To enable remote control and configure client settings. Note that the tool will only read a single YubiKey at a time, so if you have multiple keys connected, it might not be evident which one the tool is identifying. NFC) app-crypt/yubikey-manager-qt a GUI for app-crypt/yubikey-manager; sys-auth/yubico-piv-tool CLI-tool for PIV configuration; sys-auth/yubikey-personalization-gui aka ykinfo allows very low-level. 6. This document will guide you through the set up and configuration process of the YubiKey Personalization Tool, programming YubiKeys, and the output / extraction of the OTP secrets which need to be uploaded to the Okta admin portal. Should an exemption be obtained to deploy these devices with some interfaces disabled, the PID and iProduct values will be. In the Yubikey configuration software, click “Static Password” along the top, and then click the “Advanced” button. YubiKey FIPS (4 Series) devices should be deployed using a credential management tool like Microsoft ADCS with YubiKey mini. csv file to a secure location of your choice. Before you can enable the YubiKey integration as a multifactor authentication option, you need to obtain and upload a Configuration Secrets file generated through the YubiKey Personalization Tool. Keep in mind serial numbers are unique across all models of YubiKeys, with the exception of Security Keys, which do not have serial numbers. Configure a FIDO2 PIN. config/Yubicopamu2fcfg > ~/. The YubiKey 5 Series is a hardware based authentication solution that offers strong two-factor, multi-factor and passwordless authentication with support for multiple protocols including FIDO2, U2F, PIV, Yubico OTP, and OATH TOTP. This is the default and is normally used for true OTP generation. Commands. It provides an easy way to perform the most common configuration tasks on a YubiKey, such as:Select Configuration Slot 1, click Regenerate, and then click Write Configuration. 3 firmware for the YubiKey, we have decided to add a “dormant” YubiCloud config to the second slot. The OTP is just a string. Site Admin: Joined: Wed May 28, 2008 7:04 pm Posts: 263 Location: Yubico base camp in Sweden - Now in Palo Alto I've just spent some time finding out if there is a Vista specific issue and from what I can see, everything is okay, at least here:These are in addition to the configuration available in the YubiKey 5 FIPS Series. You will have done this if you used the Windows Logon Tool or Mac Logon Tool. Type the following commands: gpg --card-edit. Settings include: startup options, file management, entry management, user interface, language, security timeouts, and convenience. Using a YubiKey to login to your computer. Select Challenge-response and click Next. Launch the YubiKey Personalization Tool. You also get priority. Each Security Key must be registered individually. Python 3. Step 1: Go to your Microsoft account profile configuration page: authenticators YubiKey 5 Series. Once configured, go to Settings > Authentication > YubiKey Configuration to enable YubiKey OTP. Yubico OTP can be used as the second factor in a 2-factor authentication scheme or on its own, providing 1-factor authentication. Additional installation packages are available from third parties. Download the YubiKey Personalization Tool. ) security. Erases all keys and certificates stored on the device and sets it to the default PIN, PUK and management key. Leave the QR code page open. Steps to test YubiKey on Microsoft apps on iOS mobile. Yubico Authenticator for Desktop (Windows, macOS and Linux) and Android. 0 and 1. YubiKey Manager is a cross-platform tool; it runs on Windows, macOS, and Linux. In YubiKey Manager,. OATH validation serversCheck YubiKey Configuration If you have configured your YubiKey for specific services, double-check the configurations to ensure they are accurate. In the box, enter C:Program FilesYubicoYubiKey Manager. 1. generic. YubiKey ID embedded in OTP. Executive Order (EO) 14028 and OMB memo M. To change the configuration of a YubiKey configuration slot protected with an Access Code, follow these steps: 1) Locate the “Configuration Protection” Section. The tool follows a simple step-by. Easy to implement. Launch the YubiKey Manager App and connect your YubiKey if it is not already connected. Generate 2-step verification codes on a mobile or desktop device and apply cross platform. 9am - 5pm PST, Monday - Friday. Yubico OTP is a simple yet strong authentication mechanism that is supported by all YubiKeys out of the box. " You may have to remove and re-insert the YubiKey, but it should no longer add a. Getting Started. On success the tool prints to standard output a configuration line that can be directly used with the module. " Yubikey PUK (Personal Unlocking Key) Configuration. Click the Tools tab at the top. Just to verify that the software works I tried to makes the same changes (to the output rate) on a. In the SmartCard Pairing macOS prompt, click Pair. Operating systems supported: Windows Linux The tool works with any YubiKey (except the Security Key). If you're not sure which slot to use, use slot 1. Launch ykman CLI, ( 64-bit)Start the YubiKey Personalization Tool. This has two advantages over storing secrets on a phone: Security. Yubico Customer Support operating hours. . Step 2: If you choose to use the Sign tool, begin by downloading it from the official Microsoft website. 7 (or later) library and command line tool for configuring a YubiKey. 【2018/12/11】. Click Applications, then OTP. In Yubico Authenticator for Android: Scan or insert your YubiKey, tap the triple-dot button, then tap Change password. In the Local Group Policy Editor, navigate to Computer configuration —> Administrative Templates —> Windows Components —> Microsoft Additional Authentication Factor. Step 1: Program the YubiKey using the YubiKey Personalization Tool. The tool provides. The tool: is valid with any YubiKey (except the Security Key) works on Microsoft Windows, Apple macOS, and Linux operating systems. The Yubico PIV tool is used for interacting with the Personal Identity Verification (PIV) application on a YubiKey. Get the current connection mode of the YubiKey, or set it to MODE. By using COM/ActiveX, most programming languages and third-party tools can interface to the Yubikey via the YubiServerAPI Component through uniform interfaces with standard data representation. We need to add the Yubikey Manager directory as a new system variable. Before you can enable the YubiKey integration as a multifactor authentication option, you need to obtain and upload a Configuration Secrets file generated through the YubiKey Personalization Tool. In the YubiKey Personalization Tool, select OATH-HOTP or OATH-HOTP Mode. 1. Moving to closed feature requests. But it is not possible to get back your old yubikey prefix if you decide to re-program your YubiKey. Select False if only the 12-character YubiKey ID will be used to authenticate the end-user. You are now in admin mode for GPG and should see the following: 1 - change PIN. Click Add YubiKeys under the Add YubiKey OTP option. Select the control icon to open the menu. Execute the following command in PowerShell (or cmd. Describes how to use the YubiKey Personalization Tool application to configure your YubiKey for Yubico OTP, and then upload the AES key to the Yubico validation server. In the Log configuration output control, select Yubico format. usb. Spare YubiKeys. If the YubiKey menu option is already selected, click the three dots or the X on the upper right. Download ykman installers from: YubiKey Manager Releases. YubiKey configuration tools can be used to load Yubico. 6 (or later) library and command line interface (CLI). YubiKey Manager can be installed independently of platform by using pip (or equivalent): pip install --user yubikey-manager. GUI tool. If you are using Windows 10 you will need to run YubiKey Manager as administrator *. 2. 8. Determine which OTP slot you'd like to configure and click the Configure button for that slot. However, some of the more advanced. In the Configuration Protection section, select "YubiKey (s) Protected - Disable Protection". Your token must have valid Yubico OTP configuration that is also. Install the Gradle build tool. For everyone, in the YubiKey Personalization Tool, does your YubiKey show a serial number:. We have a range of computer login choices for organizations and individuals. GUI tool. The YubiKey is compliant with any server or software which follows the OATH standard for OATH-HOTP or OATH-TOTP, and can be used out of the box with most solutions. This initial AES symmetric key is stored in the YubiKey and on the Yubico. which means it'll be a new OTP configuration. Download YubiKey PIV Manager and Yubico PIV Tool used for configuration. Get the current connection mode of the YubiKey, or set it to MODE. In order to improve the compatibility between macOS and the YubiKey, we need to add the following lines to the gpg-agent configuration file located in ~/. Yubico offers the phishing-resistant YubiKey for modern, multi-factor and passwordless authentication. If you wish to completely clean out your PIV module, open the Yubikey Manager: You will then click Reset PIV. Yubico Support: Knowledge base articles and answers to specific questions. While you're here, if you plan on using GPG with your Yubikey and are running. In the Default dialog box, choose Remote Tools. 1 are the most frequently downloaded ones by the program users. YubiKey 4 Series. To manage the PIV security protocol on your PIV-compliant app, on the administrative system, install the Yubico PIV tool and the Yubico PKCS#11 module, ykcs11, which is part of the PIV tool package. But you can do that with the ykman command line. Help and tips if there are issues using the tool such as. Click OK. For typical usage, you will want to memorize the PIN, and keep a copy of the PUK and Management keys in a secure location. If you have an older version, it. To identify the version of YubiKey or Security Key you have, use YubiKey Manager. Yubico provides ykman which can be used both as a command line configuration tool, and as a python library to interact with the YubiKey. Third party plugins can be discovered on GitHub for example. This should not be more difficult then running the installer. The OTP is comprised of two major parts: the first 12 characters remain constant and represent the Public ID of the YubiKey device itself. On YubiKeys before version 5. Click Continue and the iOS certificate picker appears. pam_user:cccccchvjdse. Run “certutil -scinfo” from a command prompt and locate the certificate that you want to use (look at the issuer). protection access co. Touch or NFC Authentication - Touch the YubiKey sensor or simply tap a YubiKey with NFC to a mobile phone that is NFC-enabled to store your credential on the YubiKey. For more information, see VMware's KB article on this. Ykman represents a YubiKey as a YubiKey object. In the section under Configuration Protection, click the arrow to display the list of options: 2. The application follows a step-by-step approach to make configuration easy to follow and understand, while still being powerful enough to exploit all functionality both of the. If you are running this from a non-Administrator account, you will be. The second slot (LongPress slot) is activated when the YubiKey is touched for 3 - 5 seconds. Provide secret key. Select Configure Certificates under the Certificates section. Installation. Wait until you see the text gpg/card>and then type: admin. FIDO: FIPS 140-2 with YubiKey 5 FIPS Series. Launch the Yubico Authenticator, and select the YubiKey menu option. . Trustworthy and easy-to-use, it's your key to a safer digital world. But I don't get prompted for "Touch the USB" :-( I'm only offered PIN or Password after I've locked the PC. I’m using a Yubikey 5C on Arch Linux. Navigate to Applications > FIDO2. exe), replacing the placeholders username and yubikeynumber with their respective values. The YubiKey has 24 total PIV slots, four of which are accessible via the YubiKey Manager tool (9a, 9c, 9d, and 9e). 15. For a full list of those services, see Works with YubiKey. Select the YubiKey Seed File that you created using the YubiKey Personalization Tool, and. The tool provides a same simple step-by-step approach to make configuration of YubiKeys easy to follow and understand, while still being powerful enough to exploit all functionality both of the YubiKey 1 and YubiKey 2 generation of keys. The FIDO2-only Security Key is perfect for Windows Hello for Business, but it cannot be managed using the YubiKey. If you don’t use a package manager to install the ykman CLI, you most likely will have to install the pcsc-lite daemon (aka pcscd) separately. Keys stored on YubiKey are non-exportable (as opposed to file-based keys that are stored on disk) and. Generate certificates on your YubiKey to be paired with macOS. g. The YubiKey is a hardware token for authentication. vmx configuration file. Step 2: Scroll down past the word Configuration to reveal the WebAuthn (FIDO2/U2F) option: Step 3:Insert your YubiKey into any USB slot on the machine you wish to use for encryption and launch the personalization tool. However, some of the more advanced. Step 3: Open a command prompt or PowerShell window and navigate to the directory where the Sign tool . 2. Deletes the configuration stored in a slot. Then during the Windows Configuration, none of the users are showing up. For typical usage, you will want to memorize the PIN, and keep a copy of the PUK and Management keys in a secure location. Click Quick. YubiKeys are available worldwide on our web store and through authorized resellers. confClick the triple-dot button to open the menu and expand the section Set password. The PAM module can utilize the HMAC-SHA1 Challenge-Response mode found in YubiKeys starting with version 2. Click Settings from the top menu, then click Update Settings. Before you can enable the YubiKey integration as a multifactor authentication option, you need to obtain and upload a Configuration Secrets file generated through the YubiKey Personalization Tool. Popular Resources for BusinessNot wanting to remove Karabiner from my system, I decided I’d try to get the YubiKey app installed in a macOS VM. How do I use YubiKey for. 1. I have a Yubikey Neo 5 and using the YubiKey personalization tool for Linux and there is an option to tick allow configuration Exports but I do not see any buttons that allow me to export this backup. Resetting the device will not erase the attestation key and certificate (slot f9) either, but they can be overwritten. Now the server is setup, we need to make two small changes to our configuration in Viscosity. Step 1: In the Windows Start menu, select Yubico > Login Configuration. Click Select a server from the server pool, and from Server Pool, select the server on which you want to install the Certification Authority. YubiKey Manager CLI (ykman) User Manual. ykman fido credentials list [OPTIONS] ykman fido fingerprints [OPTIONS] COMMAND [ARGS]…. The following versions: 2. Click on the downloaded file and follow the prompts to complete the installation. 6. A YubiKey is basically a USB stick with a button. Window-specific library. You can also use the YubiKey. The YubiKey Bio will be the first product to introduce biometric capabilities (in addition to PIN) to our portfolio of YubiKeys. Clicking the reset button wipes EVERYTHING related to the PIV module. The YubiKey 4 and the YubiKey 5 support not only RSA keys, but also Elliptic Curve Digital Signature Algorithm (ECDSA) keys. Using a YubiKey to login to your computer. 1000 ni_prerelease, the following appears when Windows is prompted for security key input: Whereas before this update, it was only Security key, and would automatically start the prompt for "touch the key. -1. To change the configuration of a YubiKey configuration slot protected with an Access Code, follow these steps: 1) Locate the “Configuration Protection” Section. Select False if only the 12-character YubiKey ID will be used to authenticate the end-user. Identify your YubiKey. Exporting Yubikey configuration. 1. This will allow you to simply insert one key, remove, then insert the next, repeatedly until all keys are programmed. PIV: FIPS 140-2 with YubiKey 5 FIPS Series. pam. This mode is useful if you don’t have a stable network connection to the YubiCloud. The ykpamcfg utility currently outputs the state information to a file in. Go to Configuration → Self-Service → Multi-factor Authentication → Configuration tab → Yubikey Authenticator. The tool works with any currently supported YubiKey. Insert the YubiKey. Built on Python, ykman was designed to provide a central and standardized platform for the automated initialization of YubiKeys, as well as the loading of cryptographic secrets onto the various supported functions. The YubiKey 5C NFC uses a USB 2. Years in operation: 2019-present. However, I don't have premissions, for example i do "ykman otp static -g 2" but I get Error: Failed connecting to YubiKey 4 [OTP]. Select the Configuration Slot. When prompted, depending on the key, touch the contacts on the sides of the key or the golden ring on. 1 Encrypting File System”. 10am - 4pm CET, Monday - Friday. 3. yubikey-personalization. g. This configuration line consists of a username and a part tied to a key separated by colon. To get the PGP keys off of a USB drive with the keys and onto the YubiKey: a) Insert the USB thumb drive into the computer. The simplest way to protect your YubiKey is to use the YubiKey Personalization Tool and apply the Access code when configuring the slots on the YubiKey. On YubiKeys before version 5. Configure the YubiKey using the tools to read and generate the OATH codes. pwSafe is an open source password manager for Mac OS X users that also comes with cloud backups, so you can securely back up your passwords online. use the nth YubiKey found. Obtain the serial number of the YubiKey: This serial number can be found on the back of the token. First of all, Kraken. 0 interface. Use ykman config usb for more granular control on YubiKey 5 and later. I don't recommend using Yubikey for OTP, it can only store a limited number of passwords, I think 30. The YubiKey Bio will appear here as YubiKey FIDO, and our Security Keys will show as "Security Key by Yubico". To find compatible accounts and services, use the Works with YubiKey tool below. To protect the configuration of your YubiKey . 5 seconds and released. Should an exemption be obtained to deploy these devices with some interfaces disabled, the PID and iProduct values will be. Use the YubiKey Personalization Tool to perform batch programming of a large number of YubiKeys, check firmware, and to configure advanced settings such as slot configuration and fast triggering to prevent accidental triggering of nano-sized YubiKeys. The purpose of this document is to guide readers through the configuration steps to use two factor authentication for OpenVPN using YubiKey. YubiKey Manager CLI (ykman) User Manual Clay Degruchy Created September 23, 2020 13:13 - Updated July 30, 2021 23:21Verify PAM configuration See chapter Test PAM configuration an the end of this. Under Configuration Slot, select the slot you'll be using for Duo. Product documentation. $ sudo dnf install -y yubico-piv-tool-devel. Go to the Advanced tab, then on a new line add: static-challenge "Activate your YubiKey" 0. You can activate a mode using the YubiKey configuration tool of Yubico. The tool provides the same functionality and user interface on Windows, Linux and Mac platforms. Select the the configuration slot you would like the YubiKey to use over NFC. Select the configuration slot you would like the YubiKey to use over NFC. yubico. YubiKey 5 CSPN Series Specifics. Some if the new features include: NDEF configuration support for YubiKey NEO beta/Production. GUI tool yubikey-personalization-gui. On the homepage of the YubiKey Manager, click on the Applications drop-down menu and select PIV. YubiKey Manager is a cross-platform tool; it runs on Windows, macOS, and Linux. 14. The YubiKey Minidriver extends the support of the YubiKey on Windows from just authentication to allowing Windows to load and directly manage certificates on it. This includes certificates, keypairs, your PIV PIN, PUK, and Management Key. For the PUK to remain unblocked, YubiKey Manager or the Yubico PIV Tool must be used to set a non-default PUK prior to using the Windows interface to load or access certificates stored on the. To install xrdp, run the following command in the terminal: sudo apt install xrdp -y. Open Terminal. Python library. After installing xrdp, verify the status of xrdp using systemctl: sudo systemctl status xrdp. On the homepage of the YubiKey Manager, click on the Applications drop-down menu and select PIV. August 15, 2023 13:59. For authenticator management (e. Using File Explorer or Finder, locate the drive assigned to the USB drive. In the Yubikey configuration software, click “Static Password” along the top, and then click the “Advanced” button. 3 and 1. The Configuration Lock has to be supplied when sending the SET DEVICE INFORMATION command. Start the YubiKey Personalization Tool. In my windows 10 machine it shows as below because I use a different smartcard. Download and Install the YubiKey Manager tool:. Select Configuration Slot 2. If you have an older version, it is advised that you upgrade to the latest version. 509 certificate) that attests a key in slot 9A, 9C, 9D, or 9E was generated on the YubiKey. setting a PIN, enrolling fingerprints, and more), please refer to fido2-token , yubikey-manager , or some other. If the serial number is not visible, attach the YubiKey to a computer and open a text editor. Mobile Android: Tap and hold your NFC-enabled YubiKey against the NFC antenna on the back of your phone. . 9. Please select your option below. Use the YubiKey NEO Manager or YubiKey Manager to enable OTP mode. Open a terminal window and run the ACK Module Utility programYubiKey command with the following values: <virtual_product> – The devicetype ID you retrieved from download your configuration file. With it you may generate keys on the device, importing keys and certificates, and create certificate requests, and other operations. Press the button briefly for slot 1. where the first field is the serial number of the YubiKey token and the key material follows. Right-click this certificate, select All Tasks, and then choose Export. To do this, press the key Windows and press R, and then type gpedit. Unless using it to login to Windows (see Specify Configuration #2) or another OS 2FA access requiring Admin rights, this is abnormal, likely having nothing to do with the YubiKey or Yubico software themselves and is more likely a configuration issue/works as expected on the specific PC being used (especially since it's not replicated on another. csv file contains important key material. Cybersecurity glossary; Authentication standards. The remaining 32 characters make up a unique passcode for each OTP generated. Yubico SCP03 Developer Guidance. The final 32 characters of the OTP represent the unique 128-bit passcode. Open System Preferences. You can also use the tool to check the type and firmware of a YubiKey. Under Configuration Slot, click Configuration Slot 1. In the SmartCard Pairing macOS prompt, click Pair. Step 4: Retrieve the service certificate’s thumbprint from the certificate’s details. For SSH on PKCS#11, configure public key authentication with OpenSSH through PKCS#11 , which provides examples for OS X and Linux systems. -2. For information on managing all these applications, see Tools and Troubleshooting. If set, changing any user-configurable device information described in this document will not be allowed. For example:This configuration setting is located in: Computer Configuration->Administrative Templates->Windows Components->Smart Card. Introduction. Press Enter to commit the new PIN. Go to the startmenu and press the windows key -> Start > type devmgmt. Click Next. Display general status of the YubiKey OTP slots. The OTP application slots on the YubiKey are capable of storing static passwords in place of other configurations. Select Static Password at the top and then Advanced. allowLastHID = "TRUE". OTP: FIPS 140-2 with YubiKey 5 FIPS Series. Click the "Save Interfaces" button. But first, you have to edit some settings in the Yubikey Personalization tool. YubiKey Manager only. The Information window appears. This guide will expand on setting up an OpenVPN server on Ubuntu by adding U2F support to that server using Viscosity's built in U2F. OATH: FIPS 140-2 with YubiKey 5 FIPS Series. 25 of the YubiKey Personalization Tool. Something you. There are also command line examples in a cheatsheet like manner. When you provision the module with the Module Utility CLI, you might need to specify the --yubikeyslot parameter in your provision command. The first slot (ShortPress slot) is activated when the YubiKey is touched for 1 - 2. exe, and then click Run. Note that the tool will only read a single YubiKey at a time, so if you have multiple keys connected, it might not be evident. sudo add-apt-repository ppa:yubico/stable sudo apt-get update sudo apt-get install yubikey-personalization yubikey-personalization-gui Insert your Yubikey. The changes to the new Tool includes new features, improved user interface and, of course, a number of bug fixes. Sign Tool is a command-line tool that digitally signs files, verifies signatures in files, and time-stamps files. Then you will scan the QR code, with the Yubico Authenticator app, and then scan your YubiKey, to link the two. Has anyone had issues with a Nano not taking configuration changes done through the personalization tool? For instance, I am trying to changes to the character output rate (to slow the input down for a static password input) and none of the changes take effect. 25 of the YubiKey Personalization Tool. Select Configuration Slot 2(*) and change the password length to 48 chars. First, download and install the YubiKey Personalization Tool. To protect the configuration of your YubiKey . Works with any currently supported YubiKey. Yubico Team. For the Touch-Triggered OTP functions, the YubiKey can hold up to two different configurations. In the password prompt, enter the password for the user account listed in the User Name field and click Pair. The PyPI package yubikey-manager receives a total of 1,711 downloads a week. The user is prompted to authenticate using the YubiKey as a FIDO2 security key, and is asked to enter the YubiKey PIN, and tap the YubiKey. No need for typing! (see details below the image). Open the YubiKey Personalization Tool and insert your YubiKey. Yubico has decommissioned the Yubikey Personalization Tool previously used for configuring YubiKeys for OTP (One-Time Passcodes) that is used for Mason’s Duo configuration. The attestation key (in slot F9) will be used to create an attestation statement (which is an X. 1. The Information window appears. Make sure the application has the required permissions. YubiKey 5 CSPN Series. Python library and command line tool for configuring any YubiKey over all USB interfaces. Protocols and Applications. Step 2: The User Account Control dialog appears. Today, we are excited to share some updates regarding the next highly-anticipated members of our YubiKey family: the upcoming YubiKey Bio in both USB-A and USB-C form factors. ykman fido credentials delete [OPTIONS] QUERY. Use our phishing-resistant passwordless MFA solution to secure your on-premise and cloud resources. Perhaps protected with. Note: Some software such as GPG can lock the CCID USB interface, preventing another software from accessing applications that use that mode. *The YubiKey FIPS (4 Series) and YubiKey 5 FIPS Series devices, when deployed in a FIPS-approved mode, will have all USB interfaces enabled. This tool is automatically installed with Visual Studio. Do one of the following. The YubiKey token has two configuration slots. Yubikey personalization tool; To install these on Ubuntu 18. The management key is used to authenticate the entity allowed to perform many YubiKey management operations, such as generating a key pair. ykpersonalize: Add -z flag to zap configuration on YubiKey. Select Static Password Mode. Experience stronger security for online accounts by adding a layer of security beyond passwords. Enabling or Disabling Interfaces. You CANNOT do that with the Yubikey Manager App provided by Yubikey. Please follow this link for an in-depth setup guide for your preferred computer login tool. If you have several Yubikey tokens for one user, add YubiKey token ID of the other. pwSafe uses YubiKey’s HMAC-SHA1 challenge response mode. Slot 1 - U2F mode: The first slot is used to generate the passcode when the YubiKey button is touched for between 0. Click the link in the right pane «Edit policy setting». CHAPTER ONE INTRODUCTION TheYubiKeyManager(ykman)isacross-platformapplicationformanagingandconfiguringaYubiKeyviaagraphical userinterface(GUI)andaPython3. CLI and C library. Override default path to roaming configuration file. Find details on generating this file (which might also be called a YubiKey or Okta secrets file) from Programming YubiKeys for Okta Adaptive Multi. These are nearly functionally identical, but the key difference for the sake of this document is that Slot 2 requires you. Select Change a Password from the options presented.