanation here assumes that the setting screen is displayed. (Please follow the steps here to add another fingerprint too.)\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-f3jhj\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click &quot;\u003Cstrong>Fingerprints\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_12_7f0aa469e0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to touch your security key, so touch your security key button (a metal part, a biometric sensor, a part where the light is blinking, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_13_238530e8a1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_14_5ae5941de6.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter the PIN set for the security key in the \u003Cstrong>PIN\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>After entering, click the &quot;\u003Cstrong>Continue\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_15_41f0b025a0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Add\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_16_3304cb9fa3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The following screen will be displayed, so repeatedly put your finger on the fingerprint sensor and release it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_17_8e887b25ec.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After enrolling your fingerprint, click the &quot;\u003Cstrong>Continue\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_18_f6c2099f19.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to enter the name of your fingerprint, so enter it in the \u003Cstrong>Name\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>After entering, click the &quot;\u003Cstrong>Continue\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_19_ad389cd522.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The setting is completed when the enrolled fingerprint is displayed.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Done\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>※ It is also possible to add another fingerprint from the &quot;\u003Cstrong>Add\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_20_c6d40859ca.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The fingerprint enrollment is completed.\u003C\u002Fp>\n\u003Cp>For other settings, please refer to the following.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-1t357\">How to remove fingerprints\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>[ How to remove fingerprints ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section describes how to remove fingerprint data from the security key. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-f3jhj\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click &quot;\u003Cstrong>Fingerprints\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_12_7f0aa469e0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to touch your security key, so touch your security key button (a metal part, a biometric sensor, a part where the light is blinking, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_13_238530e8a1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_14_5ae5941de6.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter the PIN set for the security key in the \u003Cstrong>PIN\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>After entering, click the &quot;\u003Cstrong>Continue\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_15_41f0b025a0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A list of enrolled fingerprints will be displayed, so click the &quot;\u003Cstrong>×\u003C\u002Fstrong>&quot; icon on the right of the fingerprint you want to delete.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_21_c2709f9637.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Done\u003C\u002Fstrong>&quot; button when the specified fingerprint is deleted.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_22_a3a5f07fa0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Fingerprint removal is complete.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to change the PIN ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section explains how to change the security key PIN. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-f3jhj\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click &quot;\u003Cstrong>Create a PIN\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_7_a81a3fe807.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to touch your security key, so touch your security key button (a metal part, a biometric sensor, a part where the light is blinking, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_8_120eeab19b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_9_c10c359f7b.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter the PIN currently set for the security key in the \u003Cstrong>Current PIN\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>Then enter a new PIN in the \u003Cstrong>PIN\u003C\u002Fstrong> field and a confirmation PIN in the \u003Cstrong>Confirm PIN\u003C\u002Fstrong> field.\u003C\u002Fp>\n\u003Cp>Finally, click the &quot;\u003Cstrong>Save\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_23_d24348bbd1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After changing the PIN, click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_24_beb5aac76f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The PIN change is complete.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to reset the security key ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section describes how to delete all security key settings and reset them to factory settings. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-f3jhj\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>About resetting a security key that is already in use\u003C\u002Fstrong>\nIf you reset a security key that has already been registered to a website or application, your authentication information will also be lost. If you want to use the reset security key, you will need to set your PIN and fingerprint and re-register to the website you are using.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Click &quot;\u003Cstrong>Reset your security key\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_25_93c420d0f3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Remove your security key from the USB port, insert it again, and then touch its button (a metal part, a part where the light is blinking, etc.)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_26_1cda469551.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A reset confirmation message will be displayed, so touch your security key button (a metal part, a part where the light is blinking, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_27_5c8d1766b9.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After resetting your security key, click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>After the reset is completed, the PIN and fingerprints that have been set up until now will be removed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_28_6fdd0e07cb.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Security key reset is completed.\u003C\u002Fp>\n\u003Cp>If you want to use the reset security key again, register your PIN or fingerprint, and register your authentication information to the website or application you are using.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ Buy a security key ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>We sell multiple FIDO2-compatible security keys. You can also buy from Amazon as the following.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">B\u003C\u002Fa>uy on Amazon\u003C\u002Fp>\n\u003Cp>※ Please contact us for bulk purchases.\u003C\u002Fp>\n","fido2-security-key-pin-fingerprint-setting-macos","2022-12-13","2026-04-28T06:29:19.595Z","2026-04-28T06:29:22.728Z",{"id":624,"documentId":625,"name":626,"alternativeText":53,"caption":53,"focalPoint":53,"width":627,"height":628,"formats":629,"hash":661,"ext":570,"mime":574,"size":662,"url":663,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":664,"updatedAt":664,"publishedAt":664},456,"kuiymbtxa1a7qsg5285xebd2","blog-fido2-security-key-pin-fingerprint-setting-macos-1.jpeg",3000,2250,{"large":630,"small":637,"medium":645,"thumbnail":653},{"ext":570,"url":631,"etag":632,"hash":633,"mime":574,"name":634,"path":53,"size":635,"width":65,"height":83,"sizeInBytes":636},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4.jpeg","561e69d67f732666b77d32262d3a076d","large_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4","large_blog-fido2-security-key-pin-fingerprint-setting-macos-1.jpeg",135.4,135397,{"ext":570,"url":638,"etag":639,"hash":640,"mime":574,"name":641,"path":53,"size":642,"width":74,"height":643,"sizeInBytes":644},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4.jpeg","cb4d56010c8fea58644cfa371fe7f035","small_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4","small_blog-fido2-security-key-pin-fingerprint-setting-macos-1.jpeg",35.85,375,35853,{"ext":570,"url":646,"etag":647,"hash":648,"mime":574,"name":649,"path":53,"size":650,"width":83,"height":651,"sizeInBytes":652},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4.jpeg","924e7c4f981c78db4fe69d202d92c635","medium_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4","medium_blog-fido2-security-key-pin-fingerprint-setting-macos-1.jpeg",78.93,563,78925,{"ext":570,"url":654,"etag":655,"hash":656,"mime":574,"name":657,"path":53,"size":658,"width":659,"height":222,"sizeInBytes":660},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4.jpeg","7900c009be0efe12dda5eb8977cb9ff0","thumbnail_blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4","thumbnail_blog-fido2-security-key-pin-fingerprint-setting-macos-1.jpeg",6.9,208,6898,"blog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4",839.02,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_pin_fingerprint_setting_macos_1_2cf81856a4.jpeg","2026-04-28T06:27:04.137Z",[666,667,668],{"id":102,"documentId":103,"name":104,"slug":53,"createdAt":105,"updatedAt":105,"publishedAt":106},{"id":232,"documentId":233,"name":234,"slug":53,"createdAt":235,"updatedAt":235,"publishedAt":236},{"id":669,"documentId":670,"name":671,"slug":53,"createdAt":672,"updatedAt":672,"publishedAt":673},100,"x8cbynox70wdsuf5bhpewjr6","macOS","2026-04-28T06:29:14.725Z","2026-04-28T06:29:16.584Z",{"id":675,"documentId":676,"title":677,"content":678,"slug":679,"published":680,"createdAt":681,"updatedAt":681,"publishedAt":682,"locale":47,"authorManual":48,"cover":683,"tags":707},33,"ju1ren8vp5464jkj9rwxdriq","FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for Windows","\u003Cp>Even if you buy a security key that supports FIDO2, it does not often come with an instruction manual. You want to use it on a FIDO2-compatible site or application, but where to set the PIN? Or where to enroll the fingerprint? I think some people would be confused. This article describes how to set the PIN and fingerprint of the FIDO2-compatible security key.\u003C\u002Fp>\n\u003Cp>There are 3 main patterns for setting FIDO2-compatible security keys.\u003C\u002Fp>\n\u003Cp>(Hereafter, FIDO2-compatible security keys are abbreviated as security keys.)\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>Security key setup for Windows (10, 11)\u003C\u002Fstrong>\n→ Here is how to do it. Below are links to each section.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>\n\u003Ca href=\"#viewer-cim03\">How to register PIN\u003C\u002Fa>\n\u003Ca href=\"#viewer-14sfs\">How to enroll fingerprints\u003C\u002Fa>\n\u003Ca href=\"#viewer-5mm1n\">How to add another fingerprint\u003C\u002Fa>\n\u003Ca href=\"#viewer-125m2\">How to remove fingerprints\u003C\u002Fa>\n\u003Ca href=\"#viewer-cu9f3\">How to change the PIN\u003C\u002Fa>\n\u003Ca href=\"#viewer-4vltt\">How to reset the security key\u003C\u002Fa>\n　→ If your security key has been blocked, please follow these steps to reset it.\n\u003Ca href=\"#viewer-f3iqt\">Buy a security key\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Setup using Chrome browser for macOS and Linux\u003C\u002Fstrong>\n→ \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fhttps-www-yubion-com-post-fido2-pin-settings-for-mac\">FIDO2 Security Key PIN Setting \u002F Fingerprint Setting - for macOS\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Setup using tools provided by each authentication device vendor\u003C\u002Fstrong>\n→ Please check the website of each authentication device vendor.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This article describes how to set up a security key using a Windows PC.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Environment Information\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Ch3>\u003Cstrong>PC\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Windows 11\n※ Windows 11 was used for the explanation, but the same operation is possible for Windows 10.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>Security Key\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>YubiKey 5 NFC (non-biometric)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>YubiKey Bio (biometric)\u003C\u002Fstrong>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ The above security keys were used for the explanation, but the same operation is possible with other security keys.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Notes\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>Leaving the setup screen for too long\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>The next operation may fail if the security key setup screen is left for too long.\u003C\u002Fli>\n\u003Cli>When you are asked to operate with the security key, if you leave it too long, it may fail due to timeout.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>Information about PIN change\u003C\u002Fstrong>\nEven if you change the PIN of a security key that has already been registered on multiple websites, you can use it without any problems.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>About security key reset\u003C\u002Fstrong>\nIf you enter the wrong PIN 8 times in a row, you will be asked to reset your security key. After resetting, all the credentials that have been registered on websites and apps so far will also be removed.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>\u003Cstrong>If the security key does not respond\u003C\u002Fstrong>\nPlease try the following operations:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>If it is connected via a USB hub, etc., try to connect it to the PC directly.\u003C\u002Fli>\n\u003Cli>If there is still no response after connecting to the PC directly, please try on another PC.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※ If there is still no response after trying the above ways, please contact the vendor where you bought the security key. Please use the inquiry form to inquire about keys purchased from us.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Setting security key\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>When you buy a security key, by default it has no PIN or fingerprint.\u003C\u002Fp>\n\u003Cp>First, I will explain how to set a PIN.\u003C\u002Fp>\n\u003Cp>※ Fingerprint-enabled devices also require a PIN.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to access the security key setup screen ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>First, insert your security key into the USB port.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Then, \u003Cstrong>right-click on the Start menu ＞ &quot;Settings&quot; ＞ &quot;Account&quot; ＞ &quot;Sign-in options&quot;.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Click the \u003Cstrong>&quot;Security key&quot;\u003C\u002Fstrong>, then click the \u003Cstrong>&quot;Manage&quot;\u003C\u002Fstrong> button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_2_03a2f63a6b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to touch your security key, so touch your security key button (a metal part, a biometric sensor, a part where the light is blinking, etc.).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_3_50f93c33d5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_4_c033763a3a.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After the security key touch is successful, the security key setup screen will be displayed.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to register PIN ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section explains how to register a PIN. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Add\u003C\u002Fstrong>&quot; button below \u003Cstrong>Security Key PIN\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>※ If your device supports fingerprints, you will see the &quot;\u003Cstrong>Security Key Fingerprint\u003C\u002Fstrong>&quot; item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_5_afb376a843.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter a new PIN in the upper row and enter a PIN for confirmation in the lower row.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button after entering.\u003C\u002Fp>\n\u003Cp>※ PIN can be set from 4 to 63 characters (length range defined by FIDO2 specification).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_6_12ac4e9b16.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After the PIN registration is completed, the button below the \u003Cstrong>Security Key PIN\u003C\u002Fstrong> item will change to &quot;\u003Cstrong>Change\u003C\u002Fstrong>&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_7_3c5cb8dc48.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The PIN setting is completed.\u003C\u002Fp>\n\u003Cp>For other settings, please refer to the following.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-cu9f3\">How to change the PIN\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-4vltt\">How to reset the security key\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Please refer to &quot;\u003Ca href=\"#viewer-14sfs\">How to enroll fingerprints\u003C\u002Fa>&quot; to enroll your fingerprint.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to enroll fingerprints ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>You must set a PIN before enrolling your fingerprints. If the PIN setting has not been completed yet, set a PIN by referring to &quot;\u003Ca href=\"#viewer-cim03\">How to register PIN\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003Cp>This section describes how to enroll your fingerprints to your security key. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Set up\u003C\u002Fstrong>&quot; button under the \u003Cstrong>Security Key Fingerprint\u003C\u002Fstrong> item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_8_40ad5328ab.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to verify your identity, so enter the PIN set for the security key and click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_9_3f0d943d27.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After confirming your identity, you will be asked to touch the fingerprint sensor, so follow the instructions on the screen and touch the fingerprint sensor on the security key.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_10_d6332be90d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_11_7fb428b25e.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The following screen will be displayed, so repeatedly put your finger on the fingerprint sensor and release it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_12_7f1814c21a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After the fingerprint enrollment is completed, the completion screen will be displayed, so click the &quot;\u003Cstrong>Done\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_13_0f134cf4cd.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When you return to the first screen, the &quot;\u003Cstrong>Add another\u003C\u002Fstrong>&quot; button and the &quot;\u003Cstrong>Remove\u003C\u002Fstrong>&quot; button are added under the \u003Cstrong>Security Key Fingerprint\u003C\u002Fstrong> item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_14_7598686a22.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The fingerprint enrollment is completed.\u003C\u002Fp>\n\u003Cp>For other settings, please refer to the following.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"#viewer-5mm1n\">How to add another fingerprint\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"#viewer-125m2\">How to remove fingerprints\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>[ How to add another fingerprint ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section describes how to add another fingerprint to a security key that has already enrolled at least 1 fingerprint. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Add another\u003C\u002Fstrong>&quot; button under the \u003Cstrong>Security Key Fingerprint\u003C\u002Fstrong> item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_15_033952f4b6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After that, you will be asked to enroll your fingerprint in the same procedure as &quot;\u003Ca href=\"#viewer-14sfs\">How to enroll fingerprints\u003C\u002Fa>&quot;.\u003C\u002Fp>\n\u003Cp>That&#39;s all for how to add another fingerprint.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Addition\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>About another fingerprint enrollment\u003C\u002Fstrong>\nIf you use the fingerprint setting tool provided by each authentication device vendor, you may be able to name and manage registered fingerprints.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>\u003Cstrong>[ How to remove fingerprints ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section describes how to remove fingerprint data from the security key. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cp>\u003Cstrong>About security key fingerprint deletion\u003C\u002Fstrong>\nThe remove function under the Security Key Fingerprint item is to \u003Cstrong>remove all fingerprint information\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>※ If you use the fingerprint setting tool provided by each authentication device vendor, you may be able to delete the enrolled fingerprint information individually.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Click the &quot;\u003Cstrong>Remove\u003C\u002Fstrong>&quot; button under the \u003Cstrong>Security Key Fingerprint\u003C\u002Fstrong> item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_16_d3de753951.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to verify your identity, so enter the PIN set for the security key and click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_9_3f0d943d27.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After the fingerprint deletion is complete, the display under the \u003Cstrong>Security Key Fingerprint\u003C\u002Fstrong> switches to the &quot;\u003Cstrong>Set up\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_17_7c693bd763.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>That&#39;s all for removing fingerprints.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to change the PIN ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section explains how to change the security key PIN. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Change\u003C\u002Fstrong>&quot; button under \u003Cstrong>Security Key PIN\u003C\u002Fstrong>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_18_274c552cba.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter your current PIN in the top row and your new PIN in the middle row.\u003C\u002Fp>\n\u003Cp>Finally, enter the PIN for confirmation at the bottom row and click the &quot;\u003Cstrong>OK\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_19_8943ca66d5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After changing the PIN, you will return to the first screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_7_3c5cb8dc48.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The PIN change is complete.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ How to reset the security key ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>This section describes how to delete all security key settings and reset them to factory settings. The explanation here assumes that the setting screen is displayed.\u003C\u002Fp>\n\u003Cp>In case you have not opened the security key setup screen, refer to &quot;\u003Ca href=\"#viewer-d5r8n\">How to access the security key setup screen\u003C\u002Fa>&quot; to access the setting screen.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Note\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>About resetting a security key that is already in use\u003C\u002Fstrong>\nIf you reset a security key that has already been registered to a website or application, your authentication information will also be lost. If you want to use the reset security key, you will need to set your PIN and fingerprint and re-register to the website you are using.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Click the &quot;\u003Cstrong>Reset\u003C\u002Fstrong>&quot; button under the \u003Cstrong>Reset Security Key\u003C\u002Fstrong> item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_20_2f5c40f85a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;\u003Cstrong>Proceed\u003C\u002Fstrong>&quot; button on the reset confirmation screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_21_89f53ed12a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to reinsert your security key, so remove your security key from the USB port and reinsert it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_22_92fa10ed5d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>You will be asked to touch your security key twice within 10 seconds, so touch your security key button (a metal part, a part where the light is blinking, etc.) twice.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_23_e31c42a68f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the \u003Cstrong>Reset Complete\u003C\u002Fstrong> screen is displayed, click the &quot;\u003Cstrong>Done\u003C\u002Fstrong>&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_24_84e82fe124.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After the reset is completed, the PIN and fingerprints that have been set up until now will be removed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_25_7dde6ef6c4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Security key reset is completed.\u003C\u002Fp>\n\u003Cp>If you want to use the reset security key again, register your PIN or fingerprint, and register your authentication information to the website or application you are using.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>[ Buy a security key ]\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>We sell multiple FIDO2-compatible security keys. You can also buy from Amazon as the following.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">B\u003C\u002Fa>uy on Amazon\u003C\u002Fp>\n\u003Cp>※ Please contact us for bulk purchases.\u003C\u002Fp>\n","set-fido2-security-key-pin-fingerprint-windows","2022-12-07","2026-04-28T06:26:43.259Z","2026-04-28T06:26:46.987Z",{"id":684,"documentId":685,"name":686,"alternativeText":53,"caption":53,"focalPoint":53,"width":627,"height":628,"formats":687,"hash":704,"ext":570,"mime":574,"size":662,"url":705,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":706,"updatedAt":706,"publishedAt":706},431,"of7bgx13af5iqx4vp5mzrjwd","blog-set-fido2-security-key-pin-fingerprint-windows-1.jpeg",{"large":688,"small":692,"medium":696,"thumbnail":700},{"ext":570,"url":689,"etag":632,"hash":690,"mime":574,"name":691,"path":53,"size":635,"width":65,"height":83,"sizeInBytes":636},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30.jpeg","large_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30","large_blog-set-fido2-security-key-pin-fingerprint-windows-1.jpeg",{"ext":570,"url":693,"etag":639,"hash":694,"mime":574,"name":695,"path":53,"size":642,"width":74,"height":643,"sizeInBytes":644},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30.jpeg","small_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30","small_blog-set-fido2-security-key-pin-fingerprint-windows-1.jpeg",{"ext":570,"url":697,"etag":647,"hash":698,"mime":574,"name":699,"path":53,"size":650,"width":83,"height":651,"sizeInBytes":652},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30.jpeg","medium_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30","medium_blog-set-fido2-security-key-pin-fingerprint-windows-1.jpeg",{"ext":570,"url":701,"etag":655,"hash":702,"mime":574,"name":703,"path":53,"size":658,"width":659,"height":222,"sizeInBytes":660},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30.jpeg","thumbnail_blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30","thumbnail_blog-set-fido2-security-key-pin-fingerprint-windows-1.jpeg","blog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30","https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_set_fido2_security_key_pin_fingerprint_windows_1_a90b34ab30.jpeg","2026-04-28T06:24:57.171Z",[708,709],{"id":102,"documentId":103,"name":104,"slug":53,"createdAt":105,"updatedAt":105,"publishedAt":106},{"id":232,"documentId":233,"name":234,"slug":53,"createdAt":235,"updatedAt":235,"publishedAt":236},{"id":711,"documentId":712,"title":713,"content":714,"slug":715,"published":716,"createdAt":717,"updatedAt":717,"publishedAt":718,"locale":47,"authorManual":48,"cover":719,"tags":754},13,"dj3os3id7ajsq1dq8jnigspx","Changes in Usage of Security Key due to Salesforce \u003CSummer '22> Release FIDO2 [Summer '22]","\u003Cp>Updated: Aug 17, 2022\u003C\u002Fp>\n\u003Cp>On June 12, 2022 (Japan Time), the Salesforce &lt;Summer &#39;22&gt; update was released, featuring the updated support for WebAuthn (FIDO 2). Now, while registering a new security key, the key will request the user to set up a PIN.\u003C\u002Fp>\n\u003Cp>Following these changes, countless inquiries have arisen regarding using the FIDO security key. Thus, this article aims to explain the differences due to the introduction of FIDO 2 by Salesforce.\u003C\u002Fp>\n\u003Cp>Previously, MFA with the FIDO security key was [U2F], but with the release, there has been a shift from U2F to FIDO2 that brings with it what is possibly the most significant change for users: the introduction of PINs.\u003C\u002Fp>\n\u003Cp>This PIN will be created during the set-up process and will be required for all subsequent device uses. In essence, this PIN then serves as a kind of proof of ownership of the device.\u003C\u002Fp>\n\u003Ch3>Contents\u003C\u002Fh3>\n\u003Ch5>●　\u003Ca href=\"#viewer-4vv6b\">\u003Cstrong>Asked for the PIN when you cannot recall setting it up\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh5>\n\u003Ch5>●　\u003Ca href=\"#viewer-5a2ic\">\u003Cstrong>Forgetting the PIN\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh5>\n\u003Ch5>●　\u003Ca href=\"#viewer-dvocf\">Key is locked\u003C\u002Fa>\u003C\u002Fh5>\n\u003Ch5>●　\u003Ca href=\"#viewer-a014a\">Changes to previously used keys\u003C\u002Fa>\u003C\u002Fh5>\n\u003Ch5>●　\u003Ca href=\"#viewer-cg3v2\">Changing the PIN\u003C\u002Fa>\u003C\u002Fh5>\n\u003Ch5>●　\u003Ca href=\"#viewer-2bida\">Resetting the key\u003C\u002Fa>\u003C\u002Fh5>\n\u003Cp>●　\u003Cstrong>Asked for the PIN when you cannot recall setting it up\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>According to FIDO 2, the PIN entry is required to access the key. This PIN is set up when you register the key for the first time, so this request may not be for PIN entry but instead for PIN setup.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_1_749123be99.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>●　\u003Cstrong>Forgetting the PIN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Upon repeatedly entering an incorrect PIN, the device may be locked.\u003C\u002Fp>\n\u003Cp>The initial request for PIN setup is often mistaken as a request for PIN entry, so if this is your first time using the key, the request is for PIN setup.\u003C\u002Fp>\n\u003Cp>If this is not your first time and you have simply forgotten your PIN, there are two options.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-cg3v2\">・\u003C\u002Fa>\u003Ca href=\"#viewer-cg3v2\">Changing the PIN\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"#viewer-2bida\">・\u003C\u002Fa>\u003Ca href=\"#viewer-2bida\">Resetting the key\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>The key will lock if an incorrect PIN is entered eight times in a row. If this occurs, reset the device and register it again as a new device.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_2_a130e4ccea.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_3_bf36893729.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_4_5583d27acf.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_5_8f106c9114.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>●　\u003Cstrong>Key is locked\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The key will lock if an incorrect PIN is entered eight times in a row. If this occurs, reset the device and register it again as a new device.\u003C\u002Fp>\n\u003Cp>●　\u003Cstrong>Changes to previously used keys\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Despite the update, continued use of the old U2F keys is possible; there is no need to set up a PIN.\u003C\u002Fp>\n\u003Cp>※Be careful while sharing a key; when a PIN is set for the key, everyone using the key will be required to enter the new PIN.\u003C\u002Fp>\n\u003Cp>※Also, if you reset the key, this will result in it being reset for all the other users as well. For more, read the \u003Ca href=\"#viewer-2bida\">Resetting the key\u003C\u002Fa> section.\u003C\u002Fp>\n\u003Cp>●　\u003Cstrong>Changing the PIN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The device will require the current PIN and a new PIN to replace it to change the existing PIN. Please note that if an incorrect PIN is entered eight times, the key will lock and need resetting.\u003C\u002Fp>\n\u003Cp>To change the password from your Windows settings, navigate to\u003C\u002Fp>\n\u003Cp>Windows Account Settings → Sign-in Options → Click &quot;Manage&quot; of &quot;Security Key&quot; → Click &quot;Change&quot; button\u003C\u002Fp>\n\u003Cp>Then enter the current PIN and new PIN to make the change.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_6_a0a46d17f5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_7_0f25bf544d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_8_59fcad5305.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>●　\u003Cstrong>Resetting the PIN\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Here, it is essential to note that upon resetting the key, you will need to re-register all users, services, and the key.\u003C\u002Fp>\n\u003Cp>※The reset key will be different from the key used thus far.\u003C\u002Fp>\n\u003Cp>Windows Account Settings → Sign-in Options → Click &quot;Manage&quot; of &quot;Security Key&quot; → Click &quot;Reset&quot; button\u003C\u002Fp>\n\u003Cp>Following this, a warning will appear. Click Continue, then follow the on-screen instructions detailing inserting, touching, resetting the key, and so on.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_6_a0a46d17f5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_9_ea7684281a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_10_9114e2c4eb.png\" alt=\"\">\u003C\u002Fp>\n","salesforce-summer-22-fido2-security-key-changes","2022-06-28","2026-04-28T06:13:02.564Z","2026-04-28T06:13:05.112Z",{"id":720,"documentId":721,"name":722,"alternativeText":53,"caption":53,"focalPoint":53,"width":723,"height":724,"formats":725,"hash":750,"ext":58,"mime":62,"size":751,"url":752,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":753,"updatedAt":753,"publishedAt":753},318,"m8hkfmth1g559uco4r1pktuw","blog-salesforce-summer-22-fido2-security-key-changes-1.png",910,660,{"small":726,"medium":734,"thumbnail":742},{"ext":58,"url":727,"etag":728,"hash":729,"mime":62,"name":730,"path":53,"size":731,"width":74,"height":732,"sizeInBytes":733},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99.png","5feac0c9f103ddaca732eeeb2140d472","small_blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99","small_blog-salesforce-summer-22-fido2-security-key-changes-1.png",30.96,363,30960,{"ext":58,"url":735,"etag":736,"hash":737,"mime":62,"name":738,"path":53,"size":739,"width":83,"height":740,"sizeInBytes":741},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99.png","50a966023bd120bd198808f478d049b5","medium_blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99","medium_blog-salesforce-summer-22-fido2-security-key-changes-1.png",51.14,544,51144,{"ext":58,"url":743,"etag":744,"hash":745,"mime":62,"name":746,"path":53,"size":747,"width":748,"height":222,"sizeInBytes":749},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99.png","ca72110d2ceeb52dea556fb8ce8c0fee","thumbnail_blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99","thumbnail_blog-salesforce-summer-22-fido2-security-key-changes-1.png",10.65,215,10645,"blog_salesforce_summer_22_fido2_security_key_changes_1_749123be99",11.35,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_salesforce_summer_22_fido2_security_key_changes_1_749123be99.png","2026-04-28T06:12:22.645Z",[],{"id":756,"documentId":757,"title":758,"content":759,"slug":760,"published":761,"createdAt":762,"updatedAt":762,"publishedAt":763,"locale":47,"authorManual":764,"cover":765,"tags":807},19,"utgrkw5qu6myrr2ta1agero1","Deploying YubiOn Portal SSO on the Citrix StoreFront","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fcitrix-virtual-apps-and-desktops%E3%81%AE%E3%83%87%E3%82%B9%E3%82%AF%E3%83%88%E3%83%83%E3%83%97%E9%85%8D%E4%BF%A1%E7%92%B0%E5%A2%83%E3%81%AByubion-portal%E3%82%92%E5%B0%8E%E5%85%A5%E3%81%99%E3%82%8B\">previous article\u003C\u002Fa> introduced the Windows logon mechanism to the Citrix desktop delivery environment, a basic function of YubiOn Portal. This article will discuss the implementation of SSO for the first login to StoreFront when using Citrix Desktop Delivery and protecting StoreFront with two-factor authentication.\u003C\u002Fp>\n\u003Cp>Note: The Citrix Gateway may be in charge of authentication depending on the product configuration. StoreFront may not authenticate as long as the authentication has been completed at the Gateway. In that case, a different configuration method may be required.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Machine Configuration\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The machine configuration and authentication flow are as follows:\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Now, change the StoreFront login settings to look as follows:\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_2_fa71e25046.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Register SSO settings for YubiOn Portal and SAML authentication settings for the Citrix server.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>StoreFront HTTPS conversion\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Proceed with the installation of StoreFront, as StoreFront is running on HTTP instead of HTTPS. However, if the settings are changed from HTTP to HTTPS after setting up SSO, the integration setting of YubiOn Portal will require modification. Thus, it is recommended to change StoreFront to HTTPS first, then proceed with the HTTPS conversion according to the help on Citrix&#39;s website.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsupport.citrix.com\u002Farticle\u002FCTX200292\">How to Generate and Install an SSL Certificate on a StoreFront Server for HTTPS connections\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>If HTTPS in IIS is first configured and StoreFront functionality is installed, all settings will be properly configured as HTTPS. Thus, it is recommended to delete StoreFront, configure HTTPS in IIS, and then reconfigure StoreFront.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>YubiOn Portal Settings\u003C\u002Fstrong>①\u003C\u002Fh2>\n\u003Cp>From this point on, working on the Citrix server is recommended because the main work is exchanging SSO metadata configuration files with the Citrix product. First, create one SSO App setting on the YubiOn Portal side.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_3_0188013620.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The information required as an IdP (IdP login URL, IdP entity ID, certificate, etc.) is determined. Eventually, SP information on YubiOn Portal will need to be registered, but for now, simply download the metadata as an IdP.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_4_5770fb81a2.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This is all that needs to be done on YubiOn Portal at this point; after the Citrix product has been configured, it can be configured again on the YubiOn Portal.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Citrix StoreFront configuration\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The next step is configuring Citrix StoreFront, either in the StoreFront tree of Citrix Studio or in the Citrix StoreFront Settings application, to use SAML authentication. Here, Citrix Studio one is used.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_5_7e4486d76f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click on &quot;Manage Authentication Methods&quot; in the appropriate store.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_6_83c207fed8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the Manage Authentication Method window opens, check the &quot;SAML Authentication&quot; checkbox and click OK.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_7_d593aad428.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The user can proceed if &quot;SAML Authentication&quot; is added to the &quot;Authentication Method&quot; in the Store Overview column.\u003C\u002Fp>\n\u003Cp>From here, one can load metadata from YubiOn Portal into StoreFront. Metadata-related operations are not prepared in GUI tools, so one must configure them using PowerShell commands. Open PowerShell with administrator privileges and execute the following commands.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>asnp citrix.*\n$StoreVirtualPath = &quot;（StorePath）&quot;\n$Store = Get-STFStoreService -VirtualPath $StoreVirtualPath\n$Auth = Get-STFAuthenticationService -StoreService $Store\nUpdate-STFSamlIdPFromMetadata -AuthenticationService $Auth -FilePath &quot;（MetadataFilePath）&quot;\nSet-BrokerSite -TrustRequestsSentToTheXmlServicePort $true\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>※Store path: &quot;\u002FCitrix\u002F(store name)\u003C\u002Fp>\n\u003Cp>※Metadata full path: Full path of the metadata file downloaded from YubiOn Portal\u003C\u002Fp>\n\u003Cp>Please leave the PowerShell window open as it will be reused later. After executing the commands, the necessary information for the ID provider setting for SAML authentication has been set in Citrix Studio.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_8_e9eafe6551.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Although there are no specific settings other than loading metadata, the login URL and certificate for YubiOn Portal are set.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_9_f2618c5948.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, retrieve the metadata that contains the StoreFront side settings. In the PowerShell window where the commands were entered, execute the following commands in succession.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>(New-Object System.Uri $Auth.Routing.HostbaseUrl, ($Auth.VirtualPath + &quot;\u002FSamlForms\u002FServiceProvider\u002FMetadata&quot;)).ToString()\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>As a result of the execution, a URL where StoreFront metadata can be obtained will be output, so access the URL with a browser to obtain the file.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>YubiOn Portal Settings\u003C\u002Fstrong>②\u003C\u002Fh2>\n\u003Cp>To load StoreFront metadata into YubiOn Portal, perform SP metadata upload on YubiOn Portal&#39;s SSO setting screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_10_862f0e745e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select the StoreFront metadata file just obtained, following which a confirmation dialog will appear, where the metadata can be uploaded.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_11_b5d1c4f6e1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you check the application settings, you will see that StoreFront information is set.\u003C\u002Fp>\n\u003Cp>On checking the application settings, the set StoreFront information can be viewed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_12_34bdb9e7b7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, modify the User ID Value setting as necessary; StoreFront requires the AD account&#39;s UPN (User Principal Name) as the User ID Value (NameID). If the registered member&#39;s email address is the same as the UPN, then there is no problem if the &quot;Member Email Address&quot; is set in the &quot;Member Information&quot; section. If a different email address than the UPN is registered, please set the UPN to be sent to StoreFront by creating an item for the UPN address in the member properties.\u003C\u002Fp>\n\u003Cp>Finally, set up the members who can use the SSO application. Use the member assignment and group assignment functions in the lower right corner of the settings screen to assign the necessary users to access the SSO application.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Confirmation of Operation\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Now, check the actual operation.\u003C\u002Fp>\n\u003Cp>In addition, StoreFront does not support IdP-Initiated (method of performing SSO login from the application list of YubiOn Portal). Access the StoreFront WEB access URL (default is the URL with &quot;Web&quot; after the store URL).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_13_e1977e83a6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once the StoreFront screen is displayed, one will immediately be redirected to the YubiOn Portal login screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_14_30197c49b6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After entering the email address, enter the YubiOn Portal login password and YubiKey OTP.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_15_7ed45a5f7d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The screen will then change and the screen after the StoreFront login will be displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_16_a2f5a50665.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When the desktop is opened, the YubiOn Portal logon screen appears as before, and the user is prompted for two-factor authentication at login.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_17_08b918ea51.png\" alt=\"\">\u003C\u002Fp>\n","deploying-yubion-portal-sso-on-citrix-storefront","2022-05-25","2026-04-28T06:18:16.913Z","2026-04-28T06:18:19.463Z","Shiraishi",{"id":766,"documentId":767,"name":768,"alternativeText":53,"caption":53,"focalPoint":53,"width":627,"height":769,"formats":770,"hash":803,"ext":58,"mime":62,"size":804,"url":805,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":806,"updatedAt":806,"publishedAt":806},362,"hzyshpm06l2jq2cglz25qjpc","blog-deploying-yubion-portal-sso-on-citrix-storefront-1.png",1409,{"large":771,"small":779,"medium":787,"thumbnail":795},{"ext":58,"url":772,"etag":773,"hash":774,"mime":62,"name":775,"path":53,"size":776,"width":65,"height":777,"sizeInBytes":778},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5.png","277a4a52814bfdea9eda4f0afba502f0","large_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5","large_blog-deploying-yubion-portal-sso-on-citrix-storefront-1.png",97.96,470,97956,{"ext":58,"url":780,"etag":781,"hash":782,"mime":62,"name":783,"path":53,"size":784,"width":74,"height":785,"sizeInBytes":786},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5.png","f3c00966ddc7d57e08a3494ee2deeeb3","small_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5","small_blog-deploying-yubion-portal-sso-on-citrix-storefront-1.png",36.11,235,36107,{"ext":58,"url":788,"etag":789,"hash":790,"mime":62,"name":791,"path":53,"size":792,"width":83,"height":793,"sizeInBytes":794},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5.png","7896a184af8360cb1f31f1ba4f8f8b99","medium_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5","medium_blog-deploying-yubion-portal-sso-on-citrix-storefront-1.png",63.32,352,63316,{"ext":58,"url":796,"etag":797,"hash":798,"mime":62,"name":799,"path":53,"size":800,"width":92,"height":801,"sizeInBytes":802},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5.png","f0156374630b2395bf9c05f8d6610fd1","thumbnail_blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5","thumbnail_blog-deploying-yubion-portal-sso-on-citrix-storefront-1.png",14.98,115,14982,"blog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5",140.79,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploying_yubion_portal_sso_on_citrix_storefront_1_f4649844a5.png","2026-04-28T06:16:59.246Z",[],{"id":809,"documentId":810,"title":811,"content":812,"slug":813,"published":814,"createdAt":815,"updatedAt":815,"publishedAt":816,"locale":47,"authorManual":764,"cover":817,"tags":860},21,"b3uwodw89152018uwxd4rsjb","Deploying YubiOn Portal in the Citrix Virtual Apps and Desktops’ Desktop Delivery Environment","\u003Cp>Following the recent rise in remote work, various companies, mainly medium to large companies, have begun the implementation of VDI products for security and cost-related reasons.\u003C\u002Fp>\n\u003Cp>As a response to this growth and the numerous inquiries received, Soft Giken has now introduced YubiOn Portal to Citrix Virtual Apps and Desktops (formerly known as XenDesktop and XenApp).\u003C\u002Fp>\n\u003Cp>But what is the YubiOn Portal, and how does it work?\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Machine Configuration\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>The configuration of the machine used was as follows:\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>①Active Directory Infrastructure Server (AD infrastructure server)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>OS：\u003C\u002Fp>\n\u003Cp>WindowsServer2022(Datacenter Edition・GUI)\u003C\u002Fp>\n\u003Cp>Additional functions：\u003C\u002Fp>\n\u003Cp>AD DS\u003C\u002Fp>\n\u003Cp>AD CS(not required for this verification)\u003C\u002Fp>\n\u003Cp>DNS\u003C\u002Fp>\n\u003Cp>\u003Cstrong>②Citrix Virtual Apps and Desktops Server (Citrix Server)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>OS：\u003C\u002Fp>\n\u003Cp>WindowsServer2019(Datacenter Edition・GUI)\u003C\u002Fp>\n\u003Cp>Installed software:\u003C\u002Fp>\n\u003Cp>Citrix DeliveryController\u003C\u002Fp>\n\u003Cp>Citrix License Server\u003C\u002Fp>\n\u003Cp>Citrix StoreFront\u003C\u002Fp>\n\u003Cp>Citrix Studio\u003C\u002Fp>\n\u003Cp>Licenses：\u003C\u002Fp>\n\u003Cp>Citrix Virtual Apps and Desktops Premium(trial)\u003C\u002Fp>\n\u003Cp>Concurrent Models (99 licenses)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>③Citrix Desktop Delivery Machine (Desktop Delivery Machine)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>OS：\u003C\u002Fp>\n\u003Cp>WindowsServer2019(Standard Edition・GUI)\u003C\u002Fp>\n\u003Cp>Installed software:\u003C\u002Fp>\n\u003Cp>Virtual Delivery Agent for Windows OS\u003C\u002Fp>\n\u003Cp>\u003Cstrong>④User operation terminal\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>OS：\u003C\u002Fp>\n\u003Cp>Windows10Pro 64bit\u003C\u002Fp>\n\u003Cp>Installation software:\u003C\u002Fp>\n\u003Cp>Citrix Workspace(downloaded from StoreFront)\u003C\u002Fp>\n\u003Cp>※The above machines are built within a single ESXi server.\u003C\u002Fp>\n\u003Cp>※The above machines exist within the same AD domain and network.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>AD Infrastructure Server Setup\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>First, the setup of an AD infrastructure server is required. As Citrix server-related programs cannot be installed on a domain controller, a basic AD infrastructure must be built on the server itself.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Citrix Server Construction\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Next, build a Citrix server. For this example, to avoid installation errors with Citrix products, Windows Server 2019 was chosen as the OS on which the AD infrastructure server would be run. However, Windows Server 2022 could also be used.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_2_c38aff4cc7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The installation itself consists of installing and configuring the &quot;Delivery Controller&quot; in the upper left corner of the window, followed by the installation of the &quot;Citrix StoreFront&quot; in the lower-left corner. To do this, simply follow the instruction on the installer screen.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Building a Desktop Delivery Machine\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Next, construct a desktop distribution machine. In this example, a Virtual Delivery Agents for Windows OS was installed. Select “enable intermediary connections to the server” when prompted for configuration.\u003C\u002Fp>\n\u003Cp>While WindowsServer2019 Standard\u002FGUI is selected as the OS in this example, a general-purpose OS such as Windows 11 or Windows 10 would also work, although in that case, it will be treated as a single session OS. Here, Windows Server was chosen as it allows checking the operation of a pattern in which multiple people use a single OS as a multi-session OS.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>User Operation Terminal Construction\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Select any Windows machine on the same network as the servers for this. In this example, a virtual network was set up within a virtual environment, so a Windows 10 terminal was built separately and positioned as a PC within the same virtual network. To be able to access from outside the network, a product such as Citrix Gateway may be required.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Configuration of Delivery Controller\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>After the installation of the Delivery Controller is complete, CitrixStudio should start, and a &quot;Welcome&quot; screen should appear. Next, select &quot;Deliver applications and desktops to users&quot; at the top of the screen to configure various settings.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_3_4a6ab7936b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The setup with the default settings is almost complete. Now, in the section for setting the connection type, select &quot;Do not use machine management&quot;. In the machine catalog setup section, select only one desktop distribution machine to add. Please note that the system will be powered off and rebooted twice during this procedure.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>StoreFront Settings\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>As in the case of the Delivery Controller, the StoreFront Management Console is launched after installation to configure various settings. Please specify the name of the Citrix server in the &quot;Delivery Controller&quot; field.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Using Desktop via StoreFront\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Now Citrix products can be used independently of YubiOn Portal. Next, access the StoreFront URL from the user operation terminal.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_4_d1e7245049.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The StoreFront website assumes that Citrix Workspace is installed on the client side. Therefore, when the above screen appears, agree to download and install Citrix Workspace. (A reboot is required).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_5_7e6a33f500.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If you have installed Citrix Workspace, and it detects that it has been installed correctly, y the StoreFront login screen will be displayed. Log in with the AD user name and password.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_6_68e6da41d7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After logging in, view the list of available desktops and click to open the Citrix Workspace app, and start the remote connection.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_7_f9c37107f4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Please keep in mind that the authentication screen, etc., will not be displayed when the Citrix Workspace application is opened.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Deployment of YubiOn Portal and its use in the Logon section\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Now, install the YubiOn Portal on the desktop delivery machine.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Installation must be done on each desktop distribution machine.\u003C\u002Fstrong>\nCurrently, account and YubiKey assignments must also be done per machine.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Enabling mandatory YubiKey logon must be enabled in the policy.\u003C\u002Fstrong>\nIf not enabled, the Windows logon portion will be skipped by the Citrix authentication mechanism.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cached logon, screen lock when YubiKey is removed, etc., will not be available\u003C\u002Fstrong>.\nBoth require USB communication with YubiKey, so they cannot be used in environments where USB is not directly connected.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>If there are multiple desktop delivery machines, they must have different SIDs\u003C\u002Fstrong>\nYubiOn Portal identifies each terminal based on SID and does not support the situation where multiple terminals have the same SID.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_8_5b784a53ea.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>With these points in mind, set up the YubiOn Portal client tool on the desktop delivery machine.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_9_bce05d1f5e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After completing the settings, select a desktop from StoreFront and connect to it, and the Windows logon screen will appear as shown below. However, by installing YubiOn Portal, authentication is required when the desktop is displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_10_3182a5abd4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Then, when using YubiOn Portal, enter the user name in the upper input box and the password in the lower box, and touch the YubiKey to output the OTP behind the password field and log on.\u003C\u002Fp>\n\u003Cp>If a different user than the one who logged on to StoreFront tries to log on, the session will be disabled. It is assumed that the system stops when the logged-on user is different from the StoreFront user.\u003C\u002Fp>\n\u003Ch2>■ \u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_11_3db8a2f7ac.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This article covers the deployment of the YubiOn Portal on a desktop delivery machine such as Citrix products. Two-factor authentication will be required when a desktop is opened if the standard deployment method is used.\u003C\u002Fp>\n","deploy-yubion-portal-citrix-virtual-desktops","2022-04-27","2026-04-28T06:19:32.082Z","2026-04-28T06:19:34.604Z",{"id":818,"documentId":819,"name":820,"alternativeText":53,"caption":53,"focalPoint":53,"width":821,"height":822,"formats":823,"hash":856,"ext":58,"mime":62,"size":857,"url":858,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":859,"updatedAt":859,"publishedAt":859},379,"a6jgxc8e00237gh90pyo1vun","blog-deploy-yubion-portal-citrix-virtual-desktops-1.png",3802,2473,{"large":824,"small":832,"medium":840,"thumbnail":848},{"ext":58,"url":825,"etag":826,"hash":827,"mime":62,"name":828,"path":53,"size":829,"width":65,"height":830,"sizeInBytes":831},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f.png","f588d31aeb8bbe2c9fc85f9ba3bd6043","large_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f","large_blog-deploy-yubion-portal-citrix-virtual-desktops-1.png",121.32,650,121323,{"ext":58,"url":833,"etag":834,"hash":835,"mime":62,"name":836,"path":53,"size":837,"width":74,"height":838,"sizeInBytes":839},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f.png","1572f6bad739be70ace4591f2931e56b","small_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f","small_blog-deploy-yubion-portal-citrix-virtual-desktops-1.png",46.77,325,46771,{"ext":58,"url":841,"etag":842,"hash":843,"mime":62,"name":844,"path":53,"size":845,"width":83,"height":846,"sizeInBytes":847},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f.png","467c6f64ae40eaaf2fe2ac467e2dbfc6","medium_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f","medium_blog-deploy-yubion-portal-citrix-virtual-desktops-1.png",79.82,488,79824,{"ext":58,"url":849,"etag":850,"hash":851,"mime":62,"name":852,"path":53,"size":853,"width":854,"height":222,"sizeInBytes":855},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f.png","28d6be0e5a068634c9af8cb952ffc66e","thumbnail_blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f","thumbnail_blog-deploy-yubion-portal-citrix-virtual-desktops-1.png",19.24,240,19237,"blog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f",169.17,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_deploy_yubion_portal_citrix_virtual_desktops_1_ff4875621f.png","2026-04-28T06:18:37.527Z",[],{"id":862,"documentId":863,"title":864,"content":865,"slug":866,"published":867,"createdAt":868,"updatedAt":868,"publishedAt":869,"locale":47,"authorManual":48,"cover":870,"tags":913},79,"fnotqb2k6s6bcotkx9rqf8rm","Simulation of YubiOn Portal Installation: A Guide","\u003Cp>In recent years, the term “two-factor authentication” has become significantly more widespread due to the increased awareness and need for more robust security. Previously, Softgiken has launched various products that utilize two-factor authentication to enhance the security during the PC log-in process. In line with this, Softgiken has created a new product, the YubiOn Portal.\u003C\u002Fp>\n\u003Cp>This article will discuss commonly asked questions regarding the installation and usage of the YubiOn Portal in various environments.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>This article is recommended for:\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>​・SE considering security measures for company PCs  ・Those looking to learn more about the YubiOn Portal\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Ch3>\u003Cstrong>Contents\u003C\u002Fstrong>\u003C\u002Fh3>\n\u003Cp>\u003Cstrong>Introduction of the YubiOn Portal\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pre-requisites for installation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Setting up the Portal\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Guide to complete installation\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Troubleshooting\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Introduction of the YubiOn Portal\u003C\u002Fstrong>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>YubiOn Portal is a two-factor authentication service developed and provided by \u003Ca href=\"https:\u002F\u002Fsgk.co.jp\u002F\">Soft Giken Co.\u003C\u002Fa>, Ltd. that enforces two-factor authentication on the company’s PCs using one-time passwords obtained from an authentication device known as YubiKey and standard password input. Further, the portal allows the administrator to manage each PC&#39;s logins and log in to services like Google and Microsoft 365 through SSO. Also, YubiOn does not require a new in-house server.\u003C\u002Fp>\n\u003Cp>※YubiKey is an authentication device by YubiCo. YubiOn is compatible with series five or onwards. If settings for the YubiKey have been customized, they cannot be supported by the system.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003Cstrong>Pre-requisites for installation\u003C\u002Fstrong>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003C\u002Ftable>\n\u003Cp>YubiOn provides a free trial period, allowing you to enjoy the YubiOn experience without feeling tied down.\u003C\u002Fp>\n\u003Cp>To know more about the operating environment, please visit \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fintroduction\u002Fsystem_requirements\u002F\">this page\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>To use YubiOn, one \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fintroduction\u002Fbefore_started\u002F\">must own a YubiKey\u003C\u002Fa> of series five or onwards. If, for some reason, one cannot purchase one, please \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fcontact.html\">contact us\u003C\u002Fa> so we can arrange it, as we also lend them to clients at no additional cost.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Setting up the Portal\u003C\u002Fstrong>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>To understand the YubiOn Portal, consider the following use case for a fictional company.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Background\u003C\u002Ftd>\n\u003Ctd>* Currently, all company computers are protected only by standard passwords. * Following Active Directory policies, passwords are changed periodically. * As the company shifts to remote work wherein company computers will be leaving the office premises, two-factor authentication has now been made mandatory.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Goals\u003C\u002Ftd>\n\u003Ctd>* To introduce two-factor authentication to all company computers\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Environment\u003C\u002Ftd>\n\u003Ctd>* There are approximately 100 employees who require one company computer each for remote work. * Apart from the head office, there are multiple other offices wherein company computers are being shared. * The company has various administrators. * The company does not yet own YubiKeys.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Ch5>1. Sign up for the free trial version of the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">YubiOn Portal\u003C\u002Fa>\u003C\u002Fh5>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_1_5b790843cb.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch5>2. Enter the required information for registration\u003C\u002Fh5>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_2_31d002ce0c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The information entered at this time should be the information of the administrator or \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fglossary\u002F\">“person in charge.”\u003C\u002Fa> This information can be changed after registration.\u003C\u002Fp>\n\u003Cp>This administrator will also have access to the management site.\u003C\u002Fp>\n\u003Ch5>3. Register and link the appropriate YubiKey\u003C\u002Fh5>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_3_9281a3585e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If the YubiKey is not yet available, click on the “Suspend setting and check customer information” link at the bottom right of the screen.\u003C\u002Fp>\n\u003Cp>Once the Customer Information screen is displayed, the information entered during registration can be viewed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_4_e6f69ce4e2.png\" alt=\"\">\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>【Tips】\u003C\u002Fstrong>   * The free version only allows registration of up to 3 members, YubiKeys, and PCs. * It also restricts the settings such as those that make two-factor authentication mandatory. * Refer to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Ffunction_comparison\u002F\">version functionality comparison chart\u003C\u002Fa> for more details.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Ch5>4. Obtain a YubiKey\u003C\u002Fh5>\n\u003Cp>YubiKey is available for rent through SoftGiken. Please contact us for more details\u003C\u002Fp>\n\u003Cp>This use case will explore the paid version of YubiOn, which has access to all features wherein the company is looking to verify the licenses for ten devices.\u003C\u002Fp>\n\u003Ch5>5. Registering the YubiKey\u003C\u002Fh5>\n\u003Cp>Upon receipt of the YubiKey shipped by Soft Giken, register it on the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">management website\u003C\u002Fa>. Now, insert the YubiKey into your PC&#39;s USB port and touch it with your finger for the generation of the OTP.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>​**【Tips】**  At this point, the YubiKey will be recognized as a keyboard device.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>However, the client software can be downloaded to complete verification on another PC.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_5_4c01d71246.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Also, in the paid version, one can see that, as entered before, the total number of licenses that can be verified is ten.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_6_f763cc227d.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch5>6. Install the client software on the verification PC\u003C\u002Fh5>\n\u003Cp>Log in to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">management website\u003C\u002Fa> again through the verification PC and open the download screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_7_1c269b8875.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Download the client software installer and start the installation.\u003C\u002Fp>\n\u003Cp>The runtime requirements for the client software operation will also be installed, so proceed according to the instructions.\u003C\u002Fp>\n\u003Cp>When the installation is completed, the setting tool will start, and at that time, communication with the server will be performed, and the information of the PC will be registered.\u003C\u002Fp>\n\u003Cp>Enter the email address and password registered on the management website and the YubiKey OTP.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_8_d0e1cb8446.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The PC information will be registered in the YubiOn Portal if the authentication is successful.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_9_62d69db04d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Registration of more PCs and YubiKeys can be done through the settings tool and, once completed, can be viewed from the website.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_10_00c04c777d.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch5>7. Logging in to the portal\u003C\u002Fh5>\n\u003Cp>Lock the verification PC. Then, select the YubiOn Portal login method that has been added to the sign-in options while logging on.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_11_f2dbb75cec.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Here, one will be prompted for password entry. Enter the password, then plug the YubiKey in. Once plugged in, touch the YubiKey to generate and enter the OTP to be logged in automatically.\u003C\u002Fp>\n\u003Ch5>8. Making two-factor authentication mandatory\u003C\u002Fh5>\n\u003Ch5>\u003C\u002Fh5>\n\u003Cp>Through this setting, one can select single sign-on or two-factor authentication as the default option.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_12_ebedb117e8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Navigate to the Service Settings screen of the Web management section and set the group policy.\u003C\u002Fp>\n\u003Cp>As the registered PCs are automatically assigned to the default policy, creating a new group policy is required.\u003C\u002Fp>\n\u003Cp>In the example below, a group policy has been created which enforces the usage of a YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_13_705c96f3a6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Now, assign this group policy to the current PC used to sign in. However, immediately after the assignment, the change will not yet be reflected; the current PC will still reflect the previous default policy.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_14_4b31e97c72.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch5>9. Confirming that two-factor authentication is mandatory\u003C\u002Fh5>\n\u003Ch5>\u003C\u002Fh5>\n\u003Cp>As the PC communicates with the server while it is either locked or restarted, lock the PC to allow it to communicate with the server so the changes are updated. Upon starting the computer, the sign-in page will not display the single sign-on option but instead the YubiOn Portal.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_15_19651477d3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Now, enter the password and the YubiKey OTP to successfully log in while logging in. As the login required both the password and YubiKey OTP, it is clear that the two-factor authentication has been successfully enabled and set as mandatory.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Guide to Complete Installation\u003C\u002Fstrong>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>This section will now cover the steps needed to completely set up YubiOn Portal, as well as how to introduce it to the company environment.\u003C\u002Fp>\n\u003Cp>Again, consider the same company from the previous section.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Background\u003C\u002Ftd>\n\u003Ctd>* Currently, all company computers are protected only by standard passwords. * Following Active Directory policies, passwords are changed periodically. * As the company shifts to remote work wherein company computers will be leaving the office premises, two-factor authentication has now been made mandatory.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Goals\u003C\u002Ftd>\n\u003Ctd>* To introduce two-factor authentication to all company computers.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Environment\u003C\u002Ftd>\n\u003Ctd>* There are approximately 100 employees that require 1 company computer each for remote work. * Apart from the head office, there are multiple other offices wherein company computers are being shared. * The company has various administrators. * The company does not yet own YubiKeys.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>\u003Cstrong>【Notes】\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Despite being under the Active Directory, YubiOn is installed without requiring any changes to it.\u003C\u002Fli>\n\u003Cli>Currently, PCs are protected using only single sign-on, so now, two-factor authentication will be performed.\u003C\u002Fli>\n\u003Cli>Provide all employees who are working remotely with one YubiKey each.\u003C\u002Fli>\n\u003Cli>Keep track of which YubiKey is assigned to each employee.\u003C\u002Fli>\n\u003Cli>Due to a large number of people, each employee must be responsible for their assigned YubiKey.\u003C\u002Fli>\n\u003Cli>One administrator will be assigned to each branch to manage logins for employees, YubiKey, and shared PCs belonging to that branch.\u003C\u002Fli>\n\u003Cli>The administrator of each branch is also responsible for managing the policies.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch5>1. Switching to the paid version\u003C\u002Fh5>\n\u003Cp>Leave a request in the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fcontact.html\">contact form\u003C\u002Fa> for inquiries regarding switching to the paid version.\u003C\u002Fp>\n\u003Ch5>2. Member registration\u003C\u002Fh5>\n\u003Cp>Employees can be registered as either general members or administrators through the member management system. In this example, one employee will be assigned as an administrator for each branch, while the rest are assigned as general members. For convenience, member creation can be completed using the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Fmember_management\u002Fbatch_registration\u002F\">CSV batch registration\u003C\u002Fa> function.\u003C\u002Fp>\n\u003Ch5>3. Obtain YubiKey\u003C\u002Fh5>\n\u003Cp>For this example, assume that there are over 100 YubiKeys \u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">available\u003C\u002Fa>, including one for each member, a few for administrative use, a few for shared use, and a few spares. Upon receiving these YubiKeys, make a note of which Key is assigned to each employee by making a note of the serial number engraved on each Key.\u003C\u002Fp>\n\u003Cp>Also, as the devices may be required to be used while offline, change the YubiKey device settings to \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fcustomize_yubikey\u002F\">enable offline access\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch5>4. YubiKey Distribution\u003C\u002Fh5>\n\u003Cp>Distribute the assigned YubiKeys to each employee working remotely. Ensure that the devices are not used until the allocation settings are completed.\u003C\u002Fp>\n\u003Ch5>5. YubiKey Allocation\u003C\u002Fh5>\n\u003Ch5>\u003C\u002Fh5>\n\u003Cp>There are two allocation methods - \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Fmember_management\u002Flink_member_yubikey\u002F\">administrative allocation\u003C\u002Fa> or \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Fmember_management\u002Fleave_yubikey_settings\u002F\">allocation by individual members\u003C\u002Fa>. For this example, the latter will be demonstrated.\u003C\u002Fp>\n\u003Cp>To do this, send all employees an email or other notification asking them to \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Fmember_management\u002Feach_member_registers_yubikey\u002F\">register the YubiKey\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch5>6. Shared PC settings\u003C\u002Fh5>\n\u003Cp>Two-factor authentication can also be set up for the shared PCs by having the administrator assign a YubiKey to it.\u003C\u002Fp>\n\u003Ch5>7. Policy Creation\u003C\u002Fh5>\n\u003Cp>On the service setting screen of YubiOn Portal, create a policy that requires two-factor authentication using YubiKey.\u003C\u002Fp>\n\u003Cp>In addition, the administrator of each branch can add new \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fsystem_implementation\u002Fmedium_scale\u002F#8-%E3%82%B5%E3%83%BC%E3%83%93%E3%82%B9%E8%A8%AD%E5%AE%9A\">service settings\u003C\u002Fa> and create policies unique to each site.\u003C\u002Fp>\n\u003Ch5>8. Starting Operations\u003C\u002Fh5>\n\u003Cp>The administrator can begin operations once they confirm that all PCs have been registered and that all the required settings have been made.\u003C\u002Fp>\n\u003Cp>Further, by making two-factor authentication using YubiKey mandatory, all employees will be required to use the YubiKey OTP and password during their sign-in attempts.\u003C\u002Fp>\n\u003Cp>For more information regarding YubiOn Portal, please refer to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fsystem_implementation\u002F\">YubiOn Portal Guide\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Troubleshooting\u003C\u002Fstrong>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>A few common queries faced while using the YubiOn Portal are discussed below.\u003C\u002Fp>\n\u003Cp>○I can’t log in because I forgot my YubiKey\u003C\u002Fp>\n\u003Cp>Log in without YubiKey can be enabled temporarily. See \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Fmember_management\u002Femergency_logon\u002F\">here\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003Cp>○I lost my YubiKey\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Fyubikey_management\u002Fenable_yubikey\u002F\">Disable the lost YubiKey\u003C\u002Fa> from the management screen, assign a spare YubiKey to the user and register it through the Portal\u003C\u002Fp>\n\u003Cp>○I want to check the user log\u003C\u002Fp>\n\u003Cp>Please see \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Foperation_list\u002Ftwo_factor_authentication_service\u002Flog_management\u002F\">here\u003C\u002Fa> for details on checking user logs.\u003C\u002Fp>\n\u003Cp>Please refer to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Ffaq.html\">YubiOn Portal FAQ\u003C\u002Fa> for more queries.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>This article was an introduction guide to the various functionalities offered by YubiOn Portal. Please contact our team for information if you are interested in knowing more.\u003C\u002Fp>\n","yubion-portal-installation-guide","2022-04-14","2026-04-28T06:59:43.299Z","2026-04-28T06:59:46.077Z",{"id":871,"documentId":872,"name":873,"alternativeText":53,"caption":53,"focalPoint":53,"width":874,"height":875,"formats":876,"hash":909,"ext":58,"mime":62,"size":910,"url":911,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":912,"updatedAt":912,"publishedAt":912},743,"zpvxsceaqc4n80ysf2ydnvsm","blog-yubion-portal-installation-guide-1.png",2342,886,{"large":877,"small":885,"medium":893,"thumbnail":901},{"ext":58,"url":878,"etag":879,"hash":880,"mime":62,"name":881,"path":53,"size":882,"width":65,"height":883,"sizeInBytes":884},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_yubion_portal_installation_guide_1_5b790843cb.png","7e236c28d2377f5fbd7a85ff3ff090c3","large_blog_yubion_portal_installation_guide_1_5b790843cb","large_blog-yubion-portal-installation-guide-1.png",525.69,378,525689,{"ext":58,"url":886,"etag":887,"hash":888,"mime":62,"name":889,"path":53,"size":890,"width":74,"height":891,"sizeInBytes":892},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubion_portal_installation_guide_1_5b790843cb.png","be0eb3c3673ada709a8d3992249587d3","small_blog_yubion_portal_installation_guide_1_5b790843cb","small_blog-yubion-portal-installation-guide-1.png",151.43,189,151433,{"ext":58,"url":894,"etag":895,"hash":896,"mime":62,"name":897,"path":53,"size":898,"width":83,"height":899,"sizeInBytes":900},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_yubion_portal_installation_guide_1_5b790843cb.png","0a475692d1e2cabddc02dcc48868b58f","medium_blog_yubion_portal_installation_guide_1_5b790843cb","medium_blog-yubion-portal-installation-guide-1.png",313.13,284,313130,{"ext":58,"url":902,"etag":903,"hash":904,"mime":62,"name":905,"path":53,"size":906,"width":92,"height":907,"sizeInBytes":908},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubion_portal_installation_guide_1_5b790843cb.png","c1e8fb0eeef9d28c6c31cce03b1ae971","thumbnail_blog_yubion_portal_installation_guide_1_5b790843cb","thumbnail_blog-yubion-portal-installation-guide-1.png",43.36,93,43356,"blog_yubion_portal_installation_guide_1_5b790843cb",516.11,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_installation_guide_1_5b790843cb.png","2026-04-28T06:58:39.031Z",[],{"id":915,"documentId":916,"title":917,"content":918,"slug":919,"published":920,"createdAt":921,"updatedAt":921,"publishedAt":922,"locale":47,"authorManual":48,"cover":923,"tags":956},105,"c4kvsewhsf9zlp85yvr7rdia","Using the YubiOn Portal SSO to Perform a Single Sign-On to Microsoft 365","\u003Cp>On March 16, 2022, single sign-on (SSO) functionality was added to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">YubiOn Portal\u003C\u002Fa>, enabling users to log in to their services without being required to perform authentication; this article will cover the new SSO setting procedures for Microsoft 365.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Prerequisites】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cstrong>■ Access to Microsoft 365\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A “general administrator” account is required.\u003C\u002Fp>\n\u003Cp>In this article, the free trial version was used.\u003C\u002Fp>\n\u003Cp>In addition, due to Microsoft 365 specifications, the following domains cannot be set as federated domains.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Initial domain (xxx.onmicrosoft.com)\u003C\u002Fli>\n\u003Cli>Primary domain (the domain that is set as the default)\u003C\u002Fli>\n\u003Cli>Domain already set as the federated domain\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Instead, the initial domain was set in the form of xxx.onmicrosoft.com, and a newly created custom domain was configured as the federation domain.\u003C\u002Fp>\n\u003Cp>To do this, a DDNS service known as \u003Ca href=\"https:\u002F\u002Fddo.jp\u002F\">Dynamic DO!.jp\u003C\u002Fa> was used.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>■ YubiOn Portal\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.securitykey.yubion.com\u002F\">YubiKey\u003C\u002Fa> with Yubico OTP function is required.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">YubiOn Portal\u003C\u002Fa> is a web portal that allows you to register your YubiKey to the operator.\u003C\u002Fli>\n\u003Cli>The \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fsso\u002Fhow_to_start\u002Fintroduction\u002F\">SSO function\u003C\u002Fa> must be available in YubiOn Portal with the SSO initial registration completed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>If the [SSO Initial Registration] button is not displayed on the SSO App Settings screen, it has already been registered.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Preliminary Preparation】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Ch3>1. Add the \u003Ca href=\"https:\u002F\u002Fdocs.microsoft.com\u002Fja-jp\u002Fmicrosoft-365\u002Fadmin\u002Fsetup\u002Fadd-domain?view=o365-worldwide\">domain to Microsoft 365\u003C\u002Fa>.\u003C\u002Fh3>\n\u003Ch3>2. \u003Ca href=\"https:\u002F\u002Fdocs.microsoft.com\u002Fja-jp\u002Fmicrosoft-365\u002Fenterprise\u002Fconnect-to-microsoft-365-powershell?view=o365-worldwide\">Install PowerShell\u003C\u002Fa> (Microsoft Azure Active Directory module).\u003C\u002Fh3>\n\u003Cp>Unlike SSO configuration for general services, SSO configuration for Microsoft 365 is done using PowerShell on your PC.\u003C\u002Fp>\n\u003Cp>Launch PowerShell from the Start menu and execute the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Install-Module MSOnline\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>Install the module if prompted to do so by your NuGet provider or PSGallery.\u003C\u002Fp>\n\u003Cp>After installation, connect to Azure AD for Microsoft 365 subscriptions.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Connect-MsolService\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>When the login prompt appears, simply log in with your Microsoft 365 account (@xxx.onmicrosoft.com) that has &quot;overall administrator&quot; privileges.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Step 1】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Set the \u003Ca href=\"https:\u002F\u002Fdocs.microsoft.com\u002Fja-jp\u002Fazure\u002Factive-directory\u002Fhybrid\u002Fplan-connect-design-concepts\">ImmutableID\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>In Microsoft 365, the ImmutableID attribute is used to uniquely identify a user.\u003C\u002Fp>\n\u003Cp>In order to perform SSO with YubiOn Portal and Microsoft 365, an ImmutableID must be set for each user.\u003C\u002Fp>\n\u003Cp>Ensure that the ImmutableID is not set for the target user as an \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fa\u002Fanswer\u002F6363817#zippy=%2C%E6%89%8B%E9%A0%86-immutableid-%E3%82%92%E8%A8%AD%E5%AE%9A%E3%81%99%E3%82%8B\">ImmutableID may already be set depending on how the user was created\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Next, start PowerShell and execute the following\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Get-MsolUser -UserPrincipalName &quot;(mail address)&quot; | select UserPrincipalName,ImmutableId\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>It should look like this:\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If ImmutableID is not set as shown above, set it.\u003C\u002Fp>\n\u003Cp>ImmutableID cannot be changed once it is set, so it is not desirable to set information that may change in the future (e.g., last name, job title, etc.).\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Set-MsolUser -UserPrincipalName &quot;(mail address)&quot; -ImmutableId (arbitrary ImmutableID)\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>In this example, a dummy email address has been used. However, for operation in company settings, it is advised to choose an ImmutableID carefully by picking something that will not be changed.\u003C\u002Fp>\n\u003Cp>Now, run the confirmation command again to make sure it is set correctly.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Step 2】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Set YubiOn Portal as the Identity Provider (IdP).\u003C\u002Fp>\n\u003Cp>In this example, the dummy email address that was set as the ImmutableID will be passed to Microsoft 365 by registering it as a member property.\u003C\u002Fp>\n\u003Cp>However, if the employee ID (member ID) or email address registered in YubiOn Portal is set as ImmutableID, proceed to \u003Ca href=\"#viewer-4md6b\">Step 3\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Log in to YubiOn Portal as an administrator and open the &quot;SSO Property Settings&quot; screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_2_bc8c204589.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Open the Property Registration screen from [Property registration] in the upper right corner and register the information to pass ImmutableID from YubiOn Portal to Microsoft 365.\u003C\u002Fp>\n\u003Cp>Property key: ms_immutable_id (example)\u003C\u002Fp>\n\u003Cp>Remarks: ImmutableID for Microsoft (example)\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_3_412760b6da.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, open the Member Management screen to set ImmutableID for the user performing SSO.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_4_1e970552a4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click on the member performing the SSO to open the Advanced Settings screen and edit the property key created just now.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_5_4c2dd7288e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Register the ImmutableID set in step 1 in the SSO property value.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_6_0a501a12b6.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Step 3】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Continuing with YubiOn Portal (IdP) settings.\u003C\u002Fp>\n\u003Cp>Open the SSO App Settings screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_7_cbc5d7350a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Open the Application Registration screen from &quot;Select the App and add&quot; and select &quot;Microsoft 365&quot;.\u003C\u002Fp>\n\u003Cp>Then &quot;Microsoft 365&quot; will appear in the App list, click on it to enter the settings screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_8_a1d43fc64e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;Edit settings&quot; under App Settings.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_9_4725293376.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set the following information on the Edit App settings screen.\u003C\u002Fp>\n\u003Cp>SP login URL: \u003Cstrong>\u003Ca href=\"https:\u002F\u002Flogin.microsoftonline.com\u002Flogin.srf\">https:\u002F\u002Flogin.microsoftonline.com\u002Flogin.srf\u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>User ID value:\u003C\u002Fp>\n\u003Cp>Setting method: \u003Cstrong>Property\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Value: \u003Cstrong>ms_immutable_id (member property key registered in step 2)\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Default relay state: (Empty) ※Can be edited by clicking the &quot;Detailed settings&quot; link.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_10_7515407624.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>On the other hand, if an employee ID or an e-mail address registered in YubiOn Portal as a member ID is set, the following property information can be used for the user ID value setting.\u003C\u002Fp>\n\u003Cp>User ID Value Setting\u003C\u002Fp>\n\u003Cp>Setting method: Member information\u003C\u002Fp>\n\u003Cp>Setup value: Member ID or e-mail address\u003C\u002Fp>\n\u003Cp>Multiple other setting options can be used which are not covered in this article. A domainA domain\u003C\u002Fp>\n\u003Cp>Finally, assign SSO options to the required members.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_11_6ebdfb8f57.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select a member to perform SSO and click the Register button.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Step 4】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>Configure Microsoft 365 as a Service Provider (SP).\u003C\u002Fp>\n\u003Cp>Start PowerShell and execute the following:\u003C\u002Fp>\n\u003Cpre>\u003Ccode>Set-MsolDomainAuthentication\n-DomainName \n-PassiveLogOnUri \n-IssuerUri \n-SigningCertificate \n-LogOffUri https:\u002F\u002Fes.yubion.com\u002Fmypage\u002FssoAppLogin.html\n-PreferredAuthenticationProtocol SAMLP\n-Authentication Federated\n-SupportsMfa $false\n-FederationBrandName YubiOnPortal\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>※In reality, each parameter (-XXX) is preceded by a space.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Domain Name\u003C\u002Ftd>\n\u003Ctd>Domain name created in the above procedure (Preparation 1)\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>IdP Login URL\u003C\u002Ftd>\n\u003Ctd>​Open the SSO App Settings &gt; Microsoft 365 Settings page of YubiOn Portal and copy    Copy &quot;IdP Login URL&quot; (①).\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>IdP Entity ID\u003C\u002Ftd>\n\u003Ctd>Open YubiOn Portal&#39;s SSO App Settings &gt; Microsoft 365 Settings screen and copy  Copy &quot;IdP Entity ID&quot; (②).\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Certificate Contents\u003C\u002Ftd>\n\u003Ctd>Open YubiOn Portal&#39;s SSO App Settings &gt; Microsoft 365 Settings screen and download the certificate (③).    Download the certificate (③).    Open the certificate with a text editor and copy the contents.   * Exclude &quot;BEGIN CERTIFICATE&quot; and &quot;END CERTIFICATE&quot;. * Cut off newlines and make it a one-line string. * If there is an &quot;=&quot; at the end, exclude it (because it is in base64 format with no padding).       Reference\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_12_5e08a9c577.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This completes the configuration.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Logging In】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>\u003Cstrong>■IdP-Initiated\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Login to Microsoft 365 using SSO from the YubiOn Portal\u003C\u002Fp>\n\u003Cp>Open the SSO App login screen and click &quot;Microsoft 365&quot;.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_13_1203410a56.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Microsoft 365 login is a success!\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_14_413d182287.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>■SP-Initiated\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Now, log in using SSO from the Microsoft 365 side.\u003C\u002Fp>\n\u003Cp>Click the Sign In button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_15_a7577e95c9.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This will redirect to the YubiOn Portal login screen, where one can log in through the SSO account.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_16_21dc9f7e00.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Microsoft 365 login is a success!\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_14_413d182287.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>This article introduced YubiOn Portal settings for SSO login to Microsoft 365.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>◆Reference sites\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Fa\u002Fanswer\u002F6363817#zippy=\">Office 365 Cloud Applications\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>[【Microsoft 365] SSO Enable Settings](\u003Ca href=\"https:\u002F\u002Fcg-support.isr.co.jp\u002Fhc\u002Fja\u002Farticles\u002F360004075454--Microsoft-365-SSO%E6%9C%89%E5%8A%B9%E5%8C%96%E8%A8%AD%E5%AE%9A\">https:\u002F\u002Fcg-support.isr.co.jp\u002Fhc\u002Fja\u002Farticles\u002F360004075454--Microsoft-365-SSO%E6%9C%89%E5%8A%B9%E5%8C%96%E8%A8%AD%E5%AE%9A\u003C\u002Fa>)\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.osstech.co.jp\u002Fproduct\u002Fopenam\u002Ftech\u002Fmicrosoft365\u002F\">OpenAM and Microsoft 365 SAML integration\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","yubion-portal-sso-setup-microsoft-365","2022-04-04","2026-04-28T07:21:27.803Z","2026-04-28T07:21:30.350Z",{"id":924,"documentId":925,"name":926,"alternativeText":53,"caption":53,"focalPoint":53,"width":927,"height":39,"formats":928,"hash":952,"ext":58,"mime":62,"size":953,"url":954,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":955,"updatedAt":955,"publishedAt":955},950,"bn59ewg306kz7xh7f00gddc7","blog-yubion-portal-sso-setup-microsoft-365-1.png",842,{"small":929,"medium":936,"thumbnail":944},{"ext":58,"url":930,"etag":931,"hash":932,"mime":62,"name":933,"path":53,"size":934,"width":74,"height":500,"sizeInBytes":935},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa.png","5f1edde72cb40114221c742064cff497","small_blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa","small_blog-yubion-portal-sso-setup-microsoft-365-1.png",19.87,19867,{"ext":58,"url":937,"etag":938,"hash":939,"mime":62,"name":940,"path":53,"size":941,"width":83,"height":942,"sizeInBytes":943},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa.png","6e10dc64851ad7d1caac6b76022434a1","medium_blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa","medium_blog-yubion-portal-sso-setup-microsoft-365-1.png",35.38,97,35377,{"ext":58,"url":945,"etag":946,"hash":947,"mime":62,"name":948,"path":53,"size":949,"width":92,"height":950,"sizeInBytes":951},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa.png","7026d74e16d553b9524bfd54e5111b92","thumbnail_blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa","thumbnail_blog-yubion-portal-sso-setup-microsoft-365-1.png",6.11,32,6109,"blog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa",4.46,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_portal_sso_setup_microsoft_365_1_c1ccca73fa.png","2026-04-28T07:20:14.216Z",[],{"id":958,"documentId":959,"title":960,"content":961,"slug":962,"published":963,"createdAt":964,"updatedAt":964,"publishedAt":965,"locale":47,"authorManual":48,"cover":966,"tags":1008},103,"u2wc63l6oyk2ujp0slw9s8dt","Using the YubiOn Portal SSO to Perform a Single Sign-On to AWS","\u003Cp>On March 16, 2022, single sign-on (SSO) functionality was added to the \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">YubiOn Portal\u003C\u002Fa>, enabling users to log in to their services without being required to authenticate. Following this, this article will cover AWS&#39;s new SSO setting procedures.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Prerequisite】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>Must have an AWS account and be able to operate as an administrator.\u003C\u002Fli>\n\u003Cli>Must have a \u003Ca href=\"https:\u002F\u002Fwww.securitykey.yubion.com\u002F\">YubiKey\u003C\u002Fa> with Yubico OTP function.\u003C\u002Fli>\n\u003Cli>The user must be registered in \u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002F\">YubiOn Portal\u003C\u002Fa> and have a YubiKey associated with the operator.\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fes.yubion.com\u002Fguide\u002Fja\u002Fsso\u002Fhow_to_start\u002Fintroduction\u002F\">Initial registration for SSO\u003C\u002Fa> must be completed.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Upon registering for the free YubiOn Portal, users will have access to the SSO.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>【Using the SSO】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>To briefly explain the flow, a relationship is established between YubiOn Portal (IdP) and AWS (SP) by exchanging metadata, etc., and then a single sign-on is performed from IdP to SP.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>1.\u003C\u002Fstrong> \u003Ca href=\"#viewer-604ri\">\u003Cstrong>Preparation of metadata for YubiOn Portal (IdP)\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Create App (AWS) and download metadata\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>2.\u003C\u002Fstrong> \u003Ca href=\"#viewer-dte2m\">\u003Cstrong>Setting up AWS Side\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Provider setting (IdP metadata import), Role setting, AWS (SP) metadata download.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>3.\u003C\u002Fstrong> \u003Ca href=\"#viewer-704as\">\u003Cstrong>Configuration on YubiOn Portal Side\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>AWS metadata import, AWS role and provider ARN settings, session name settings, and accessible members settings.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>4.\u003C\u002Fstrong> \u003Ca href=\"#viewer-egam6\">\u003Cstrong>Testing SSO from YubiOn Portal (IdP)\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Ch2>\u003Cstrong>【SSO Setup Procedure】\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Ch3>\u003Cstrong>1.\u003C\u002Fstrong> \u003Ca href=\"#viewer-cssqu\">\u003Cstrong>Prepare metadata for YubiOn Portal\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Login to YubiOn Portal and access &quot;SSO App Settings&quot; from the sidebar.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;Select the App and Add&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_2_974aa9a5c8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;AWS Management Console&quot; in the Application Registration modal to register.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_3_cd3b356247.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After registration, &quot;AWS Management Console&quot; will appear in the App list.\u003C\u002Fp>\n\u003Cp>Then click &quot;AWS Management Console.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_4_566afd3be8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;Download Metadata&quot; to download the YubiOn Portal metadata used on the AWS side for SSO configuration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_5_b0d8064fa5.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Save the metadata on the YubiOn Portal side to an arbitrary location for use in the following &quot;AWS Settings.&quot;\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>2.\u003C\u002Fstrong> \u003Ca href=\"#viewer-13ude\">\u003Cstrong>Setting up AWS Side\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>In order to use single sign-on, configure ID provider and role settings, first access the AWS management console to configure the YubiOn Portal provider.\u003C\u002Fp>\n\u003Cp>Type &quot;IAM&quot; in the search box at the top of the screen and select &quot;IAM&quot; from the list of services.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_6_05bcfc7339.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click on &quot;Identity providers&quot; on the left side of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_7_78191e10ad.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;Add provider&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_8_fa80666bb0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set the following in the Provider Settings\u003C\u002Fp>\n\u003Col>\n\u003Cli>Provider Type: Select SAML.\u003C\u002Fli>\n\u003Cli>Provider Name: Set a descriptive name (in the example, YubiOnPortal)\u003C\u002Fli>\n\u003Cli>Metadata Document: Upload metadata downloaded from YubiOn Portal.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_9_143e449f53.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Finally, add providers by clicking the &quot;Add provider&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_10_74e1cf1468.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click on the provider added, which in this case is the YubiOnPortal.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_11_572f4d0a0d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Copy and paste the provider&#39;s ARN information into a text editor.\u003C\u002Fp>\n\u003Cp>※This information will be used later in the configuration on the YubiOn Portal side.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_12_183a1e0a51.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, set up a role to log in to AWS.\u003C\u002Fp>\n\u003Cp>※In SSO using AWS SAML, specify a role with certain log-in privileges instead of preparing each user.\u003C\u002Fp>\n\u003Cp>Click &quot;Roles&quot; on the left side of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_13_b9ad7ae091.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click on the &quot;Create role&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_14_a6452898db.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set the following\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Trusted Entity Type: SAML2.0 Federation\u003C\u002Fli>\n\u003Cli>SAML2.0 Provider: Select the provider that was created (in this case, YubiOn Portal)\u003C\u002Fli>\n\u003Cli>Access Level\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Select &quot;Allow programmatic and AWS Management Console access&quot; to set SSO for management console access here.\u003C\u002Fp>\n\u003Cp>※Conditions\u003C\u002Fp>\n\u003Cp>Add conditions as necessary. No special settings are made here.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Finally, click the &quot;Next&quot; button.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_15_456b312a68.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_16_c1055a802c.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>On the last screen, configure the following settings.\u003C\u002Fp>\n\u003Cp>Role Name: Enter a descriptive role name.\u003C\u002Fp>\n\u003Cp>Description: Enter a description of the role.\u003C\u002Fp>\n\u003Cp>Select Trusted Entities: Modify if necessary.\u003C\u002Fp>\n\u003Cp>Add Permissions: Add if necessary.\u003C\u002Fp>\n\u003Cp>Add Tags: Add tags if desired.\u003C\u002Fp>\n\u003Cp>Finally, click the &quot;Create Role&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_17_d874eba1d7.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_18_afc103ec4f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select the role that was created.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_19_3ebc0242ec.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Copy and paste the role&#39;s ARN information into a text editor.\u003C\u002Fp>\n\u003Cp>※This information will be used later in the configuration on the YubiOn Portal side.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_20_a2cee0ca3e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Finally, download the AWS (SP) side metadata from the following URL\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fsignin.aws.amazon.com\u002Fstatic\u002Fsaml-metadata.xml\">https:\u002F\u002Fsignin.aws.amazon.com\u002Fstatic\u002Fsaml-metadata.xml\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>This concludes the setup on the AWS side.\u003C\u002Fp>\n\u003Cp>Next, move on to the setting of YubiOn Portal.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>3.\u003C\u002Fstrong> \u003Ca href=\"#viewer-6sg1e\">\u003Cstrong>Configuration on YubiOn Portal Side\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Return to the &quot;SSO App Settings&quot; page of YubiOn Portal and import AWS (SP) metadata.\u003C\u002Fp>\n\u003Cp>Click &quot;SP Metadata Upload&quot; tab.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_21_3cc4100410.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Upload AWS (SP) side metadata from SP Metadata Upload.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_22_eb897c0532.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When a confirmation modal appears, click the &quot;Upload&quot; button to upload.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_23_4bd9b450cb.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, set the minimum required attributes for the AWS SSO configuration.\u003C\u002Fp>\n\u003Cp>The required fields are as follows.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Role: Specify the Role ARN and Provider ARN, separated by commas.\u003C\u002Fli>\n\u003Cli>RoleSessionName: Name, email address, or other information representing the account logged in.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Click the &quot;Attribute Settings&quot; tab in the lower-left corner of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_24_504e40ceef.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set the &quot;Role&quot; attribute to specify the AWS role.\u003C\u002Fp>\n\u003Cp>Click the &quot;Edit&quot; icon on the right side of the &quot;Role&quot; template attribute.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_25_9a3f15b399.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set the following for the attribute value.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Setting method: Select &quot;Direct input.&quot;\u003C\u002Fli>\n\u003Cli>Value: Enter the ARN of the role and the ARN of the provider that was reserved in the AWS side settings, separated by commas.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>E.g., &quot;ARN of role, ARN of the provider.&quot;\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Finally, click the &quot;Update&quot; button to update the information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_26_51ce8a7ab7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Next, configure the &quot;RoleSessionName&quot; attribute that appears after AWS login.\u003C\u002Fp>\n\u003Cp>Click the &quot;Edit&quot; icon on the right side of &quot;RoleSessionName&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_27_b09b007617.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Set the following attribute values.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Setting method: Select &quot;Member Information.&quot;\u003C\u002Fli>\n\u003Cli>Value: Select &quot;Member Name.&quot;\u003C\u002Fli>\n\u003Cli>Finally, click the &quot;Update&quot; button to update the information.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_28_0408896809.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This concludes the setup of the attributes.\u003C\u002Fp>\n\u003Cp>Continue to set the members who can access AWS.\u003C\u002Fp>\n\u003Cp>Although there is a way to assign members belonging to a group in a batch using the group function, as it is a paid feature, this article will explore individual member creation.\u003C\u002Fp>\n\u003Cp>Click on &quot;Assign member&quot; in the lower right corner of the screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_29_1ca0974779.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Select the member to be assigned and click the &quot;Register&quot; button to register.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_30_bb337d8bf1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This completes the SSO setup.\u003C\u002Fp>\n\u003Ch3>\u003Cstrong>4.\u003C\u002Fstrong> \u003Ca href=\"#viewer-4t839\">\u003Cstrong>Testing SSO from YubiOn Portal (IdP)\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cp>Click the &quot;SSO&quot; icon on the side menu and access &quot;SSO App Login.&quot;\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_31_1a04290c38.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click &quot;AWS Management Console.”\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_32_2a57a6021a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Congratulations! AWS log-in was successful.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_33_5ee22ac4d4.png\" alt=\"\">\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>To switch to or purchase the paid SSO version, please leave an inquiry through the Contact Form.\u003C\u002Fp>\n","how-to-sso-into-aws-with-yubion-portal","2022-03-24","2026-04-28T07:19:51.987Z","2026-04-28T07:19:55.002Z",{"id":967,"documentId":968,"name":969,"alternativeText":53,"caption":53,"focalPoint":53,"width":362,"height":970,"formats":971,"hash":1004,"ext":58,"mime":62,"size":1005,"url":1006,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":1007,"updatedAt":1007,"publishedAt":1007},917,"k1e7g8zbtakzw8plus9ellhx","blog-how-to-sso-into-aws-with-yubion-portal-1.png",1130,{"large":972,"small":980,"medium":988,"thumbnail":996},{"ext":58,"url":973,"etag":974,"hash":975,"mime":62,"name":976,"path":53,"size":977,"width":65,"height":978,"sizeInBytes":979},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b.png","71572832b74f5be9517d3df565bce1f9","large_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b","large_blog-how-to-sso-into-aws-with-yubion-portal-1.png",75.64,476,75636,{"ext":58,"url":981,"etag":982,"hash":983,"mime":62,"name":984,"path":53,"size":985,"width":74,"height":986,"sizeInBytes":987},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b.png","ebf5188a57c6775ac2d6b1047512c364","small_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b","small_blog-how-to-sso-into-aws-with-yubion-portal-1.png",28.98,238,28977,{"ext":58,"url":989,"etag":990,"hash":991,"mime":62,"name":992,"path":53,"size":993,"width":83,"height":994,"sizeInBytes":995},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b.png","dca40d5a656d30f2982ad9297daed6cf","medium_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b","medium_blog-how-to-sso-into-aws-with-yubion-portal-1.png",50.7,357,50695,{"ext":58,"url":997,"etag":998,"hash":999,"mime":62,"name":1000,"path":53,"size":1001,"width":92,"height":1002,"sizeInBytes":1003},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b.png","4b633ccf538e97db89b0ce8b99a79876","thumbnail_blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b","thumbnail_blog-how-to-sso-into-aws-with-yubion-portal-1.png",11.13,117,11131,"blog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b",43.74,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_how_to_sso_into_aws_with_yubion_portal_1_11ae72965b.png","2026-04-28T07:17:14.194Z",[],{"id":1010,"documentId":1011,"title":1012,"content":1013,"slug":1014,"published":1015,"createdAt":1016,"updatedAt":1016,"publishedAt":1017,"locale":47,"authorManual":764,"cover":1018,"tags":1060},37,"cnp05lqb94x9u8wwvfn44z76","FIDO2 Security Key Strengthen Windows Log On","\u003Cp>On May 12, 2021, YubiOn FIDO Logon, a product that strengthens the security of Windows logon using FIDO2 security keys, was released. In addition, YubiOn FIDO Logon enables two-factor authentication for Windows, a process that will be explored in this article.\u003C\u002Fp>\n\u003Cp>While the YubiOn FIDO Logon is intended for companies for ease, this article will follow the example wherein there is a single person who is both a user and administrator.\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Register for the Service\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Access \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002F\">YubiOn FIDO\u003C\u002Fa> Logon and register for the service by clicking the &quot;SIGN UP&quot; button in the upper right corner.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Confirm the contents, agree to the terms and conditions, then click “Next.”\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_2_1d5d05a733.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The user will be prompted to enter registration information. While there are fields to enter organizational information for corporate users, we will only require a name, email address, and password for this example.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_3_a0f2e38c89.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Upon filling out the form, view the Terms of Use at the bottom of the page, agree to them, then click the “Register” button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_4_ce6dd92ba0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Following this, an email will be sent to the entered email address asking for confirmation. Click on the link in the email to confirm the email address.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_5_e2fd00fbad.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once the following screen appears, registration is complete.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_6_809f13a52e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Download and install the client tool\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Next, install the client tool on your PC. To do this, first, log in to the web screen and download the installer.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_7_bf283bcd5a.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Enter the email address and password combination set up during registration.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_8_349e92da6f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once logged in, click the “Download” button located under the sub-menu to the left, which is accessed by hovering over the Authentication Services icon.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_9_705508a349.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The client tool will be downloaded by clicking the “Download” button. Here, copy the displayed “Registration Code” as it needs to be entered upon installation.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_10_ec38c5e845.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After downloading, run the downloaded installer file; if the Windows protection function displays the following, click &quot;More info&quot; and press the &quot;Run anyway&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_11_72c889fdf6.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After running the installer, the following screen will appear to proceed with the installation as usual.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_12_69f44a73f4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The installation is now complete.\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Initial Settings and FIDO2 Authenticator Settings\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Once the installation is complete, the configuration tool will start automatically. First, a product registration screen will appear, prompting the user to enter the “Registration Code” copied from the download screen.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_13_6eee5fde56.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Upon entering the registration code, the configuration tool will open, wherein the user can set up the FIDO2 authenticator. To do this, select the “Register” button in the “Authentication Settings” window.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_14_5caf6db20b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A new window will appear containing the registration guide for the authenticator. In this example, Yubico’s Security Key will be used. However, depending on the type of authenticator, one may or may not be required to enter a PIN.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_15_f0540659bf.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After successful registration, the registered authenticator should be displayed as shown below.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_16_07691dddd8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The setup is completed, and the user can now proceed to log in using the FIDO Logon.\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Logon\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Upon completing the setup of the settings, the user can log on immediately by holding down the Windows key and pressing the “L” key to lock the Windows screen, prompting the authentication screen to appear.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_17_e59bb2eeab.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If this is the first time using FIDO Logon, the screen displayed is likely the standard Windows authentication page. To access the FIDO Logon screen, navigate to the “Sign-in Options” and select the authenticator and finger icons.\u003C\u002Fp>\n\u003Cp>Then, follow the on-screen instruction to operate the authentication and enter your PIN. Again, depending on the authenticator, the PIN may or may not be required.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_18_41e9840156.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Finally, the user will be prompted to enter their Windows account password once, after which they can log on without a password.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_19_4abffaa130.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The user can now use their FIDO Security Key with their Windows account through these steps.\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Summary\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>In light of the recent events following COVID-19, remote work has become increasingly widespread. The YubiOn FIDO Logon aims to strengthen the security of the user&#39;s PC to address the growing concerns that accompany increased instances of remote work, such as doubts surrounding the loss of authenticators or stolen computers.\u003C\u002Fp>\n\u003Cp>If you and your company are also facing these challenges, we recommend that you install YubiOn FIDO LogOn.\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Regarding the FIDO2 Authenticators\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>If you require FIDO2 authenticators, please \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">contact us\u003C\u002Fa>, and we will be happy to assist you with the process. More information regarding authenticators offered by SoftGiken is available \u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">here\u003C\u002Fa>.\u003C\u002Fp>\n","fido2-security-key-strengthen-windows-logon","2022-02-02","2026-04-28T06:31:17.499Z","2026-04-28T06:31:20.117Z",{"id":1019,"documentId":1020,"name":1021,"alternativeText":53,"caption":53,"focalPoint":53,"width":1022,"height":1023,"formats":1024,"hash":1056,"ext":58,"mime":62,"size":1057,"url":1058,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":1059,"updatedAt":1059,"publishedAt":1059},484,"q08ujcia3wnbdsybrf7towju","blog-fido2-security-key-strengthen-windows-logon-1.png",2422,662,{"large":1025,"small":1033,"medium":1041,"thumbnail":1049},{"ext":58,"url":1026,"etag":1027,"hash":1028,"mime":62,"name":1029,"path":53,"size":1030,"width":65,"height":1031,"sizeInBytes":1032},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7.png","1116dd04d17b96338ff3a152a8eb5dd8","large_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7","large_blog-fido2-security-key-strengthen-windows-logon-1.png",264.99,273,264992,{"ext":58,"url":1034,"etag":1035,"hash":1036,"mime":62,"name":1037,"path":53,"size":1038,"width":74,"height":1039,"sizeInBytes":1040},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7.png","08a5ada23b755b713742b7f305b7fa5a","small_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7","small_blog-fido2-security-key-strengthen-windows-logon-1.png",87.52,137,87519,{"ext":58,"url":1042,"etag":1043,"hash":1044,"mime":62,"name":1045,"path":53,"size":1046,"width":83,"height":1047,"sizeInBytes":1048},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7.png","f1bf5ba095ccdc0f6f541c6b3a9b038b","medium_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7","medium_blog-fido2-security-key-strengthen-windows-logon-1.png",165.19,205,165186,{"ext":58,"url":1050,"etag":1051,"hash":1052,"mime":62,"name":1053,"path":53,"size":1054,"width":92,"height":554,"sizeInBytes":1055},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7.png","7bbe803dd6c4db9604e0e7df799d3952","thumbnail_blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7","thumbnail_blog-fido2-security-key-strengthen-windows-logon-1.png",27.28,27281,"blog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7",213.02,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_key_strengthen_windows_logon_1_ea03b83aa7.png","2026-04-28T06:29:40.775Z",[],{"id":1062,"documentId":1063,"title":1064,"content":1065,"slug":1066,"published":1067,"createdAt":1068,"updatedAt":1068,"publishedAt":1069,"locale":47,"authorManual":1070,"cover":1071,"tags":1098},29,"eihupko15003hpwzcdv9jyx5","Enhanced Linux SSH Access with FIDO Security Keys","\u003Cp>The \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Ffido2%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%83%BC%E3%82%AD%E3%83%BC%E3%81%A7githubssh%E3%82%A2%E3%82%AF%E3%82%BB%E3%82%B9%E5%BC%B7%E5%8C%96\">last article\u003C\u002Fa> introduced GitHub SSH Access Enhancement with FIDO2 Security Keys (yubion.com), yet it did not cover whether FIDO security keys for SSH access can be used in non-GitHub environments.\u003C\u002Fp>\n\u003Cp>With the new features in \u003Ca href=\"https:\u002F\u002Fwww.openssh.com\u002Ftxt\u002Frelease-8.2\">OpenSSH 8.2\u003C\u002Fa>, users of all Linux servers (Ubuntu, Debian, CentOS, Fedora, etc.) can now use FIDO security keys in SSH. This article will introduce SSH access to Linux servers using YubiKey.\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Environments :\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cul>\n\u003Cli>OS: Linux Ubuntu 20.04 (client and server)\u003C\u002Fli>\n\u003Cli>YubiKey 5 NFC\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch2>\u003Cstrong>SSH Access Configuration：\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>SSH key pair generation and use are similar to standard usage\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cp>Plug the YubiKey into the USB port.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Open a terminal and enter the following command to generate an SSH key.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>sk refers to Security Key\u003C\u002Fp>\n\u003Cp>$ ssh-keygen -t ed25519-sk\u003C\u002Fp>\n\u003Cp>Note: If the command fails and an &quot;invalid format&quot; or &quot;feature not supported&quot; error is displayed, the security key used may not support ed25519. Try ecdsa instead of ed25519.\u003C\u002Fp>\n\u003Cp>The YubiKey 5 NFC firmware used this time is 5.1.2, so it cannot generate ed25519 keys, so ecdsa keys are generated instead.\u003C\u002Fp>\n\u003Cp>To use the Ed25519 key, please use YubiKey firmware 5.2.3 or later.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_1_6e8cba2290.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Checking YubiKey firmware with YubiKey Manager\u003C\u002Fem>\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>\u003Cp>Enter the FIDO2 PIN for the YubiKey and touch the key.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>When &quot;Enter a file in which to save the key&quot; is displayed, press Enter to save the public key to the default file location.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Create a password for the public key file.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_2_1fa77256d8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of SSH Key Generation\u003C\u002Fem>\u003C\u002Fp>\n\u003Col start=\"6\">\n\u003Cli>Copy the SSH public key from the generated &quot;id_ecdsa_sk.pub&quot; file and add it to the &quot;~\u002F.ssh\u002Fauthorized_keys&quot; file on the server to be connected to.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch2>\u003Cstrong>SSH Access with FIDO Security Key：\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Col>\n\u003Cli>\u003Cp>Insert the YubiKey into the USB port.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Then, open a terminal to access the server.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>$ ssh user@server_ip\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Enter the password of the private key file and touch YubiKey.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_3_0f6dd40013.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of Accessing Server\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>If the above screen is displayed, it indicates that the setup of SSH access using the FIDO security key as two-factor authentication like with GitHub was successful.\u003C\u002Fp>\n\u003Col start=\"4\">\n\u003Cli>Also, to log in without a password, check the &quot;Automatically unlock this key whenever I&#39;m logged in&quot; checkbox to require a password only upon the first log-in.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Ch2>\u003Cstrong>Disabling User and Password Only Login :\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Col>\n\u003Cli>Run the command on the remote server to edit the SSH daemon configuration file.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>$ sudo nano \u002Fetc\u002Fssh\u002Fsshd_config\u003C\u002Fp>\n\u003Col start=\"2\">\n\u003Cli>Uncomment the &quot;#PasswordAuthentication yes&quot; line and change it to &quot;no&quot; to look like the screenshot below.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_4_a0231f535d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of SSH Daemon File Configuration\u003C\u002Fem>\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>\u003Cp>Press Ctrl + X (to finish editing), type &quot;y&quot; (to confirm file save), and press Enter (to confirm file name) to save the file.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Finally, reload SSH.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>$ sudo systemctl reload ssh\u003C\u002Fp>\n\u003Cp>Then, when connecting to the server without the FIDO security key, the following error message will be displayed.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_5_c3693cacc8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_6_61ef4d0812.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of an Error\u003C\u002Fem>\u003C\u002Fp>\n\u003Ch2>\u003Cstrong>Conclusion：\u003C\u002Fstrong>\u003C\u002Fh2>\n\u003Cp>This article introduced SSH access to Linux using YubiKey, through which users can store their private key in a hardware security key and operate a simple, secure two-factor or single-factor authentication.\u003C\u002Fp>\n\u003Cp>However, since the OpenSSH version for Windows 10 is still 8.1, clients cannot use FIDO security keys on Windows 10.\u003C\u002Fp>\n\u003Cp>Instead, YubiKey&#39;s PIV function to \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fssh%E3%81%AE%E7%A7%98%E5%AF%86%E9%8D%B5%E3%82%92yubikey%E3%81%A7%E7%AE%A1%E7%90%86-windows%E7%B7%A8\">&quot;Manage SSH private keys with YubiKey on Windows (yubion.com)&quot;\u003C\u002Fa> can be used.\u003C\u002Fp>\n","linux-ssh-access-fido-security-keys","2022-01-11","2026-04-28T06:23:31.981Z","2026-04-28T06:23:34.501Z","Vy",{"id":1072,"documentId":1073,"name":1074,"alternativeText":53,"caption":53,"focalPoint":53,"width":83,"height":1075,"formats":1076,"hash":1093,"ext":58,"mime":62,"size":1094,"url":1095,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":1096,"updatedAt":1096,"publishedAt":1097},417,"qji3073f16u9urdovzmbrqey","blog-linux-ssh-access-fido-security-keys-1.png",558,{"small":1077,"thumbnail":1085},{"ext":58,"url":1078,"etag":1079,"hash":1080,"mime":62,"name":1081,"path":53,"size":1082,"width":74,"height":1083,"sizeInBytes":1084},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_linux_ssh_access_fido_security_keys_1_6e8cba2290.png","652942879e6a20ab66fee340d9403b4b","small_blog_linux_ssh_access_fido_security_keys_1_6e8cba2290","small_blog-linux-ssh-access-fido-security-keys-1.png",43.48,372,43483,{"ext":58,"url":1086,"etag":1087,"hash":1088,"mime":62,"name":1089,"path":53,"size":1090,"width":1091,"height":222,"sizeInBytes":1092},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_linux_ssh_access_fido_security_keys_1_6e8cba2290.png","12b355e4d5f6b2fc771279b51d7d0bc0","thumbnail_blog_linux_ssh_access_fido_security_keys_1_6e8cba2290","thumbnail_blog-linux-ssh-access-fido-security-keys-1.png",12.19,210,12188,"blog_linux_ssh_access_fido_security_keys_1_6e8cba2290",21.39,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_linux_ssh_access_fido_security_keys_1_6e8cba2290.png","2026-04-28T06:23:07.322Z","2026-04-28T06:23:07.323Z",[],{"id":1100,"documentId":1101,"title":1102,"content":1103,"slug":1104,"published":1105,"createdAt":1106,"updatedAt":1106,"publishedAt":1107,"locale":47,"authorManual":1108,"cover":1109,"tags":1127},101,"tdtiw75rg1hzx28c6r6ormf9","Using \"YubiOn for Salesforce\" to Support Salesforce's MFA requirement","\u003Cp>Beginning February 1, 2022, \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fsfdc-mfa#:~:text=%E3%81%8A%E3%82%88%E3%81%B3%E4%BD%BF%E7%94%A8%E6%96%B9%E6%B3%95-,MFA%20(%E5%A4%9A%E8%A6%81%E7%B4%A0%E8%AA%8D%E8%A8%BC)%20%E3%81%A8%E3%81%AF,-%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%81%AE%E8%84%85%E5%A8%81\">multi-factor authentication\u003C\u002Fa>, or MFA, will now be mandatory for Salesforce, making another factor of authentication, apart from the traditional ID and password, required.\u003C\u002Fp>\n\u003Cp>While Salesforce supports the following MFA, there may be cases where the MFA verification method cannot be used due to the customer&#39;s configuration. Luckily, YubiOn for Salesforce is available for these situations.\u003C\u002Fp>\n\u003Ctable>\n\u003Cthead>\n\u003Ctr>\n\u003Cth>\u003C\u002Fth>\n\u003Cth>\u003C\u002Fth>\n\u003C\u002Ftr>\n\u003C\u002Fthead>\n\u003Ctbody>\u003Ctr>\n\u003Ctd>Salesforce Authenticator\u003C\u002Ftd>\n\u003Ctd>Login is possible by authenticating based on push notifications sent to the device.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Third-party TOTP\u003C\u002Ftd>\n\u003Ctd>Login is possible by entering a temporary code sent to the device.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003Ctr>\n\u003Ctd>Security Key (U2F)\u003C\u002Ftd>\n\u003Ctd>Login is possible by authenticating with a physical device plugged into the USB port.\u003C\u002Ftd>\n\u003C\u002Ftr>\n\u003C\u002Ftbody>\u003C\u002Ftable>\n\u003Cp>For example, the following are not considered acceptable MFA methods as per recommendations by Salesforce.\u003C\u002Fp>\n\u003Cp>“Salesforce Authenticator&quot; and &quot;3rd Party TOTP&quot; require a mobile device, meaning that if company devices are not loaned, it may not be possible to use them. U2F also requires a paid physical device to be plugged into the USB port for authentication and cannot be used if U2F communication is not possible due to USB restrictions or remote connections. In addition, U2F makes it difficult to identify individual devices.\u003C\u002Fp>\n\u003Cp>A few advantages of YubiOn for Salesforce, an application for multi-factor authentication with OTP (One Time Password) using YubiKey, are:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>No mobile device is required\u003C\u002Fli>\n\u003Cli>OTP is recognized as a keyboard, so it can be used under USB restrictions or remote connection\u003C\u002Fli>\n\u003Cli>Easy management of authentication devices\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>A trial demo for YubiOn for Salesforce is covered in the remainder of this article.\u003C\u002Fp>\n\u003Cp>●\u003Cstrong>Easy Installation\u003C\u002Fstrong>\nAccess the package installation site.\u003C\u002Fp>\n\u003Cp>Enter the installation key and click the &quot;Install&quot; button.\u003C\u002Fp>\n\u003Cp>※The URL of the installation site and the installation key will be distributed when you purchase the package.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_1_2905f728ed.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The YubiKey management application (YubiKeyManager) will be available immediately after installation is complete.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_2_6b0de37f6e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>●\u003Cstrong>Batch management of YubiKey with YubiKeyManager\u003C\u002Fstrong>\nRegister, rename, and delete YubiKeys used for authentication.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_3_998e975e50.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>It is also possible to assign and unassign YubiKeys for authentication to each user.\u003C\u002Fp>\n\u003Cp>Multiple YubiKeys can be assigned to a single user, or the same YubiKey can be assigned to multiple users.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_4_7f78cc158b.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>●\u003Cstrong>MFA (multi-factor authentication) for login\u003C\u002Fstrong>\nApply a login flow that requires MFA for each user (per role, called a profile).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_5_604d62bd63.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Users to whom the login flow for MFA has been applied will be required to use OTP with YubiKey from their next login.\u003C\u002Fp>\n\u003Cp>The user logs in with the conventional ID and password (1st factor).\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_6_e10646e6f3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Plug the YubiKey into the USB port.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_7_d43ffcd651.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>（Note: Only YubiKey with OTP functionality is available）\u003C\u002Fp>\n\u003Cp>By simply placing a finger on the [y] area, OTP authentication (second factor) is performed, and one can log in to the Salesforce service.\u003C\u002Fp>\n\u003Cp>This concludes the guide for use of MFA through YubiOn for Salesforce, a program designed to support users who were unable to implement MFA verification through Salesforce.\u003C\u002Fp>\n\u003Cp>To purchase YubiKeys via Amazon, click \u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fs?me=ADKPGBH0XPL04&marketplaceID=A1VC38T7YXB528\">here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>As Soft Giken also provides YubiKeys, if one wishes to acquire a YubiKey, please \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fcontact-form\">contact us\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Also, for more information regarding YubiOn for Salesforce, please visit \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fyubion-for-salesforce\">here\u003C\u002Fa>.\u003C\u002Fp>\n","yubion-for-salesforce-mfa-requirement","2021-12-16","2026-04-28T07:16:53.504Z","2026-04-28T07:16:56.070Z","YubiOn",{"id":723,"documentId":1110,"name":1111,"alternativeText":53,"caption":53,"focalPoint":53,"width":1112,"height":1113,"formats":1114,"hash":1123,"ext":58,"mime":62,"size":1124,"url":1125,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":1126,"updatedAt":1126,"publishedAt":1126},"lsps00j2f3ji66d1vi5ndtlr","blog-yubion-for-salesforce-mfa-requirement-1.png",384,340,{"thumbnail":1115},{"ext":58,"url":1116,"etag":1117,"hash":1118,"mime":62,"name":1119,"path":53,"size":1120,"width":1121,"height":222,"sizeInBytes":1122},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubion_for_salesforce_mfa_requirement_1_2905f728ed.png","438230b518b37b570f480579bb4b760f","thumbnail_blog_yubion_for_salesforce_mfa_requirement_1_2905f728ed","thumbnail_blog-yubion-for-salesforce-mfa-requirement-1.png",19.97,176,19974,"blog_yubion_for_salesforce_mfa_requirement_1_2905f728ed",15.72,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubion_for_salesforce_mfa_requirement_1_2905f728ed.png","2026-04-28T07:16:26.727Z",[],{"id":1129,"documentId":1130,"title":1131,"content":1132,"slug":1133,"published":1134,"createdAt":1135,"updatedAt":1135,"publishedAt":1136,"locale":47,"authorManual":764,"cover":1137,"tags":1180},45,"vxgtcaz01axm5cpuzn5w1hqu","First Impression of YubiKey Bio","\u003Cp>On October 5, 2021 (local time), Yubico finally released [YubiKey Bio]. In this article, we would like to delve into our initial impressions of this new product.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_1_9aa944bb1b.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_2_ee550e63b5.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>I purchased the USB Type-A model, which comes in the packaging below.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_3_a337b19587.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_4_b1b984d8d7.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Here is the device out of the packaging. I assumed that as the YubiKey Bio is a FIDO2 authentication device, it would be more like a Yubico Security Key, and therefore, it would not have a serial number. However, it appears that the YubiKey Bio does have one.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_5_2116046c93.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_6_66e1adb088.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The size is the same as the previous YubiKey. However, the touch part has been changed to a fingerprint sensor and is larger than before, and the depth of the touch part is a little shallower than other keys.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_7_e358cd388f.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The conventional product indicates its status by glowing the &quot;Y&quot; mark or key mark on the touch part, but YubiKey Bio has two status indicator lamps, one green, and one orange, between the touch part and USB connector. The green seems to blink fast when fingerprint touch is requested and blinks slowly when PIN touch is asked for, while the orange light seems to glow when there is an error or the key setting is changed.\u003C\u002Fp>\n\u003Cp>Now I will go over the initial settings needed to use the key.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_8_34d9c984a1.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_9_85f73d54e8.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>With Windows 10, the initial setup can be done through the OS functions. First, open the settings screen from the Start menu, select [Accounts], [Sign-in Options], [Security Keys], and press the &quot;Manage&quot; button.\u003C\u002Fp>\n\u003Cp>Try logging on to Windows with YubiKey Bio using \u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002F\">YubiOn FIDO Logon\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_10_aa8e7e7256.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_11_360b64b70d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>I could register in the same way as a common fingerprint type FIDO2 authenticator. A common standard like FIDO2 is convenient as you can immediately use what you have bought without any particular awareness.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_12_99754829d9.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Logon was successful, as noted by the small &quot;Welcome&quot; message.\u003C\u002Fp>\n\u003Cp>I will also try out YubiOn&#39;s \u003Ca href=\"https:\u002F\u002Fyubionfido2demo.yubion.com\u002FHomeJP\">FIDO2 demo site\u003C\u002Fa> for multi-factor authentication with hardware authenticator and biometrics.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_13_bf3e01565e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_14_b233d3f9bf.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>It works perfectly!\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_15_8b9c3c4d27.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>The fingerprint FIDO2 authenticator works the same, but if the fingerprint authentication fails three times, the PIN authentication is used instead. For example, I had registered my index fingerprint, but when I intentionally touched it with my middle finger, it moved to PIN input after three attempts, similar to other authenticators. Although there are slight differences, the accuracy of fingerprint authentication is relatively high, so you may not need to input the PIN very often.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_16_144b741e04.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>I tried to display the Key’s information with YubiKey Manager distributed by Yubico. The serial number was written on the back of the key, but the YubiKey Manager can also read the serial number. I won&#39;t go into the technical details this time, but there must be some way to read the serial number from the PC side.\u003C\u002Fp>\n\u003Cp>Regarding our schedules for sales for the YubiKeys, SoftGiken is currently planning on making the USB-C type device available soon. For more updates, please check this blog again.\u003C\u002Fp>\n\u003Cp>■\u003Cstrong>Sites Used in this Demo\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Ffl.yubion.com\u002F\">YubiOn FIDO Logon\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Using a FIDO2-certified external authenticator such as the YubiKey Bio introduced this time or ATKey.Pro made by AuthenTrend that is already on sale, so users can easily upgrade their PC&#39;s Windows logon to more robust authentication.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fyubionfido2demo.yubion.com\u002FHomeJP\">FIDO2 Demo Site\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>※Revised due to change in demo site URL on May 24, 2022.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>■YubiKey Bio series now available on Amazon\u003C\u002Fstrong> ※ Added on 2022\u002F05\u002F30\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fdp\u002FB09KM668XJ\u002F?m=ADKPGBH0XPL04\">YubiKey Bio - FIDO Edition (USB Type-Ａ) - Available on Amazon\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002Fdp\u002FB09MMDGMLC\u002F?m=ADKPGBH0XPL04\">YubiKey C Bio - FIDO Edition (USB Type-C) Available on Amazon\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n","yubikey-bio-first-impression","2021-10-16","2026-04-28T06:36:44.500Z","2026-04-28T06:36:47.341Z",{"id":1138,"documentId":1139,"name":1140,"alternativeText":53,"caption":53,"focalPoint":53,"width":1141,"height":1142,"formats":1143,"hash":1175,"ext":570,"mime":574,"size":1176,"url":1177,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":1178,"updatedAt":1178,"publishedAt":1179},540,"zzuien7jqqveat7veh7k2t2o","blog-yubikey-bio-first-impression-1.jpeg",2048,1365,{"large":1144,"small":1152,"medium":1160,"thumbnail":1167},{"ext":570,"url":1145,"etag":1146,"hash":1147,"mime":574,"name":1148,"path":53,"size":1149,"width":65,"height":1150,"sizeInBytes":1151},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_yubikey_bio_first_impression_1_9aa944bb1b.jpeg","aa3eeb2df9c6a8940ed05625ce297358","large_blog_yubikey_bio_first_impression_1_9aa944bb1b","large_blog-yubikey-bio-first-impression-1.jpeg",29.77,667,29772,{"ext":570,"url":1153,"etag":1154,"hash":1155,"mime":574,"name":1156,"path":53,"size":1157,"width":74,"height":1158,"sizeInBytes":1159},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_yubikey_bio_first_impression_1_9aa944bb1b.jpeg","2d84e17d251d34e6328ff452c244bd4b","small_blog_yubikey_bio_first_impression_1_9aa944bb1b","small_blog-yubikey-bio-first-impression-1.jpeg",9.77,333,9768,{"ext":570,"url":1161,"etag":1162,"hash":1163,"mime":574,"name":1164,"path":53,"size":1165,"width":83,"height":74,"sizeInBytes":1166},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_yubikey_bio_first_impression_1_9aa944bb1b.jpeg","362595b084f1b19dc1d3f4d11c2c8ff7","medium_blog_yubikey_bio_first_impression_1_9aa944bb1b","medium_blog-yubikey-bio-first-impression-1.jpeg",18.44,18436,{"ext":570,"url":1168,"etag":1169,"hash":1170,"mime":574,"name":1171,"path":53,"size":1172,"width":1173,"height":222,"sizeInBytes":1174},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_yubikey_bio_first_impression_1_9aa944bb1b.jpeg","4a55db57ec75ec844cd64a72b15141dd","thumbnail_blog_yubikey_bio_first_impression_1_9aa944bb1b","thumbnail_blog-yubikey-bio-first-impression-1.jpeg",3.16,234,3160,"blog_yubikey_bio_first_impression_1_9aa944bb1b",92.82,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_yubikey_bio_first_impression_1_9aa944bb1b.jpeg","2026-04-28T06:35:37.653Z","2026-04-28T06:35:37.654Z",[],{"id":1182,"documentId":1183,"title":1184,"content":1185,"slug":1186,"published":1187,"createdAt":1188,"updatedAt":1188,"publishedAt":1189,"locale":47,"authorManual":1070,"cover":1190,"tags":1216},39,"d9jv3tuc5qf82muadwd63b1w","FIDO2 Security Keys for Enhanced GitHub SSH Access","\u003Cp>Recently, it was announced that after August 13, 2021, GitHub will no longer accept account passwords when authenticating Git operations, and will require the use of strong authentication factors, such as a personal access token, SSH key (for developers), OAuth, or GitHub App installation token.\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fgithub.blog\u002F2021-08-16-securing-your-github-account-two-factor-authentication\u002F\">(https:\u002F\u002Fgithub.blog\u002F2021-08-16-securing-your-github-account-two-factor-authentication\u002F)\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>They also announced in May 2021 that SSH authentication for Git operations now supports FIDO security keys instead of the traditional public\u002Fprivate key pair.\n（\u003Ca href=\"https:\u002F\u002Fgithub.blog\u002F2021-05-10-security-keys-supported-ssh-git-operations\u002F\">Security keys are now supported for SSH Git operations | The GitHub Blog\u003C\u002Fa>）\u003C\u002Fp>\n\u003Cp>During SSH key generation, the private key is stored in the security key, not on the PC. And when authenticated, will require the key to be touched.\u003C\u002Fp>\n\u003Cp>In other words, one can use the same YubiKey for both GitHub web services and Git operations for two-factor authentication.\u003C\u002Fp>\n\u003Cp>To set up two-factor authentication for GitHub&#39;s web services, read \u003Ca href=\"https:\u002F\u002Fwww.yubion.com\u002Fpost\u002Fgithub%E3%81%A7yubikey%E3%81%AE%E4%BA%8C%E8%A6%81%E7%B4%A0%E8%AA%8D%E8%A8%BC%E3%82%92%E8%A8%AD%E5%AE%9A\">Setting Up YubiKey Two-Factor Authentication on GitHub (yubion.com)\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>This article will cover SSH access to Git using YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Environment：\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>OS: Windows\u003C\u002Fli>\n\u003Cli>Security Key by Yubico with NFC\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Key Generation：\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>SSH key pair generation and use are very similar to the previous method.\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cp>Plug the YubiKey into the USB port.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Open Git Bash as an administrator.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>(Windows requires administrator privileges to access FIDO2 security.)\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Type the following command to generate an SSH key.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Enter the following command to generate an SSH key, where &quot;sk&quot; is the security key.\u003C\u002Fp>\n\u003Cp>$ ssh-keygen -t ed25519-sk -C &quot;\u003Cem>your_\u003Ca href=\"mailto:email@example.com\">email@example.com\u003C\u002Fa>\u003C\u002Fem>&quot;\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Note: If the command fails and you receive an &quot;invalid format&quot; or &quot;feature not supported&quot; error, you may be using a security key that does not support ed25519. Try ecdsa instead of ed25519.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The Security Key by Yubico with NFC firmware used this time is 5.1.2, so it cannot generate ed25519 keys, so instead ecdsa keys are generated.\u003C\u002Fp>\n\u003Cp>To use the Ed25519 key, please use YubiKey firmware 5.2.3 or later.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_keys_github_ssh_access_1_768ad3129f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Checking YubiKey Firmware with YubiKey Manager\u003C\u002Fem>\u003C\u002Fp>\n\u003Col start=\"4\">\n\u003Cli>\u003Cp>Enter the FIDO2 PIN for the YubiKey and touch the key.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>When &quot;Enter a file in which to save the key&quot; is displayed, press Enter to save the public key to the default file location.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Create a password for the public key file.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_keys_github_ssh_access_2_d202310f14.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of SSH Key Generation\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Adding a new SSH key to the GitHub account:\u003C\u002Fp>\n\u003Cp>Once the SSH key is generated, add the new key to the account as with any other SSH key. To add an SSH key to the GitHub.com site, follow these steps:\u003C\u002Fp>\n\u003Col>\n\u003Cli>Copy the SSH public key from the &quot;id_ecdsa_sk.pub&quot; file you generated earlier.\u003C\u002Fli>\n\u003Cli>Go to GitHub.com, open the settings page, go to the &quot;SSH and GPG Keys page,&quot; and paste the copied public key into the new key and add it.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_keys_github_ssh_access_3_65be6801d3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of Adding SSH Key\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>SSH access confirmation:\u003C\u002Fp>\n\u003Col>\n\u003Cli>\u003Cp>Plug YubiKey into the USB port.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\u003Cp>Open Git Bash as an administrator.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>(Windows requires administrator privileges to access FIDO2 security.)\u003C\u002Fp>\n\u003Col start=\"3\">\n\u003Cli>Verify SSH key access by entering the following command\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>$ ssh -T \u003Ca href=\"mailto:git@github.com\">git@github.com\u003C\u002Fa>\n4. Enter the password for the public key file and touch YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_keys_github_ssh_access_4_99331a1102.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cem>Example of Confirmation of SSH Access\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>When the above image is displayed, the setting up of SSH access using the FIDO security key is complete.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>:\u003C\u002Fp>\n\u003Cp>This article introduced SSH access for Git using YubiKey to guide users on storing their private key in a hardware security key and operating a simple, secure two-factor authentication.\u003C\u002Fp>\n\u003Cp>However, there are a few things to keep in mind:\u003C\u002Fp>\n\u003Col>\n\u003Cli>The FIDO2 PIN is only required for SSH key generation.\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>Also, using a FIDO2 PIN requires a PIN setting as a prerequisite.\u003C\u002Fp>\n\u003Cp>For FIDO2 security keys that have not yet been set with a PIN or FIDO U2F only keys, the PIN authentication step is eliminated, and only key touch is performed.\u003C\u002Fp>\n\u003Col start=\"2\">\n\u003Cli>FIDO2 biometric authentication is not yet supported.\u003C\u002Fli>\n\u003C\u002Fol>\n","fido2-security-keys-github-ssh-access","2021-09-22","2026-04-28T06:32:02.429Z","2026-04-28T06:32:04.947Z",{"id":1191,"documentId":1192,"name":1193,"alternativeText":53,"caption":53,"focalPoint":53,"width":1194,"height":1195,"formats":1196,"hash":1212,"ext":58,"mime":62,"size":1213,"url":1214,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":1215,"updatedAt":1215,"publishedAt":1215},503,"vqzlb9n0l0h111930wd7z5cc","blog-fido2-security-keys-github-ssh-access-1.png",567,404,{"small":1197,"thumbnail":1204},{"ext":58,"url":1198,"etag":1199,"hash":1200,"mime":62,"name":1201,"path":53,"size":1202,"width":74,"height":593,"sizeInBytes":1203},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_fido2_security_keys_github_ssh_access_1_768ad3129f.png","3bd38ba5da3c30784bc52cf2b6f3adef","small_blog_fido2_security_keys_github_ssh_access_1_768ad3129f","small_blog-fido2-security-keys-github-ssh-access-1.png",39.35,39351,{"ext":58,"url":1205,"etag":1206,"hash":1207,"mime":62,"name":1208,"path":53,"size":1209,"width":1210,"height":222,"sizeInBytes":1211},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_fido2_security_keys_github_ssh_access_1_768ad3129f.png","c963f6b76eb1a53e8df550fe1ddf7cce","thumbnail_blog_fido2_security_keys_github_ssh_access_1_768ad3129f","thumbnail_blog-fido2-security-keys-github-ssh-access-1.png",11.22,219,11223,"blog_fido2_security_keys_github_ssh_access_1_768ad3129f",14.54,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_fido2_security_keys_github_ssh_access_1_768ad3129f.png","2026-04-28T06:31:47.622Z",[],{"id":907,"documentId":1218,"title":1219,"content":1220,"slug":1221,"published":1222,"createdAt":1223,"updatedAt":1223,"publishedAt":1224,"locale":47,"authorManual":1108,"cover":1225,"tags":1251},"bpesx598jvqzsiwk81j748yf","Two-step Authentication for Google Accounts on Apple Devices","\u003Cp>Recently, \u003Ca href=\"https:\u002F\u002Fsecurity.googleblog.com\u002F2020\u002F06\u002Fmaking-advanced-protection-program-and.html\">WebAuthn support for Google accounts on Apple devices was announced\u003C\u002Fa>, which will enforce higher security during login for Google accounts on iPhones and iPads used for personal and business use.\u003C\u002Fp>\n\u003Cp>This article will summarize 2-step authentication for Google accounts on Apple devices using security keys such as YubiKey 5 NFC and YubiKey 5Ci.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Prerequisite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Enable the \u003Ca href=\"https:\u002F\u002Fsupport.google.com\u002Faccounts\u002Fanswer\u002F185839?co=GENIE.Platform%3DDesktop&hl=ja\">2-step authentication process\u003C\u002Fa> for the Google account.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Environment\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>・Apple device\u003C\u002Fp>\n\u003Cp>・iPhone 7 or later (iOS 13.3 or later)\u003C\u002Fp>\n\u003Cp>※NFC enabled\u003C\u002Fp>\n\u003Cp>・iPad (iPad OS 13.3 or higher)\u003C\u002Fp>\n\u003Cp>※Limited to USB connection\u003C\u002Fp>\n\u003Cp>・Browser\u003C\u002Fp>\n\u003Cp>Safari\u003C\u002Fp>\n\u003Cp>・YubiKey 5 NFC and YubiKey 5Ci can be used for 2-step verification for Google accounts if the settings are the same as those used at the time of purchase.\u003C\u002Fp>\n\u003Cp>If YubiKey settings have been rewritten in \u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fproducts\u002Fservices-software\u002Fdownload\u002Fyubikey-manager\u002F\">YubiKey Manager\u003C\u002Fa>, the following items must be checked to use YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_1_1a2406c1f3.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>※YubiKey 5Ci does not have an NFC feature.\u003C\u002Fp>\n\u003Cp>The FIDO U2F of the USB interface and the FIDO U2F of NFC of the Interfaces must be checked.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>2-step Authentication\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>If the Apple device has the appropriate OS version, one can use 2-step verification for their Google account without any special settings. The 2-step verification introduced in this article is based on two patterns: USB connection and NFC.\u003C\u002Fp>\n\u003Cp>Log in to the Google account using the Safari browser.\u003C\u002Fp>\n\u003Cp>Enter the &quot;Password&quot; and press &quot;Next.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_2_f3552a3c2e.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Press &quot;Next&quot; on the 2-step verification process.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_3_4fe67e83b4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>A pop-up will appear, asking one to use a security key.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_4_bd5c0884b4.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>\u003Cstrong>To Use NFC\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Hold YubKey 5 NFC near the iPhone.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_5_8640b76d70.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If the authentication is successful, the completion page will be displayed.\u003C\u002Fp>\n\u003Cp>※ If the &quot;Do not show on this computer next time&quot; is checked, the 2-step verification process will not be displayed the next time one logs in.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>For USB Type-C or Lightning connection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Insert the YubiKey 5Ci into the iPhone or iPad.\u003C\u002Fp>\n\u003Cp>The metal part of YubiKey will flash; please touch it.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_6_dd207c0ec0.jpeg\" alt=\"\">\u003C\u002Fp>\n\u003Cp>If the authentication is successful, the completion page will be displayed.\u003C\u002Fp>\n\u003Cp>※ If the &quot;Do not show on this computer next time&quot; is checked, the 2-step verification process will not be displayed the next time one logs in.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Setting up 2-step verification for one’s Google account is a great way to increase the security of their Apple device. In addition, it is recommended to set up two YubiKeys for 2-step verification in advance in case one is lost.\u003C\u002Fp>\n\u003Cp>To purchase YubiKeys, click here:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002FYubico-YubiKey-NFC-USB-2%E3%81%A4%E3%81%AE%E3%83%95%E3%82%A1%E3%82%AF%E3%82%BF%E3%83%BC%E8%AA%8D%E8%A8%BC%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%AD%E3%83%BC\u002Fdp\u002FB07HBD71HL\u002Fref=sr_1_1?dchild=1&m=ADKPGBH0XPL04&qid=1591944793&s=merchant-items&sr=1-1\">YubiKey 5 NFC\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.amazon.co.jp\u002FYubico-YubiKey-USB-C-Lightning-%E8%AA%8D%E8%A8%BC%E3%82%BB%E3%82%AD%E3%83%A5%E3%83%AA%E3%83%86%E3%82%A3%E3%82%AD%E3%83%BC\u002Fdp\u002FB07WGJ1DNJ\u002Fref=sr_1_4?dchild=1&m=ADKPGBH0XPL04&qid=1591944793&s=merchant-items&sr=1-4\">YubiKey 5Ci\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>For bulk purchases, don&#39;t hesitate to get in touch with us \u003Ca href=\"https:\u002F\u002Fdocs.google.com\u002Fforms\u002Fd\u002Fe\u002F1FAIpQLSf3tHHWZS0ju2iTq5_lDMD7qb9XQ-uiUJyLkP660lcAwjvuDw\u002Fviewform\">here\u003C\u002Fa>.\u003C\u002Fp>\n","2-step-authentication-google-apple-devices","2020-06-12","2026-04-28T07:13:37.407Z","2026-04-28T07:13:39.918Z",{"id":1226,"documentId":1227,"name":1228,"alternativeText":53,"caption":53,"focalPoint":53,"width":83,"height":1229,"formats":1230,"hash":1247,"ext":58,"mime":62,"size":1248,"url":1249,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":1250,"updatedAt":1250,"publishedAt":1250},880,"nq4lssi9rhbakx1nxvj06ftj","blog-2-step-authentication-google-apple-devices-1.png",522,{"small":1231,"thumbnail":1239},{"ext":58,"url":1232,"etag":1233,"hash":1234,"mime":62,"name":1235,"path":53,"size":1236,"width":74,"height":1237,"sizeInBytes":1238},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_2_step_authentication_google_apple_devices_1_1a2406c1f3.png","a86cecf98e5d1cf838f2e740abd72da0","small_blog_2_step_authentication_google_apple_devices_1_1a2406c1f3","small_blog-2-step-authentication-google-apple-devices-1.png",49.44,348,49441,{"ext":58,"url":1240,"etag":1241,"hash":1242,"mime":62,"name":1243,"path":53,"size":1244,"width":1245,"height":222,"sizeInBytes":1246},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_2_step_authentication_google_apple_devices_1_1a2406c1f3.png","95d921721e1cfc8ec254cf9310903100","thumbnail_blog_2_step_authentication_google_apple_devices_1_1a2406c1f3","thumbnail_blog-2-step-authentication-google-apple-devices-1.png",16.67,224,16672,"blog_2_step_authentication_google_apple_devices_1_1a2406c1f3",17.02,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_2_step_authentication_google_apple_devices_1_1a2406c1f3.png","2026-04-28T07:13:07.459Z",[],{"id":1253,"documentId":1254,"title":1255,"content":1256,"slug":1257,"published":1258,"createdAt":1259,"updatedAt":1259,"publishedAt":1260,"locale":47,"authorManual":1108,"cover":1261,"tags":1304},77,"xtrrjglqgoarly5del4vhkou","Setting up Two-Factor Authentication Using YubiKey on GitHub","\u003Cp>On August 21, 2019, \u003Ca href=\"https:\u002F\u002Fgithub.blog\u002F2019-08-21-github-supports-webauthn-for-security-keys\u002F\">GitHub announced that its two-factor authentication now supports WebAuthn\u003C\u002Fa>. With this new WebAuthn support, in addition to authentication methods using security keys, fingerprint authentication such as Windows Hello and Touch ID on macOS will also be available.\u003C\u002Fp>\n\u003Cp>In line with this update, this article will introduce how to use YubiKey to enable two-factor authentication on GitHub.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Prerequisite\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>・Two-factor authentication must be enabled on GitHub.\u003C\u002Fp>\n\u003Cp>Please refer to \u003Ca href=\"https:\u002F\u002Fhelp.github.com\u002Fja\u002Farticles\u002Fconfiguring-two-factor-authentication\">this page\u003C\u002Fa> regarding the setup.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Usage environment\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>・Windows 10 ver 1809\u003C\u002Fp>\n\u003Cp>Windows Hello is enabled.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Available YubiKeys\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>・YubiKey 5 Series\u003C\u002Fp>\n\u003Cp>・Security Key by Yubico Series (Blue YubiKey)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Flightning-project\u002F\">・\u003C\u002Fa>\u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Flightning-project\u002F\">YubiKey 5Ci\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>・YubiKey 4 Series\u003C\u002Fp>\n\u003Cp>※YubiKey 5Ci will be available in the future.\u003C\u002Fp>\n\u003Cp>To use it now, please purchase it from \u003Ca href=\"https:\u002F\u002Fwww.yubico.com\u002Fstore\u002Fyubikey-5ci-security-keys\">Yubico Store\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Browser\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>・Microsoft Edge 44.17763.1.0\n　Major browsers support WebAuthn.\n　Click \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fapowers313\u002Ffido2-webauthn-status\">here\u003C\u002Fa> for the compatibility list.\u003C\u002Fp>\n\u003Cp>※The Brave browser is required to use YubiKey 5Ci on iPhone and iPad.\n　　Click \u003Ca href=\"https:\u002F\u002Fbrave.com\u002Fpartnership-with-yubico\u002F\">here\u003C\u002Fa> for details.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Setting up YubiKey as Two-Factor Authentication for GitHub\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Go to Settings → Security.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_1_81dce8e622.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Add YubiKey from &quot;Security keys&quot; in the Two-factor authentication item.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_2_9290ad5439.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click the &quot;Register new security key&quot; button under Security keys.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_3_daa9896c79.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Click to enter the security key name.\u003C\u002Fp>\n\u003Cp>Insert the YubiKey to be registered into the USB port.\u003C\u002Fp>\n\u003Cp>Enter the security key name and click the &quot;Add&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_4_8c21858b19.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>When &quot;Add&quot; is clicked, a confirmation screen for authenticator registration will be displayed.\u003C\u002Fp>\n\u003Cp>※If Windows Hello is set in Edge, the executions will be in the order of Internal Authenticator → External Authenticator.\u003C\u002Fp>\n\u003Cp>Now, select &quot;Cancel&quot; to register the YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_5_307fa7f189.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>After canceling, one will be asked to confirm the external authenticator.\u003C\u002Fp>\n\u003Cp>Tap the YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_6_b14e5f2e00.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Once registration is complete, information will appear in the Security keys.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_7_8a0eb5e340.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>This concludes the discussion of two-factor authentication.\u003C\u002Fp>\n\u003Cp>Now sign out and try two-factor authentication.\u003C\u002Fp>\n\u003Cp>Enter the username\u002Fpassword and sign in.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_8_d2baed72a0.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Insert the YubiKey into the USB port and click the &quot;Use security key&quot; button.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_9_548bb63729.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>One will be prompted to operate the security key.\u003C\u002Fp>\n\u003Cp>Tap the YubiKey.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_10_0620ce104d.png\" alt=\"\">\u003C\u002Fp>\n\u003Cp>Sign-in is complete!\u003C\u002Fp>\n\u003Cp>Note, if one also registers for Windows Hello and tries to sign in, one can choose which authenticator to use.\u003C\u002Fp>\n\u003Cp>\u003Cimg src=\"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_11_2443138d9f.png\" alt=\"\">\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>Conclusion\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Implementing two-factor authentication for services can be an effective way to increase security.\u003C\u002Fp>\n\u003Cp>When using YubiKey for two-factor authentication, it is recommended that one registers another YubiKey for backup. By preparing a backup key, they can use the backup if one happens to lose a YubiKey.\u003C\u002Fp>\n","setup-yubikey-two-factor-authentication-github","2019-08-27","2026-04-28T06:58:17.440Z","2026-04-28T06:58:19.993Z",{"id":1262,"documentId":1263,"name":1264,"alternativeText":53,"caption":53,"focalPoint":53,"width":1265,"height":1266,"formats":1267,"hash":1300,"ext":58,"mime":62,"size":1301,"url":1302,"previewUrl":53,"provider":98,"provider_metadata":53,"createdAt":1303,"updatedAt":1303,"publishedAt":1303},732,"anocm320z5y281laa3j67e5x","blog-setup-yubikey-two-factor-authentication-github-1.png",1699,585,{"large":1268,"small":1276,"medium":1284,"thumbnail":1292},{"ext":58,"url":1269,"etag":1270,"hash":1271,"mime":62,"name":1272,"path":53,"size":1273,"width":65,"height":1274,"sizeInBytes":1275},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Flarge_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622.png","3f8017b4c76e720873f0c7f0dd3dbd76","large_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622","large_blog-setup-yubikey-two-factor-authentication-github-1.png",49.12,344,49117,{"ext":58,"url":1277,"etag":1278,"hash":1279,"mime":62,"name":1280,"path":53,"size":1281,"width":74,"height":1282,"sizeInBytes":1283},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fsmall_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622.png","1ef327ff7a607a6b54218d28a3d52c16","small_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622","small_blog-setup-yubikey-two-factor-authentication-github-1.png",18.7,172,18699,{"ext":58,"url":1285,"etag":1286,"hash":1287,"mime":62,"name":1288,"path":53,"size":1289,"width":83,"height":1290,"sizeInBytes":1291},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fmedium_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622.png","bac7ff83a1974a870682c791ac578173","medium_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622","medium_blog-setup-yubikey-two-factor-authentication-github-1.png",32.79,258,32793,{"ext":58,"url":1293,"etag":1294,"hash":1295,"mime":62,"name":1296,"path":53,"size":1297,"width":92,"height":1298,"sizeInBytes":1299},"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fthumbnail_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622.png","17ff66b463569c49482f70e565f357db","thumbnail_blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622","thumbnail_blog-setup-yubikey-two-factor-authentication-github-1.png",7.21,84,7213,"blog_setup_yubikey_two_factor_authentication_github_1_81dce8e622",16.38,"https:\u002F\u002Fdty9gbw7gew16.cloudfront.net\u002Fuploads\u002Fblog_setup_yubikey_two_factor_authentication_github_1_81dce8e622.png","2026-04-28T06:57:31.475Z",[],{"pagination":1306},{"page":1307,"pageSize":5,"pageCount":1308,"total":1309},2,3,58,1783406330267]