Using YubiKey with Multifactor Authentication

Overview

YubiKey was chosen because it's a small, low cost, and durable USB hardware device with open source customization support for Windows, Mac, and Linux. Many companies and governments, including Google and the US Department of Defense, use YubiKey as an industry security standard for 2nd layer verification. Yubico hardware engineering and manufacturing is only conducted in the USA and Sweden to prevent device cloning and to mitigate the risk of exposure of its confidential design. In addition to using YubiKey with your DreamHost panel, it can also be used for securing access to a wide range of applications. For example:

  • Remote access
  • VPN
  • Password managers
  • Computer login
  • CMS and popular online services

Most third-party support for Google Authenticator is also supported for YubiKey. YubiKey is the affordable, hardware-based alternative to having a mobile phone/tablet with an Internet connection. For example, YubiKey would be useful for remote locations where cellular service/Internet is not available (network admins in a basement, government employees, etc). View the following link for a list of current products:

What YubiKey devices are supported?

Only devices that support Yubico OTP will function with DreamHost. This applies to the majority of old YubiKey devices. Below is a list of current devices that are supported:

  • YubiKey 5 NFC
  • YubiKey 5 Nano
  • YubiKey 5C
  • YubiKey 5C Nano

DreamHost does NOT support the YubiKey FIDO or YubiKey Security Key. Both of these devices are FIDO U2F, FIDO2, or secure element only, and are not supported in the panel.

Getting a YubiKey

If you choose to use a YubiKey to secure your DreamHost account, you'll need to get the hardware first. Click here to purchase a YubiKey.

You'll need to make sure your YubiKey is configured to use "Yubico OTP". It should come preconfigured this way, but if you need to set it up yourself you can use the YubiKey Manager.

Enabling MFA in the panel with YubiKey

  1. Navigate to the Security page.
    The Multifactor Authentication section appears in the lower section on the page.
  2. Enter the following:
    • Current Password: Enter your DreamHost account password.
    • Multifactor Authentication Type: Click the dropdown menu to choose YubiKey.
  3. Click the Get Started button.
    You won't see any QR code or secret key. There is only a field to enter a passcode:
    03 MFA.png
  4. Plug in your YubiKey, and then touch the disk. It should type 44 letters in the "Passcode" field.
  5. Click the Activate! button and DreamHost’s server will be synced to your device.
    A ‘Success!’ message appears along with the backup codes, which should be written down and saved.
    • DreamHost highly recommends saving the backup codes presented in the ‘Success!’ dialog box. Make sure you write them down before exiting the page.
    • If you suspect your account may be compromised (for example if you have lost your phone or mobile device), and you're using Google Authenticator, you can use the Regenerate Key button to invalidate the old key and create a new one.
    • If you are backing up an iPhone to your local computer, select 'Encrypt iPhone Backup' to also back up the Google Authenticator's account(s). Otherwise, Google Authenticator won't have any accounts associated with it when it's restored.

Disabling MFA in the panel

DreamHost highly recommends keeping Multifactor Authenticator active since it helps secure your account.

Navigate to the Security page and click the Disable button on the MFA section.

A success message appears confirming its deletion.

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?