Using a Yubikey Neo with Google & Gmail

This document explains how to use the Yubikey Neo. The Yubikey Neo is a hardware token, used for two-factor authentication, which is U2F compliant, so it can be used as a 2-factor device for your Gmail / Google account. Using a “Security Key” is only supported in Google Chrome.

If you want to configure the FIDO U2F key by Yubico, skip the “Configure the Neo” part. The other steps are identical.

Google will require you to connect your phone by default. You can choose to just setup the Security Key, or also enable the authentication app. When you enable both, Google will first ask for your Security Key and offer the app as a back-up (E.G in other browsers)

  1. Requirements
  • Two-factor authentication via your app must be enabled
  • When using a Yubikey Neo: You must download and install the NEO Manager (which is a separate tool from the Yubikey Personalization tool

You can download the NEO Manager here:

2. Configure the NEO

Once you’ve installed the NEO Manager, open the application.

To configure your NEO to support U2F (used by Google), click “Change connection mode (OTP)

When you enable U2F you will still be able to use the OTP functionality of your NEO e.g for logging into your websites.

  • Check the U2F box.
  • Click “Ok”
  • You will be prompted to remove your Yubikey NEO. Remove the Yubikey now.

3. Configure your account

Login to your Google account. Open your “profile” in the top right, and click “Account”

  1. Go to the “Security” tab in your profile
  2. Click “Settings” next to 2-step verification. 2-factor authentication needs to be enabled to be able to continue.

Open the “Security Keys” tab, and click “Add security key”

4. Adding the key

  • Make sure the Yubikey isn’t plugged in yet.
  • Click the register button, then plug in the Yubikey NEO.
  • Touch the gold disk to send the code, until you get the “Registered” confirmation.
  • Click “Done”

5. Using the key

When you try to access your Google account, Google might ask for your Security Key. Plugin the Yubikey Neo, and touch the gold disk to send the code, after which you will be logged in. You’re now using 2-factor authentication!

Download this tutorial

You can download the PDF of this tutorial here, courtisy of @socroto and @toralko

Discover more from PowerUser Guide

Subscribe now to keep reading and get access to the full archive.

Continue reading