This article explains how Beyond Identity enables passwordless, phishing-resistant Windows desktop login using YubiKey 5 series devices, including prerequisites, enrollment steps, and usage limitations.
Operating System | Windows 10 and up |
Feature | Beyond Identity Windows Desktop Login with YubiKeys |
Limitations | This release of our product enables customers to protect the following:
We are continuously expanding support for additional use cases. |
**GENERAL AVAILABILITY**
Beyond Identity integrates with Microsoft Windows to let users log in securely to their desktops without passwords using YubiKeys, a type of hardware security key, to protect against phishing attacks. This advanced login method, known as phishing-resistant passwordless authentication, helps keep your organization safe from credential-based threats.
This article explains how users can enroll their YubiKeys using the Beyond Identity Authenticator for Windows to enable desktop login. To get started, follow the steps below.
Note: If you're an IT admin needing documentation to help configure YubiKeys for Windows desktop login, please click here.
Prerequisites
A physical YubiKey 5 series manufactured by Yubico such as:
YubiKey 5C NFC (USB-C)
YubiKey 5C NFC (USB-A)
YubiKey 5C Nano (USB-C)
YubiKey 5C Nano (USB-A)
YubiKey 5C
YubiKey 5Ci
YubiKey 5C NFC FIPS (USB-C)
YubiKey 5C NFC FIPS (USB-A)
YubiKey 5C Nano FIPS (USB-C)
YubiKey 5C Nano FIPS (USB-A)
YubiKey 5C FIPS
YubiKey 5Ci FIPS
An approved desktop or laptop with a USB port or compatible slot to connect the YubiKey.
A Windows System Beyond Identity platform Authenticator installed (See Step 3).
Steps
1. Download the YubiKey Smart Card Minidriver for Windows. Be sure to select the version that matches your Windows system specifications:
We recommend downloading either the YubiKey Minidriver for 32-bit systems (Windows Installer), or the YubiKey Minidriver for 64-bit systems (Windows Installer).
2. Next, begin the Minidriver installation process.
3. Once the Minidriver is installed, download the Beyond Identity Authenticator for Windows, if you haven’t already, by visiting: https://app.byndid.com/downloads.
Click the Advanced Installation tab and download the Authenticator for Windows System (.msi x64).
4. Install the Beyond Identity Authenticator in your Windows machine by following the steps on your browser.
5. After following installation instructions, at the Welcome screen, click Next.
6. If you are extending your passkey from another device to your Windows machine, follow these steps first. Be sure to return to this article after extending your passkey to continue enrolling your YubiKey.
If this is your first time obtaining a new passkey, click New to Beyond Identity on the screen, and follow the instructions here. Be sure to return to this article after setting up your new passkey to continue enrolling your YubiKey.
7. Next, click Manage Desktop Login from your Authenticator's dialog window.
If you do not see Manage Desktop Login, contact your administrator.
8. On the next screen, you will be prompted to plug in your Security Key, in this case, your YubiKey.
9. Once the security key is successfully detected, you will be prompted to create a PIN that is either 6 or 8 digits long. Make sure to follow your organization’s security guidelines for creating PINs to ensure it is secure and not easily guessed. Avoid using simple or common combinations such as 123456 or 000000.
10. After entering the PIN number, click Next.
11. A confirmation message will display when the YubiKey has been successfully enrolled.
Now, next time you sign in to Windows, you can use your YubiKey and PIN to log in.