How to Add a YubiKey to Your Microsoft Account

What is a security key?

A security key is a small hardware device that plugs into your computer and replaces your password entirely for Microsoft sign-in. When prompted, you enter the key's PIN and tap the key — no password, no phone needed. The same key works on multiple computers.

Before you begin

You'll need:

A FIDO2-compatible security key (e.g., YubiKey 5 series). Not sure which YubiKey you have? Learn the make and model at yubico.com/genuine.
A PIN set on the key (or be ready to create one during setup)
A working sign-in method already on your account (Authenticator or password, depending on your cohort's status) to complete the initial sign-in at mysignins.microsoft.com

Set up your YubiKey

On your computer, open a new incognito/private browser window and navigate to https://mysignins.microsoft.com/security-info. If prompted to use Cardinal Key, cancel the prompt.
Enter your username in the following format: <your SUNetID>@stanford.edu.
Complete the sign-in process - the steps may vary depending on your previously configured authentication methods.
You should be taken directly to the Security info page for your account. At the top of the list of sign-in methods, you should be able to select + Add sign-in method.
Choose the option for Passkey (Sign in with your face, fingerprint, PIN, or security key).
When the "Sign in faster with your face, fingerprint, or PIN" prompt appears, select Next.
Microsoft will guide you through several prompts before opening a Windows Security dialogue.
At "Save your passkey," the passkey defaults to "This Windows device." Select Change so you can save it to your YubiKey instead.
At "Choose where to save your passkey," select Security key.
When the "Save your passkey" window asks you to "Touch your security key," tap the gold sensor on your YubiKey.
At "Enter your security key PIN," type your YubiKey PIN and select OK. (If you haven't used this YubiKey before, you'll be prompted to create a PIN first.)
When prompted to Touch your security key again, tap the sensor a second time to confirm.
At "Let's name your passkey," enter a name that's easy to recognize and select Next.
Microsoft will confirm the addition. Your security key will now appear in your list of sign-in methods.

Yubikey login from a Windows device

On your computer, open a new incognito/private browser session and go to https://outlook.office365.com. If your browser attempts to use Cardinal Key, cancel out of it.
Enter your username as <your SUNetID>@stanford.edu.
Select Face, fingerprint, PIN or security key.
Select Security key.
Insert and authenticate your YubiKey.
After physically touching the YubiKey, you should be put directly into Outlook.

YubiKey login from a Mac

Prerequisites: Your YubiKey must be registered with your Stanford Microsoft account before you can use it to sign in.

Open a Microsoft 365 app in Safari (Outlook, Teams, SharePoint, or OneDrive).
Enter your Stanford email address and select Next.
When prompted to choose a sign-in method, select Security key.
Insert your YubiKey, if it isn't already plugged in.
Touch the gold disc when the light flashes.
1. Enter the PIN you created for your YubiKey.
2. Press Return or select Continue.
You're in.

What happens next?

Once you sign into your Stanford Microsoft account using the new login process, you'll be ready to connect all the devices you use to check email and access other university Microsoft services to Microsoft Intune. (If you check email with both your laptop and your phone, connect both devices)

Wait 24 hours before connecting your devices to Intune, unless you are prompted to start sooner.

If you don't see the new login process appear 24 hours after completing set up, submit a Help request.

How to Add a YubiKey to Your Microsoft Account

On this page:

What is a security key?

Before you begin

Set up your YubiKey

How to log in to Microsoft using a Yubikey

What happens next?