Two-Step Verification: Managing Devices

Add, Rename, or Delete Devices

To add, rename, or delete devices, use the Duo Device Management Portal (PennKey authentication required). For detailed instructions, consult the following Duo documentation:

Change a Security Key PIN

If you use a security key (YubiKey) as one of your two-step verification devices, you can add a PIN for an extra layer of security. For security reasons, YubiKeys are designed so that:

  • PINs cannot be read or recovered.
  • PINs cannot be changed without the existing PIN.

Several methods to change a known PIN are listed below.

Important Notes

  • Lockout warning: A YubiKey allows a total of 8 consecutive incorrect attempts to input the current PIN before the application locks.
    • After 3 failed attempts in a row, the YubiKey must be unplugged and reinserted to continue trying.
    • After 8 consecutive failed attempts, the YubiKey is locked and requires a factory reset.
  • Factory reset (contact your local IT team): The instructions below are for changing a known PIN. If you have forgotten your current PIN or if your YubiKey is locked, your YubiKey will require a factory reset.

How to Change a Known PIN

Yubico Authenticator App

  1. Launch the Yubico Authenticator app.
  2. Plug your YubiKey into your device. The app will detect your YubiKey.

  3. In the Yubico app, click on the left menu icon (hamburger) in the upper left corner of the app and select Passkeys (or Security Key > FIDO2, depending on app version).

    Two screenshots of the Yubico app interface highlighting the menu icon and the "Passkeys" menu option.
  4. If prompted, enter your PIN and select Unlock.

  5. Under Manage, click Change PIN.

    Screenshot of a section of the Yubico app interface reading "Manage: Change PIN: FIDO PIN protection"

  6. In the Change PIN window, enter your current PIN, then enter and confirm your new PIN, then select Save.

    • The PIN can contain letters and/or numbers and must be between 4 and 63 characters in length. Penn recommends a 6-character PIN for your Security Key.
    A screenshot of a section of the Yubico app interface titled "Change PIN" showing fields labeled "Current PIN," "New PIN," and "Confirm PIN"

Security Key Management (Windows)

  1. Plug your Security Key into your device.

  2. On your Windows device, go to Settings > Accounts > Sign-in Options. Select Security key, then select Manage.

    A screenshot of a Windows setting titled "Security Key: Manage a physical security key that can log you into applications"
  3. When prompted, touch the security key and enter your current PIN.

  4. Under Security Key PIN, click Change.

    Screenshot of a Windows dialogue reading "Security Key PIN: Creating a PIN for your security key helps keep you secure. Change"

  5. In the Change your security key PIN window, enter your current PIN, then enter and confirm your new PIN, then click OK.

    • The PIN can contain letters and/or numbers and must be between 4 and 63 characters in length. Penn recommends a 6-character PIN for your Security Key.
    Screenshot of a Windows dialogue titled "Change your security key PIN"

Chrome Web Browser (Non-Windows)

  1. Go to Chrome’s Settings > Privacy and Security. Select Security.

    Screenshot of Chrome Privacy and Security Settings screen. The option to select Security is highlighted.

  2. Scroll down, then select Manage security keys.

    Screenshot of Chrome settings text reading "Manage security keys: Reset security keys and create PINs"

  3. Select Create a PIN.

    Screenshot of Chrome "Manage security keys" menu. The option "Create a PIN" is highlighted.
  4. At the prompt, insert and touch your Security Key.

  5. In the Change a PIN screen, enter your current PIN, then enter and confirm your new PIN. Click Save.

    • The PIN can contain letters and/or numbers and must be between 4 and 63 characters in length. Penn recommends a 6-character PIN for your Security Key.
    Screenshot of the Chrome "Change a PIN" interface
Two-Step Verification: Enrollment Instructions