.. ykauth-desktop-with-auth-codes.rst
.. _ykauth-desktop-auth-codes-label:
==============================================================
Using MFA Authenticator Codes with your YubiKey on Desktops
==============================================================
These instructions show you how to set up your YubiKey so that you can use two-factor authentication to sign in to any account that requires authenticator codes. Example sites where you can use codes to authenticate include Amazon, Dropbox (if you aren't using U2F), Evernote, Facebook, and many others. To use a code at one of these sites, you use an application, such as Google Authenticator, to generate the codes. The codes generated are OATH-TOTP codes, a type of one-time password, that are usually six-digits. You can use Yubico Authenticator, which is similar to Google Authenticator. We have created both a desktop and mobile version of this app for you to use so you can use it on a Windows, Mac, Linux, or Android.
To sign in to any account that requires authenticator codes, use Yubico Authenticator to :ref:`set-up-yk-label`. Note that some services call two-factor authentication *two-step verification.*
If you save a service's QR code or secret key (referenced in step 2 below), you can program the credential into other YubiKeys. It is always recommended to have a `backup security key `_.
You can set ``Issuer``, ``Account name`` ``Require touch`` (referenced in step 5 below) differently for each account.
.. _set-up-yk-label:
Setup Your YubiKey with Yubico Authenticator for Desktop
===========================================================
These steps apply to Windows, macOS, and Linux systems. The Yubico Authenticator app for desktop uses the same interface.
Requirements
--------------
`Yubico Authenticator `_
Instructions
-------------
:Step 1: Enable two-factor authentication for the service. The details of the procedure may vary from service to service. Typically, you:
a) Log in to the service
b) Select **Settings** or **Security**
c) Select the option **Enable two-factor authentication**.
:Step 2: Select the option to use an authenticator. A QR code should appear. This code is sometimes referred to as the *secret key*.
* **If you are planning to register more than one YubiKey with this service, please save a copy of the QR code, or secret key as you will need it when registering more keys.**
:Step 3: Open Yubico Authenticator for Desktop and plug in your YubiKey.
:Step 4: Click the **+** button then click **Scan** to scan the QR code.
Making sure the QR code is not partially obscured by another window.
:Step 5: Before adding the YubiKey as the credential, you can adjust the following settings on a per-credential basis; in other words, each credential can have these set differently. **These cannot be changed after you save the credential.**
* **Issuer** - Name of the service
* **Account name** - Name of the account holder
* **Require touch** - Toggles the requirement to touch the YubiKey (thus demonstrating user presence) in order to display the OATH or FIDO code. Checked = On, Unchecked = Off.
:Step 6: When you are satisfied with the settings, to add the YubiKey as a credential, click **Add**.
:Step 7: To add another YubiKey to the service, unplug the YubiKey that is currently plugged in, insert the next key, and carry out steps 4-6 again.
* It is recommended to save a copy of the QR code (or secret key) safe so you have the ability to program the credential into future backup YubiKeys.
:Step 8: Complete the setup process on the website. This typically requires you to enter:
a) One-time password generated by the Yubico Authenticator
b) Your login password for a second time.
Your YubiKey is now configured for authenticator codes for this service.
-------------------------------------
To file a support ticket with Yubico, click `Support `_.