How to use a YubiKey for two-factor autenthication on Linux Mint

This post will show you how to setup and use a YubiKey and the Yubico Authenticator application to sign in to a Microsoft Azure Cloud Account using Linux Mint 20 without the need for the Microsoft Authenticator being installed on your mobile phone:

Yubico Authenticator desktop installation

1. Download and install the Yubico Authenticator AppImage:

# install dependency first
$ sudo apt install pcscd
$ sudo systemctl enable --now pcscd

# download latest version with curl
$ cd  ~/Downloads
$ curl -L -O -J

# make executable
$ chmod +x yubioath-desktop-latest-linux.AppImage

# extract icon, which we can use for the menu item below
$ cp yubioath-desktop-latest-linux.AppImage temp.7z
$ file-roller --extract-here temp.7z 

# move to /opt/yubico
$ sudo mkdir /opt/yubico
$ sudo mv yubioath-desktop-latest-linux.AppImage /opt/yubico/
$ sudo mv temp/com.yubico.yubioath.svg /opt/yubico/

2. Create a Cinnamon menu launcher for the Yubico Authenticator:

$ cinnamon-menu-editor

3. Add the Yubico Authenticator also to the startup applications.

Login with two-factor authentication (2FA)

Before we add the Microsoft Service, we setup up a pin:

  1. Open the Authenticator application and insert your YubiKey.
  2. Click on the hamburger menu in the top left corner.

3. Select YubiKey

4. select Configuration

5. set/change your pin and go back

6. Click on the hamburger menu and select Authenticator.

7. Sign in to your Microsoft Azure Account.

8. Select “Security info”, click on “+ Add sing-in method”, select “Authenticator app” and click on the “Add” button.

9. Click on “I want to use a different authenticator app”. Click the “Next” button.

10. When the scanning the QR code dialog comes up, switch to the Yubico Authenticator, click on the more icon and select “Scan QR code”. The Authenticator will automatically find the QR code on the screen and create an account 🙂

12. Click on “Add account”, switch back to the Microsoft sign-in dialog and click on “Next”.

13. Finish the 2FA process by entering the 6-digit code shown in the Authenticator. You can just double click the entry to copy it.

Leave a comment

Your email address will not be published. Required fields are marked *