Troubleshooting: Duo Updates to USB Security Key Method
Beginning in mid-January 2022, Two-Step Login users who authenticate using a USB security key (hardware token) will need to update their key and should expect an extra step in their login process.
This article applies to: Two-Step Login
Google has announced it will end support for the U2F authentication standard in Chrome. This technology has been used for USB security keys (hardware tokens), such as those used with Cornell Two-Step Login.
To accommodate this change, Duo, the vendor that supports the Two-Step Login service, will move to a different security protocol in mid-January 2022 called WebAuthn. This update will affect Cornell users whose Two-Step Login process is set up to use U2F security keys.
In short, you can continue to use your USB security key after a quick update. To prepare for the change, first make sure the browser you use when authenticating has been updated:
- Chrome version 70 or later on Windows or macOS
- Firefox version 60 or later on Windows or macOS
- Safari version 13 or later on macOS
- Microsoft Edge version 79 or later
Updating Your Security Key
Beginning in mid-January, during an authentication request, you can expect Duo to prompt you to update your USB security key. When this happens, you will see a prompt like this in your browser:
Make sure your USB security key is inserted into a USB port on your computer. Then click Continue to make your security key compatible with the new protocol.
How Your Two-Step Login Will Change
After Duo makes the scheduled change to the authentication standard, a step will be added to the process for authenticating with Two-Step Login and your USB security key. Previously, Chrome and Microsoft Edge users were able to tap their security key immediately as soon as the Duo Prompt loaded. Now, these users will see the Duo Prompt in their browser first. (This “Use Security Key” step is already the standard experience in Safari and Firefox for the traditional Duo Prompt.)
When you connect to a service that requires Two-Step Login, it will first take you to the browser screen that lets you choose your device and method.
It will look similar to this:
- Make sure your USB security key has been selected in the Device dropdown field.
- Click Use Security Key, then tap or press the button on your security key as usual to authenticate. To reduce how often you need to authenticate with Two-Step Login, select the checkbox for Remember me for 24 hours before clicking Use Security Key.
Questions or Issues
If you have questions or issues using Two-Step Login, contact the IT Service Desk.