Setting Up Multi-Factor Authentication using a FIDO2 Security Key

Last modified 4/16/2024

The University is now allowing the use of FIDO2 security keys as an option for Multi-Factor Authentication. These security keys allow for the most secure form of authentication by replacing standard password authentication with hardware authentication and a unique PIN. In order to set up this method you will need to purchase your own FIDO2 security key. Please see the following link for all compatible Keys: Microsoft compatible security keys. If you have yet to enable Multi-Factor Authentication on your account, please reference the steps included in Enabling Multi-Factor Authentication.

Registering Your Security Key

Depending on the security key you have chosen, there may be extra steps before it can be registered. Please see your key's manufacturer instructions for any set up or troubleshooting information. 


Registering a FIDO2 Security Key as a sign-in method


1. Head to https://aka.ms/mfasetup or My Sign-Ins | Security Info | Microsoft.com, sign in normally and click Add sign-in method.




2.  Under Add a method, click the drop-down arrow and choose Security key




3.  Select Add, and then select the type of security key you have, either USB device or NFC device.




4.  Either insert your USB device or tap your NFC device to your reader. You may be prompted with a QR code, if you are, hit the Use a different device button.



5.  Another screen will pop-up asking you to choose how you want to create a passkey. Choose Windows Hello or external security key.



6.   When prompted, enter in your unique security key PIN into the Windows security box. Select OK and you will return to the Setting up your new sign-in method box.

Obtaining Your Security Key PIN

In order to obtain your security keys unique pin, please see your keys manufacturer instructions. 


 7.  Select Next, and return to the Security info page. Once here type in a name for your security key and hit Next

8.  You should now see your new key successfully added and named in your list of sign-in methods

Multiple MFA verification methods recommended

It is recommended that you have at least two methods of multi-factor authentication set up, so that you have a backup if one fails. Please see Adding Additional Verification Methods for Multi-Factor Authentication for instructions on setting up additional method(s). To change your default method, please see Change the Default Method for Authenticating with MFA. Below are the three main options for verification:

How to Get Help

Technical assistance is available through the Illinois State University Technology Support Center at: