Borrowing a U2F key

Yubikey-brand U2F key.So your phone is broken or lost or misplaced and you need a way to log in to Duo and Google. You can purchase a U2F key from the Walk-in Center or NC State Bookstores for as little as $10. You can also check one out from the Libraries for short term use. Instructions follow for setting up both Duo and Google to use your U2F key.




Please note: U2F keys work with only certain web browsers. We recommend using Chrome, and the instructions below assume that you are doing so.

Step 1: Duo

You will be faced with one of two possible screens.

Possibility 1

Duo screenshot asking the user to choose an authentication method between a passcode and a push to an attached device.

  • The first screen appears if your phone is still in your Duo profile and asks you to authenticate either using your phone or a code. Assuming your registered phone is not usable, you need a bypass code which you can obtain by calling the Help Desk (919-515-4357) or visiting the Walk-in Center.
    • Please note: you may call the Help Desk outside of business hours to get a bypass code. However, Duo bypass codes given outside of business hours are good for one use only and must be used within the hour. Make sure you set up your key immediately after calling.
  • Click the green ‘Enter a Passcode’ button and then enter the code provided to you by the Help Desk or Walk-in Center.
  • This brings you to the screen where you can add a device. Click on ‘Add another device.’

Duo screenshot showing the option to add another device, located after Device Options. The link is surrounded by a red box.

Possibility 2

Duo screenshot explaining how to protect the user's NCSU account through setting up dual authentication.

  • The second screen appears if your phone has been removed from your Duo profile. Click ‘Start Setup,’ located at the bottom of the page. Then jump to the adding a device section below.

Adding a device:

Duo screenshot showing a list of buttons the user can click to select the kind of the device they are adding, such as mobile phones, tables, or U2F tokens.

  • Select ‘U2F Token’ from the list of possible devices to add, then click the ‘Continue’ button at the bottom of the screen.

Duo screenshot describing the enrollment process and what to do if a required pop-up window does not appear.

  • An informational screen will appear about enrolling a U2F token. Once you have read this screen, click the ‘Continue’ button.

Duo screenshot of a popup window telling the user to use their U2F token to proceed.

  • Another window will pop up. At this point, you should insert the blue U2F key into an available USB port on your computer. Be aware that this U2F key can be inserted into the USB port two ways, but only one way will work. As soon as you insert it, the key icon in the gold circle should start flashing a blue light. If the light doesn’t flash, pull the U2F key out, flip it over, and insert it again. Once the light flashes, just tap the key icon.

A Duo screenshot of the My Settings & Devices screen, which now displays a U2F token.

  • You may get a quick notification that the enrollment is complete, followed by the ‘My Settings & Devices’ screen which will now show your U2F token.

Duo screenshot showing the user a choice between push and passcode authentication methods.

Duo screenshot describing what the user should do if their U2F token flashes.

  • You have now successfully enrolled your U2F key in Duo.
    When you go to log in to MyPack or another service that uses 2FA, you will get one of two screens. Either way, just insert your 2FA key and tap the gold key icon when the light flashes. DO NOT check the ‘Remember me for 30 days’ box if you are on a public computer! Note that you can pull the 2FA key out of the computer’s USB port without safely ejecting it or dragging it to the trash.
  • Once your phone is repaired or you have a new phone, you can return to the Duo device management page to get the phone set up for Duo. If you borrowed a key from the library, after your phone is successfully enrolled you should delete the U2F key from the device management page and then return the key to the library. If you purchased a key, just leave it in your profile to use as a backup. For the security of your account, is extremely important that if you borrowed a U2F key from the Library, you remove it from your Duo profile when you are done using it.

Step 2: Google

Chances are that your computer is set to remember you for 30 days for Google, since this is checked by default. If that is the case, it is easy to add the U2F key to your account and you should do it now in case your 30 days is up before you have your phone back.

Google Account screenshot, showing three options: signing in, device activity, and apps with account access. Signing in is framed in a red box.

  • On the left side, click on ‘Signing in to Google.’

Google Accounts screenshot showing a Password & sign-in method screen, which lists options. The option to modify 2-Step Verification is framed in a red box.

Click on ‘2-Step Verification.’

Google Accounts screenshot showing a description of a Security Key.

Scroll down to the bottom of the screen and click on ‘Add Security Key.’

Google Accounts screenshot asking the user if they have a Security Key, but making sure it is not connected yet.

  • You will get a screen telling you not to connect your Security Key to the computer yet. If you already did, don’t worry about unplugging it. Just click ‘Next.’

Google Accounts screenshot describing how to register a security key.

  • The next screen tells you to insert the security key. Go ahead and do that. The key icon should flash and you should tap it.

Google Accounts screenshot showing that the security key has been registered. There is an entry form to name the key.

  • After you tap the key icon on the U2F key, a screen will come up telling you your security key has been registered and asking you to name it. It doesn’t matter what you name it, as long as you remember what you call it so you can delete it later. Once you name it, just click ‘Done’ and you’re all set.

That’s it. You are good to go. Any time you need to authenticate for Google, just put in the U2F key and tap the gold key icon when the light flashes.

If you borrowed a key from the Library, when you have your phone back you should go back to the Google account settings and remove the Security Key as an authentication device. For the security of your account, is extremely important that you remove the borrowed U2F key from your Google profile when you are done using it. Don’t forget to return the key to the Library. If you purchased a key then you can leave it in your account as a backup.

So what if your computer isn’t set up to remember you for 30 days? To set up your borrowed U2F key, you will first need to obtain bypass codes. If you previously saved or printed out the list of ten bypass codes that Google provides, you can use those. If not, you will need to obtain bypass codes by calling the Help Desk (919-515-4357) or visiting the Walk-in Center. You can obtain bypass codes outside of business hours by calling the Help Desk.

Google screenshot showing a 2-Step Verification screen, using phone texting confirmation.

  • When you attempt to edit your two-step verification settings, you will get a screen that asks you for the code you were texted or to use the Google app on your phone. Presumably, you can’t do this since your phone isn’t usable. Click on ‘More options.’

Google screenshot showing options for if the user cannot use text verification. The option 'enter one of your 8-digit backup codes' is framed in red.

  • Click on ‘Enter one of your 8-digit backup codes.’ Please note: The option to enter a backup code only appears if bypass codes have been created. If you don’t have this option, call the Help Desk or visit the Walk-in Center to get codes.

Google screen with entry form for entering an 8-digit backup code.

  • Enter a backup code and click ‘Next.’