Body
Roaming authenticators are WebAuthn FIDO2 security keys, like those from Yubico or Feitian. They can move from one system you use to access services and applications protected by Duo to another, such as a USB security key you unplug from one laptop and plug into another.
Security Key
A security key plugs into your USB port and when tapped or pressed it sends a signed response back to Duo to verify your login. Duo uses the WebAuthn authentication standard to interact with your security keys. You may also see WebAuthn referred to as "FIDO2".
In order to use a security key with Duo, make sure you have the following:
- A supported browser (check the table from Duo to verify your browser supports security keys).
- An available USB port.
- A WebAuthn/FIDO2 security key. U2F-only security keys (like the YubiKey NEO-n) are not supported.
Insert your security key if not already plugged in, and then tap or press your security key when prompted to log in to the application. Some types of keys flash as a prompt for you to authenticate. Your browser may also pop up a prompt instructing you to tap your security key.
Log in to the Duo Self-Service Portal with your MyID and password. If you have an existing method, authenticate with Duo, then select Add a device.
Select Security key from the Add a device options.
Click Continue on the Set up security key screen.
When prompted tap or press your security key. You may be asked to set up or enter a PIN.
You will receive confirmation that the security key was added.
