How to use a YubiKey for two-factor autenthication on Linux Mint

This post will show you how to setup and use a YubiKey and the Yubico Authenticator application to sign in to a Microsoft Azure Cloud Account using Linux Mint 20 without the need for the Microsoft Authenticator being installed on your mobile phone:

Yubico Authenticator desktop installation

1. Download and install the Yubico Authenticator AppImage:

# install dependency first
$ sudo apt install pcscd
$ sudo systemctl enable --now pcscd

# download latest version with curl
$ cd  ~/Downloads
$ curl -L -O -J https://developers.yubico.com/yubioath-desktop/Releases/yubioath-desktop-latest-linux.AppImage

# make executable
$ chmod +x yubioath-desktop-latest-linux.AppImage

# extract icon, which we can use for the menu item below
$ cp yubioath-desktop-latest-linux.AppImage temp.7z
$ file-roller --extract-here temp.7z 

# move to /opt/yubico
$ sudo mkdir /opt/yubico
$ sudo mv yubioath-desktop-latest-linux.AppImage /opt/yubico/
$ sudo mv temp/com.yubico.yubioath.svg /opt/yubico/

2. Create a Cinnamon menu launcher for the Yubico Authenticator:

$ cinnamon-menu-editor

3. Add the Yubico Authenticator also to the startup applications.

Login with two-factor authentication (2FA)

Before we add the Microsoft Service, we setup up a pin:

1. Open the Authenticator application and insert your YubiKey.
2. Click on the hamburger menu in the top left corner.

9. Click on “I want to use a different authenticator app”. Click the “Next” button.

10. When the scanning the QR code dialog comes up, switch to the Yubico Authenticator, click on the more icon and select “Scan QR code”. The Authenticator will automatically find the QR code on the screen and create an account 🙂