Using MFA Authenticator Codes with your Yubikey on Mobile Devices
These instructions show you how to set up your YubiKey so that you can use two-factor authentication to sign in to any account that requires authenticator codes on iOS or Android mobile devices. Example sites where you can use codes to authenticate include Amazon, Dropbox (if you aren’t using U2F), Evernote, Facebook, and many others. To use a code at one of these sites, you use an application, such as Google Authenticator, to generate the codes. The codes generated are OATH-TOTP codes, a type of one-time password, that are usually six-digits. You can use Yubico Authenticator, which is similar to Google Authenticator. We have created both a desktop and mobile version of this app for you to use so you can use it on a Windows, Mac, Linux, or Android.
To sign in to any account that requires authenticator codes, use Yubico Authenticator to Setup Your YubiKey with Yubico Authenticator for Desktop. Note that some services call two-factor authentication two-step verification.
Save a service’s QR code or secret key, so you can program the credential into other YubiKeys. It is always recommended to have a backup security key.
You can set
Require touch differently for each account.
Setup Your NFC-enabled YubiKey with Yubico Authenticator for Android App
- YubiKey 5 NFC, YubiKey 5C NFC, or YubiKey NEO
- Yubico Authenticator for Android app from the Google Play store
- An Android phone that supports NFC
Step 1: Enable two-factor authentication for your service. Usually, you will do this by selecting Settings or Security, and then selecting the option to Enable two-factor authentication. Tip: Some services call this two-step verification. Step 2: Select the option to use a mobile app or Google Authenticator.
:Step 3:You will need to copy the text string as well as scan the QR code. Click Enter your secret key manually and copy the text of the code and paste it into a text file now.
- Be sure to save a copy of the secret key. You can use this to create a backup copy of your YubiKey configured to use authenticator codes. It is always best security practices to ensure you have a backup YubiKey.
Open the Yubico Authenticator app on your Android device.
Tap the control icon to open the menu.
Select Scan account QR-code, and then scan the QR code from the web page.
- Be sure to save a copy of the QR code in a safe place. You can use this to create a backup YubiKey configured to use authenticator codes. It is always best security practices to ensure you have a backup YubiKey.
To manually add the secret key, select Add account manually, then enter the credential name, and type the secret key that you previously saved as a backup.
On the web page, click Next. You have successfully configured your YubiKey for authenticator codes!
To view the credential, tap and hold your YubiKey on the back of your phone where the NFC antenna is located. Yubico Authenticator displays the six digit code associated with this credential. This is the code you need to enter to authenticate when using two-factor authentication.
Setup Your YubiKey with Yubico Authenticator for iOS App
Yubico Authenticator is not supported on iPads with USB-C ports due to limitations in the Apple ecosystem.
- YubiKey 5 NFC, YubiKey 5C NFC, YubiKey NEO, or YubiKey 5Ci
- Yubico Authenticator for iOS app from the App Store
- For NFC an iPhone 7 or newer, running iOS 13 or newer
- For Lightning connectivity an iPhone, iPod Touch, or iPad with a Lightning connector, running iOS/iPadOS 11.2 or newer.
Download and install Yubico Authenticator for iOS, available in the App Store for any iPhone/iPad with a Lightning port.
Open Yubico Authenticator for iOS.
If you are using a YubiKey 5Ci over Lightning, plug it in.
On another device (such as a laptop), launch the service you want to use with an authenticator app. Follow the on-screen prompts for securing the service with an authenticator app until the point when a QR code is displayed. (If you need assistance with the authenticator app setup process for a service, please refer to the service’s setup instructions or contact their support team).
In Yubico Authenticator for iOS on your iPhone/iPad, tap the + button at the top right.
Tap Scan QR code. If a pop-up appears requesting permission to access the camera, tap Allow.
Point the iPhone/iPad’s camera at the QR code on the other device until the QR code is read. This is signaled by a New Account screen appearing in Yubico Authenticator for iOS.
Before saving this credential, you have the option to adjust the following settings.
Note that these cannot be changed after saving the credential.
- Issuer - defines the service name
- Account name - Defines the account holder name
- Require touch - Toggles on or off the requirement to touch the YubiKey (or scan again in the case of NFC) in order to display the OATH code. Note that this is set on a per-credential basis. In other words, each credential can have this set differently.
Tap Save. If you are using a YubiKey over NFC, when the Ready to Scan pop-up appears, bring your key next to your phone’s NFC reader (typically located on the rear of the phone near the top) and hold it there until a checkmark appears on-screen, indicating the credential has been securely added to the YubiKey.
- At this point, if you wish to store the same account on a second YubiKey, simply repeat steps 3 and 5-9 for each additional YubiKey. Alternatively, if you wish to add this account to another YubiKey but don’t have one currently, you can save a copy of the QR code (or secret key) in a safe place to scan and add later.
Use the current code displayed in Yubico Authenticator for iOS for this account to complete setup of the account on the other device.
Your YubiKey is now configured for authenticator codes for this service.
To file a support ticket with Yubico, click Support.