Skip to main content

Cornell University

Troubleshooting: Duo Updates to USB Security Key Method

Following a 2022 update, Two-Step Login users who authenticate using a USB security key (hardware token) may need to update their key and should expect an extra step in their login process.

This article applies to: Two-Step Login

On This Page

Google no longer supports the U2F authentication standard in Chrome. This technology was previously used for USB security keys (hardware tokens), such as those used with Cornell Two-Step Login.

To accommodate this change, Duo, the vendor that supports the Two-Step Login service, in January 2022 moved to a different security protocol called WebAuthn. This update affected Cornell users whose Two-Step Login process was set up to use U2F security keys.

In short, you can continue to use your USB security key after a quick update. To prepare for the change, first make sure the browser you use when authenticating has been updated:

  • Chrome version 70 or later on Windows or macOS
  • Firefox version 60 or later on Windows or macOS
  • Safari version 13 or later on macOS
  • Microsoft Edge version 79 or later

Updating Your Security Key

After 2022, during an authentication request, if your USB security key is still configured for U2F authentication, you can expect Duo to prompt you to update the USB security key. When this happens, you will see a prompt like this in your browser:

Make sure your USB security key is inserted into a USB port on your computer. Then click Continue to make your security key compatible with the new protocol.

How Your Two-Step Login Will Change

After Duo makes the scheduled change to the authentication standard, a step will be added to the process for authenticating with Two-Step Login and your USB security key. Previously, Chrome and Microsoft Edge users were able to tap their security key immediately as soon as the Duo Prompt loaded. Now, these users will see the Duo Prompt in their browser first. (This “Use Security Key” step is already the standard experience in Safari and Firefox for the traditional Duo Prompt.)

  1. When you connect to a service that requires Two-Step Login, it will first take you to the browser screen that lets you choose your device and method. It will look similar to this:

     
  2. Click Security Key, then tap or press the button on your security key as usual to authenticate. 
  3. Going forward, Two-Step Login should automatically take you to the Security Key prompt when you are signing into a service that requires authentication.
     
  4. When this prompt appears, tap or press the button on your security key as usual to authenticate.

Questions or Issues

If you have questions or issues using Two-Step Login, contact the IT Service Desk.

Comments?

To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.