How do I use my YubiKey?

Your YubiKey is your access to Code Enigma systems that are secured using a second physical factor of authentication. There is more information on the back story to our using YubiKeys here on our website, but this FAQ is a more practical guide to using one with our systems.

When you receive your key it will be pre-programmed to work with Code Enigma's own key storage and validation services. We are in the process of rolling out YubiKey authentication on a number of systems, so whenever you see an instruction to enter a YubiKey OTP you should follow the instructions in this FAQ.

To register the YubiKey with us, remove it from the sleeve and insert it into an available USB port, with the gold disk facing upwards. This disk is actually the button you press to generate a Yubico One Time Password (OTP). Open a text document with Notepad, or something similar, and press and hold the gold button for a second. It will output a long string of text into the box and automatically press Enter for you. Copy and paste the first 12 characters into a support ticket along with the associated username and we will associate that YubiKey with your account. You may then close the text document without saving.

Once we notify you your YubiKey is active on our systems, whenever you are prompted to enter a YubiKey OTP, place the cursor in the YubiKey OTP box with your mouse and press and hold the gold button for a second. That's it!

For server access it is a little more complicated. You'll be working in a terminal window of some sort, and when you SSH to your server you will see this message: "Authenticated with partial success." This means your SSH private key has been accepted. It will then prompt you with a password request. Enter the password associated with your Code Enigma account (the same one you use for logging in to raise a ticket) but do not press Enter. Instead, press and hold the gold button on your YubiKey for a second, and it will finish the password with an OTP and press Enter for you. You will then be logged in.

To use the `sudo` command you will also be prompted for your YubiKey, but this time as a separate line entry. Simply follow the prompts on screen.

 

If you wish to use the second memory slot of your YubiKey for other purposes, for example to secure a personal service with a Yubicloud account, or something similar, you can download and install the YubiKey Personalization Tool. This tool allows you to put different configurations on different slots, but remember, if you wipe Slot 1 you will be locked out of Code Enigma systems and you will need to contact us to reconnect your device with your Code Enigma account.