Configuring a Yubikey to Protect Local Accounts on a Windows 10 PC

แชร์
ฝัง
  • เผยแพร่เมื่อ 5 พ.ย. 2024

ความคิดเห็น • 58

  • @gayclevelandnow
    @gayclevelandnow 3 ปีที่แล้ว +6

    Let me get this out of the way first: Great video, and thank you very much!
    I am having an issue, (albeit it may be an actual Windows 11 change. I followed all the steps from here, and I only have one account local, which is what I set up for. The local account was originally a Microsoft account, that I converted back to a local account with administrative privileges, a few months back for other reasons not related to this. Once the computer restarts after installation of Login Configuration, it shows me to options to logon: My local account by name, with it in my case my pic, and the Yubico Login. I selected the Yubico Login, and entered my credentials from the same local account that is also listed on my logon page. It logs in. I then run the Login configuration and setup my YubiKey. It shows success, and does the reboot. However, when I get back to logon screen the same 2 options now are available, My administrator Local Account (which I used to setup the YubiKey for), and the Yubico Login, which I enter my same credentials as the listed local account on the screen. It works, and requires me to have the key in to login.
    Then, I was like OK, well should be it won't let me use the listed account on the screen. Surprise though to me, I could click my acct, and enter the password for it as well, and it didn't require the YubiKey, and logs into the exact same place as the one that does require it.
    Am I missing something. Thanks.
    UPDATE: I FIGURED IT OUT
    I had a PIN setup on my local account. Any account that you are going to use the app for can NOT have a PIN setup on it, or else it will show up on the logon screen, and be a way to bypass the Yubico logon if you know the PIN. Removed the PIN and all is working as it should.
    THINGS TO NOTE:
    1. My machine I did this on is not a domain joined computer at this time.
    2. I originally did not have CTRL-ALT-DEL as requirement for logging in, but I changed it via Netplwiz
    For Windows 11 Users to Remove PIN:
    Log in the account that has the PIN (This is essential, however, if the Yubico is the same as the acct you want to remove PIN for, you can log into it that way as well), and then follow these instructions
    1: Right click Start button, and the click Settings
    2: Click accounts from left panel (if you do not see a left panel, click the hamburger menu to get to it)
    3: Click 'Sign-In Options'
    4: Click 'PIN (Windows Hello)
    5: Click Remove, you will get some info on why you may want to use a PIN, in which you have to click Remove again.
    6: Enter your password (not PIN) to verify change.
    7: Log off, or restart machine
    Everything worked after that. Again THANK YOU

    • @PE4Doers
      @PE4Doers  3 ปีที่แล้ว +3

      WOW, thanks so much for both your compliment and all the great information you've provided, especially on Windows 11 (which I have not tried the Yubikey on yet. I am going to PIN this comment so everyone can see it right up front :)

    • @ronharding4936
      @ronharding4936 ปีที่แล้ว

      I had similar issues, too. This video really helped me get started, but I had to do a lot of tweaking to get it to work correctly.

    • @MC-ExcaliburProject
      @MC-ExcaliburProject 8 หลายเดือนก่อน

      I did all that, no pin, still bypasses key and uses regular password to log in

  • @QuikTechSolutions
    @QuikTechSolutions 3 ปีที่แล้ว +2

    Great job David! I use Yubikeys all the time. I also noticed you synchronized the light switch at the end. Nice touch!

    • @PE4Doers
      @PE4Doers  3 ปีที่แล้ว +1

      That is the best way to go. I must admit however that I am fairly new to using them (or other similar keys) because I have many password protection schemes in place. I am also concerned about the cost. I wish they would sell them more commonly in 2-packs, since that is the correct way for them to be used.

  • @CD318
    @CD318 ปีที่แล้ว +1

    This was awesome--thanks so much, David!

    • @PE4Doers
      @PE4Doers  ปีที่แล้ว

      You are very welcome. Let me know if you have any questions 🙂

  • @KathrinHausermann
    @KathrinHausermann 3 ปีที่แล้ว +2

    44 secs online :)) I liked your brilliant video :)) Very informative as always. Maybe you could make a different video with the different groups/levels of Security Keys YubiKeys offers. And the best option for normal windows users to start with. Of course this is just another one of my "good" ideas :)) you know me :)) It is the equivalent of when my cats decide to "help" me :))

    • @PE4Doers
      @PE4Doers  3 ปีที่แล้ว +1

      Thanks Kathrin, I always appreciate you gret suggestions :)

    • @KathrinHausermann
      @KathrinHausermann 3 ปีที่แล้ว

      @@PE4Doers I have another one :)) Please create a P.O Box so I can send you at least this year a Christmas present :)) I already ordered and paid for it :))

    • @PE4Doers
      @PE4Doers  3 ปีที่แล้ว

      @@KathrinHausermann I wish you hadn't done that. I will price a P.O. Box out. Also, I have about 20 PC Fans (mostly removed from new cases since they were not PWM. I would like to get those to you. Send me a GMAIL.

  • @colmmorgan1716
    @colmmorgan1716 ปีที่แล้ว +1

    Hi there could you do video showing how to use Yubico series 5 key to safeguard my laptop?? Then it cannot be used if stolen, also, for android and iphone

    • @PE4Doers
      @PE4Doers  ปีที่แล้ว

      I will see what I can do.

  • @ronharding4936
    @ronharding4936 ปีที่แล้ว

    Thanks very much. This was a huge help.

    • @PE4Doers
      @PE4Doers  ปีที่แล้ว +1

      You are very welcome Sir

  • @johnwetzel5248
    @johnwetzel5248 ปีที่แล้ว +2

    My problem is that I use (or used to use) my yuibikeys not to protect my computer, but as two factor authentication for an online bank account. Now, when I log on to the bank account, I can't get in because, at login prompt, I type in first my username, then my password (security factor number one) and then the bank asks me to plug in my yubikey and touch it. But, windows security pops up a window that says in effect: I (windows) don't recognize this yubikey. Windows then doesn't allow the yubikey signal onto the internet. So my attempt to log in is stopped dead. It does this because windows security treats the yubikey as if its function is to protect my computer, and so it wants me to set up each of my yubikeys with windows. But, I don't want to secure my computer, I don't want another username for that, and another pin. In other words, windows security on my win10 machine is inserting itself into the middle of my bank transaction, and preventing me from using my yubikeys because it doesn't recognize them. Windows requires me to have an extra password and pin for the yubikeys, and so has destroyed my ability to access my bank account. Now I gotta go back to mobile phone authentication to access my bank account, and I hate that because it isn't secure (because cloned mobile phones are a thing).

    • @PE4Doers
      @PE4Doers  ปีที่แล้ว

      WOW, did you contact Yubikey?

    • @johnwetzel5248
      @johnwetzel5248 ปีที่แล้ว

      @@PE4Doers No. The problem is with the win10 operating system. So this is what I had to do. First, I had to contact the bank, and have them check me out with security questions. Once verified, we (me and the bank) decided the best path was for the bank to remove my yubikeys from their software. Then, I was to re-register both keys with the bank, using their online software, just as I originally registered them. This time, windows 10 "security" again made me stop, and required me to register my yubikeys with windows security. This meant I had to give each of my yubikeys a "name" and a "pin number". So, before, my bank account was accessed online by a password (security factor#1) a security question I had previously answered (security factor#2) and the use of the yubikey (security factor#3). That 3 factor protection was robust, and what I wanted. NOW, thanks to windows, each time I log onto my bank, I need the three previous factors plus the PIN to make windows happy. And I don't know what the point of establishing a "name" was, maybe next week windows 10 will decide I need to give windows the name AND the pin for the yubikey, before I get to give the bank the password, the security answer and the yubikey verification. Now, if I go to a different windows machine, that machine won't "recognize" my yubikey, and I will have to repeat the whole process. I may be able to get around all that by getting yubikeys management software, disabling something called "fido2" and then hoping that makes windows 10 security back off.

  • @NoobWardenSpammer
    @NoobWardenSpammer 2 ปีที่แล้ว

    thank you for such a clear explanation.,
    but I have a questions.
    1. do i really have to manually enter the username every boot? I only have 1 user account on my pc btw. it's so tiring to login if it's like that.
    2. if i understand correctly, slot1 should never be overwritten if I used the yubikey to other web service logins right? not unless I set it up first for the windows and other services right after "programming" it for windows? please correct me if im wrong.
    3. do magnets affect the yubikey? I'm planning to buy and wanted to place 2 neodymium magnets on the keyring holes(back2back) and mount it under my table.
    hoping for an answer., even just my first question will do. thanks a lot.

    • @PE4Doers
      @PE4Doers  2 ปีที่แล้ว

      1. Yes, that is a security feature - requiring someone to know that ID
      2. I believe it defaults to Slot 1. Just take the defaults when you first initialize it.
      3. Magnets should NOT affect it. The storage of the key is not magnetic based.

  • @loneranger5928
    @loneranger5928 2 ปีที่แล้ว +1

    Nice video David, can you use it on mobile phone.

    • @PE4Doers
      @PE4Doers  2 ปีที่แล้ว

      Yes, it it a bit more expensive, but they have that covered. See this on Amazon: amzn.to/3eQPBXr

  • @JamesDLegan
    @JamesDLegan 2 ปีที่แล้ว

    I have installed the Yubikey on my local account that works perfectly on my laptop which I thank you for the excellent instructions. My question is if I put my wife also on the laptop with her own local account can I then use her Yubikey to do the same thing? In other words have two accounts using separate Yubikeys?

    • @PE4Doers
      @PE4Doers  2 ปีที่แล้ว

      I believe that will work fine. The YubiKey is assigned to a specific user account.

    • @JamesDLegan
      @JamesDLegan 2 ปีที่แล้ว

      @@PE4Doers I tried to add her to laptop but it will not let me. I am thinking I will have to first change my account to microsoft, then add her as a regular user. Then change myself and her to local?

    • @PE4Doers
      @PE4Doers  2 ปีที่แล้ว

      @@JamesDLegan I guess you can try that. I avoid the Microsoft accounts all together. Are your two accounts already linked to Microsoft?

    • @JamesDLegan
      @JamesDLegan 2 ปีที่แล้ว

      @@PE4Doers I had to setup my local account back to microsoft in order to add her to the laptop. That worked however when I went to then turn mine back to local and then using her account to remove my microsoft account I lost everything on my microsoft side and my Yubikey account no longer worked with my sign in credentials. I am back to square one now resetting my laptop and will just set it up as before with my Yubikey and leave her off. I am retired so I have plenty of time! LOL. Thanks again for the help.

  • @seV7PSakKQ5bhp5e4vKQgnA7S
    @seV7PSakKQ5bhp5e4vKQgnA7S 18 วันที่ผ่านมา

    I inserted my YubiKey during the “Please insert a YubiKey to configure” process but it’s not showing up. It showed on the Authenticator and the Yubi manager app.

    • @PE4Doers
      @PE4Doers  18 วันที่ผ่านมา +1

      I assume you did OK while initiating it. If that is the case, then I would reach out to Yubikey support.

    • @seV7PSakKQ5bhp5e4vKQgnA7S
      @seV7PSakKQ5bhp5e4vKQgnA7S 18 วันที่ผ่านมา

      @@PE4Doers thanks!! I figured out I was using a “security key” instead of a 5 series. They look the same lol. And thanks for the video!

    • @PE4Doers
      @PE4Doers  18 วันที่ผ่านมา

      @@seV7PSakKQ5bhp5e4vKQgnA7S I'm very glad you found out what the issue is. Good luck .

  • @theadoresmith2777
    @theadoresmith2777 ปีที่แล้ว

    I can not get the yubikey to work at all in Win10. Just keeps on coming up with " invalid credential " - whatever that means.

    • @PE4Doers
      @PE4Doers  ปีที่แล้ว

      That key may need to be re-initialized. Did you try reaching out to them yet? I found them very helpful.

  • @axi6ne8us
    @axi6ne8us ปีที่แล้ว

    How do you setup the touch login with the yubikey 5c NFC? When I touch mines, it doesn't login me in. I have to type the password every time.

    • @PE4Doers
      @PE4Doers  ปีที่แล้ว

      I believe that is the default, however the configuration has several options that I believe may include what you are looking to do.

  • @marcing4287
    @marcing4287 2 ปีที่แล้ว

    What is the difference between Yubikey 5 FIPS and "no-FIPS" version ? I looked at the comparison table and I do not see any difference.

    • @PE4Doers
      @PE4Doers  2 ปีที่แล้ว

      FIPS is an additional published security Standard being pushed by the U.S. Federal Government and defined by the NIST agency that is gaining popularity. I believe you only need that if you are a Government contractor trying to bid for projects with the Federal Government. These Alphabet soups are always changing.

  • @patryknowak1499
    @patryknowak1499 5 หลายเดือนก่อน

    hi, after rebooting my pc, id doesnt turn on, im getting error: 0xc000000f can anyone help?

    • @PE4Doers
      @PE4Doers  5 หลายเดือนก่อน

      Have you reached out to Yubikey support?

  • @iGp0wn3d
    @iGp0wn3d 2 ปีที่แล้ว

    Hey. I use a static password on slot 2 on my yubikey. Can i also use slot 2 for this System login?

    • @PE4Doers
      @PE4Doers  2 ปีที่แล้ว

      That should work just fine.

    • @ifodaniell
      @ifodaniell 2 ปีที่แล้ว

      The real answer is no. The statis password will get overwritten with the new secret. If you try to use the static password as the secret, that doesn't work either.

  • @JamilBM007
    @JamilBM007 ปีที่แล้ว

    Heyyy after I restarted my laptop I can’t login again

    • @PE4Doers
      @PE4Doers  ปีที่แล้ว

      Did you try logging in with you separate admin account? That account should still work.

    • @JamilBM007
      @JamilBM007 ปีที่แล้ว

      @@PE4Doers yes I did. But it’s a Microsoft account. Does it work with Microsoft accounts?

    • @PE4Doers
      @PE4Doers  ปีที่แล้ว

      @@JamilBM007 When using a Microsoft account things change. That is considered an 'online' account, not a local account. There are instructions on the Yubikey Website that describes how those are handled.

    • @JamilBM007
      @JamilBM007 ปีที่แล้ว

      @@PE4Doers okay thank you

    • @PE4Doers
      @PE4Doers  ปีที่แล้ว

      @@JamilBM007 You are welcome. I'm just worried could could not be more help.

  • @faith_nacario
    @faith_nacario 2 ปีที่แล้ว +1

    plzz help i have after after i downloaded then reboot it.. I cant download and I FORGOT MY PASSWORD.. I did not configurate it yet using a yubikey.. BUT THE PROBLEM I REALLY FORGOT MY PASSWORD ON REGULAR LOG IN .....WHAT SHOULD i do .. ?????

    • @PE4Doers
      @PE4Doers  2 ปีที่แล้ว

      Do you have a separate admin account configured on your PC?

  • @faithnacario3977
    @faithnacario3977 2 ปีที่แล้ว

    Sir is there another options to fix this?? Huhuhuh

    • @PE4Doers
      @PE4Doers  2 ปีที่แล้ว

      I'm not privy to any of the tech insider methods on that product. Have you reached out to their Tech Support yet? You really need to have a secondary admin account on 'every' pc.