Borrowing a U2F key

So your phone is broken/lost/misplaced and you need a way to log in to Duo and Google. You can purchase a U2F key from the Walk-in Center or NCSU Bookstore for as little as $10. You can also check one out from the Libraries for short term use. Instructions follow for setting up both Duo and Google to use your U2F key.

 

Please note: U2F keys only work with some web browsers. We recommend using Chrome and the instructions below assume that you are doing so.

 

Step 1: Duo

You will be faced with one of two screens.

Possibility 1 Possibility 2
 
  • This screen appears if your phone is still in your Duo profile and asks you to authenticate either using your phone or a code. Assuming your registered phone is not usable, you need a bypass code which you can obtain by calling the Help Desk (919-515-4357) or visiting the Walk-in CenterPlease note: you may call the Help Desk outside of business hours to get a bypass code. However, Duo bypass codes given outside of business hours are good for one use only and must be used within the hour. Make sure you set up your key immediately after calling.
  • This screen appears if your phone was removed from your Duo profile. Just click ‘Start Setup.’ Then jump to the adding a device part below.
  • Click the green ‘Enter a Passcode’ button and then enter the code provided to you by the Help Desk or Walk-in Center.
  • Click the green ‘Login’ button which is now visible
  • This brings you to the screen where you can add a device. Click on ‘Add another device’ shown here in a red box.

Adding a device:

  • Select ‘U2F token’ from the list of possible devices to add and then click the green ‘Continue’ button.
  • Read the informational screen about enrolling a U2F token and click the green ‘Continue’ button.
  • Another window will pop up. At this point, you should insert the blue U2F key into an available USB port on your computer. Be aware that this U2F key can be inserted into the USB port two ways, but only one way will work. As soon as you insert it, the key icon in the gold circle should start flashing a blue light. If the light doesn’t flash, pull the U2F key out, flip it over, and insert it again. Once the light flashes, just tap the key icon.
  • You will get a quick notification (that you might not see) that the enrollment is complete, followed by the ‘My Settings & Devices’ screen which will now show your U2F token.

  • You have now successfully enrolled your U2F key in Duo.
    When you go to log in to MyPack or another service that uses 2FA, you will get one of two screens. Either way, just insert your 2FA key and tap the gold key icon when the light flashes. DO NOT check the ‘Remember me for 30 days’ box if you are on a public computer! Note that you can pull the 2FA key out of the computer’s USB port without safely ejecting it or dragging it to the trash.
  • Once your phone is repaired or you have a new phone, you can return to the Duo device management page to get the phone set up for Duo. If you borrowed a key from the library, after your phone is successfully enrolled you should delete the U2F key from the device management page and then return the key to the library. If you purchased a key, just leave it in your profile to use as a backup. For the security of your account, is extremely important that if you borrowed a U2F key from the Library, you remove it from your Duo profile when you are done using it.

 

Step 2: Google

Chances are that your computer is set to remember you for 30 days for Google, since this is checked by default. If that is the case, it is easy to add the U2F key to your account and you should do it now in case your 30 days is up before you have your phone back.

  • On the left side, click on ‘Signing in to Google,’ shown here in a red box.
  • Click on ‘2-Step Verification.’
  • Scroll down to the bottom of the screen and click on ‘Add Security Key.’
  • You will get a screen telling you not to connect your Security Key to the computer yet. If you already did, don’t worry about unplugging it. Just click ‘Next.’
  • The next screen tells you to insert the security key. Go ahead and do that. The key icon should flash and you should tap it.
  • After you tap the key icon on the U2F key, a screen will come up telling you your security key has been registered and asking you to name it. It doesn’t matter what you name it, as long as you remember what you call it so you can delete it later. Once you name it, just click ‘Done’ and you’re all set.
That’s it. You are good to go. Any time you need to authenticate for Google, just put in the U2F key and tap the gold key icon when the light flashes.

If you borrowed a key from the Library, when you have your phone back you should go back to the Google account settings and remove the Security Key as an authentication device. For the security of your account, is extremely important that you remove the borrowed U2F key from your Google profile when you are done using it. Don’t forget to return the key to the Library. If you purchased a key then you can leave it in your account as a backup.

So what if your computer isn’t set up to remember you for 30 days? To set up your borrowed U2F key, you will first need to obtain bypass codes. If you previously saved or printed out the list of ten bypass codes that Google provides, you can use those. If not, you will need to obtain bypass codes by calling the Help Desk (919-515-4357) or visiting the Walk-in Center. You can obtain bypass codes outside of business hours by calling the Help Desk.
  • When you attempt to edit your two-step verification settings, you will get a screen that asks you for the code you were texted or to use the Google app on your phone. Presumably, you can’t do this since your phone isn’t usable. Click on ‘More options.’
  • Click on ‘Enter one of your 8-digit backup codes.’ Please note: The option to enter a backup code only appears if bypass codes have been created. If you don’t have this option, call the Help Desk or visit the Walk-in Center to get codes.
  • Enter a backup code and click ‘Next.’