YubiKey® two-factor authentication

A YubiKey® is issued to individuals who need access to the Secure Research Environment (SRE). YubiKeys are used in within Population Data BC’s SRE where data needs to be protected. Yubikeys may not be shared with any other student or individual. Detailed terms of usage are outlined in the YubiKey® Security Requisition Form that each individual must complete prior to being issued a YubiKey®. YubiKeys send a unique one time password (OTP) every time it is used. When a user logs on to a system protected by YubiKey®, instead of just typing their password, they type their password and then press the button on the YubiKey which adds 44 extra characters to the password.

By decrypting the extra 44 characters the server can verify that it came only from the YubiKey® for that user.  This is known as two factor authentication: something you know (your password), and something you have (the YubiKey® which generates the 44 digit code).  Since the code generated by the YubiKey® is unique and can only be used once, this enhances network authentication security and protects against password theft.

PopData distributes two almost identical models of YubiKey®. The old one is very dark grey, and has a round hole in the middle of the brass disk, while the newer model "YubiKey 4" is black, with a "Y" in the middle of the disk

Troubleshooting YubiKey®

  • You can practice entering your Passphrase +YubiKey at https://my.popdata.bc.ca/yubitest .  That page requires you to first login to the website (using passphrase only).
  • The YubiKey® pretends to be a normal USB "Human Interface Device" (HID) keyboard, so your computer system will not need a special driver. The first time you plug it in, Windows or MacOsX  might encourage installing a driver: if so wait  for the message to go away.  Under MacOsX you can cancel by closing the window that says 'your keyboard'; under Windows you are better to wait a few minutes, because canceling might require a reboot.
  • CAPS LOCK must be off when pressing the YubiKey® button.
  • It's easy (and harmless) to insert it upside-down into the USB socket. For the old model check that the light in the middle of the metal disk is steady green. For the new model the 'Y' glows green briefly when inserted, and after each use.
  • Most users will find it more convenient  to plug it into a USB extension cable, or a USB hub, especially if your computer's USB port is hard to reach.
  • To practice, click in a text  window (Word, Notepad, TextEdit, web text entry box, command line ...) as in preparation for typing, and touch the YubiKey® metal disk.   A line of about 50 characters followed by return will spit out as though you had typed it.
  • If your finger is extremely dry you might need to moisten it. You need only touch for less than a second (between 1/4 and 1 second). Do not press. You might hold the back of the key with another finger to avoid bending your computer's USB connector.
  • For the old model, if the dot is not shining green, it's not ready to use. For the newer Yubikey, the "Y" should briefly shine green just after you plug it in, and again after you touch it.
  • If you need to report a problem, the 8-digit (7-digit for new model 4) serial number is written in grey on the back. Alternately the first 12 characters spit out when pressed (ex: linkabcdefgh) represent the serial number encoded to use only letters.

 

YubiKey