Use a Hardware Security Key for Multi-Factor Authentication

Use a Hardware Security Key for Multi-Factor Authentication

Use a Hardware Security Key for Multi-Factor Authentication

Overview

A hardware security key is a small USB or NFC device that proves it is really you when you sign in. It is the strongest form of MFA available because attackers cannot phish a physical key out of your pocket. This guide explains how to register one with your work account.

Before You Begin

  • A FIDO2-compatible security key (YubiKey 5 series, Google Titan, or similar). Your IT team can recommend a model.
  • Your work account password.
  • A computer with an available USB-A or USB-C port, depending on your key.
  • A second factor already configured (such as Microsoft Authenticator) so you can finish setup.

Steps

  1. On your computer, go to https://aka.ms/mfasetup (Microsoft 365) or https://myaccount.google.com/security (Google Workspace).
  2. Sign in and complete your existing MFA prompt.
  3. Find the security methods section. In Microsoft, click Add sign-in method. In Google, click 2-Step Verification → Security key.
  4. Choose Security key (Microsoft) or Add security key (Google).
  5. When prompted, insert your security key into a USB port. If your key uses NFC, hold it against the back of your phone instead.
  6. Touch the gold disc or button on the key when it blinks.
  7. Give the key a friendly name like Work laptop YubiKey so you can identify it later.
  8. Set a PIN for the key if asked. Write the PIN in your password manager.
  9. Click Done. Test it by signing out and signing back in.

Troubleshooting

  • If your browser does not detect the key: try a different USB port, or switch to Edge, Chrome, or Safari. Older browsers may not support FIDO2.
  • If you forget your security key PIN: the key must be reset, which erases all registrations. Contact support before resetting.
  • If you lose your key: sign in with your backup method (Authenticator app or backup codes), remove the lost key from your account, and request a replacement.
  • If your key is required but you forgot it: contact support. They can grant temporary access while you retrieve it.

Related Articles

Need More Help?

Submit a ticket at support.bostonmit.com or email support@bostonmit.com.

    • Related Articles

    • Set Up Multi-Factor Authentication with Google Authenticator

      Set Up Multi-Factor Authentication with Google Authenticator Overview If your company uses Google Workspace, multi-factor authentication (MFA) protects your account by requiring a six-digit code from your phone in addition to your password. This ...

    • Set Up Multi-Factor Authentication with Microsoft Authenticator

      Set Up Multi-Factor Authentication with Microsoft Authenticator Overview Multi-factor authentication (MFA) adds a second check to your sign-in so a stolen password alone cannot get into your account. This guide walks you through setting up the ...

    • Use Your Company Password Manager

      Use Your Company Password Manager Overview A password manager remembers every password you use so you do not have to. Your company provides one as part of your standard tools. This guide explains how to install it, save your first password, and use ...

    • Reset Your Microsoft 365 Password

      Reset Your Microsoft 365 Password Overview If you have forgotten your Microsoft 365 password, you can reset it yourself in a few minutes using self-service password reset. This guide walks you through the process from a phone or computer. Before You ...

    • Choose a Strong Password You Can Actually Remember

      Choose a Strong Password You Can Actually Remember Overview A strong password is your first line of defense against account takeover. The good news: strong does not mean unmemorable. This guide explains what makes a password strong and how to pick ...