Using YubiKey with Multifactor Authentication

Overview

YubiKey was chosen because it's a small, low cost, and durable USB hardware device with open source customization support for Windows, Mac, and Linux. Many companies and governments, including Google and the US Department of Defense, use YubiKey as an industry security standard for 2nd layer verification. Yubico hardware engineering and manufacturing is only conducted in the USA and Sweden to prevent device cloning and to mitigate the risk of exposure of its confidential design. In addition to using YubiKey with your DreamHost panel, it can also be used for securing access to a wide range of applications. For example:

  • Remote access
  • VPN
  • Password managers
  • Computer login
  • CMS and popular online services

Most third party support for Google Authenticator is also supported for YubiKey. YubiKey is the affordable, hardware-based alternative to having a mobile phone/tablet with an Internet connection. For example, YubiKey would be useful for remote locations where cellular service/Internet is not available (network admins in a basement, government employees, etc). View the following link for a list of current products:

What YubiKey devices are supported?

Only devices that support Yubico OTP will function with DreamHost. This applies to the majority of old YubiKey devices. Below is a list of current devices that are supported:

  • YubiKey 5 NFC
  • YubiKey 5 Nano
  • YubiKey 5C
  • YubiKey 5C Nano

DreamHost does NOT support the YubiKey FIDO or YubiKey Security Key. Both of these devices are FIDO U2F, FIDO2, or secure element only, and are not supported in the panel.

Getting a YubiKey

If you choose to use a YubiKey to secure your DreamHost account, you'll need to get the hardware first. Click here to purchase a YubiKey.

You'll need to make sure your YubiKey is configured to use "Yubico OTP". It should come preconfigured this way, but if you need to set it up yourself you can use the YubiKey Manager.

Enabling MFA in the panel with YubiKey

  1. Navigate to the Security page.
    The Multifactor Authentication section appears in the second section on the page:
    07 MFA.png
  2. Enter the following:
    • Current Password: Enter your DreamHost account password.
    • Multifactor Authentication Type: Click the dropdown menu to choose YubiKey.
  3. Click the Get Started button.
    You won't see any QR code or secret key. There is only a field to enter a passcode:
    03 MFA.png
  4. Plug in your YubiKey, and then touch the disk. It should type 44 letters in the "Passcode" field.
  5. Click the Activate! button and DreamHost’s server will be synced to your device.
    You will see the following ‘Success!’ confirmation box appear:
    04 MFA.png

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?

Contact Support

Status Updates

Go subscribe

ARTICLES & TUTORIALS

Visit the Blog

COMPANY ANNOUNCEMENTS

Visit DreamHost News