ID.me accounts can be secured with multi-factor authentication (MFA) using YubiKey’s mobile security. This solution is particularly useful as a MFA solution in a mobile environment. YubiKey 5 NFC from Yubico, is an example of a supported hardware key, which uses Near Field Communications (NFC) technology to wirelessly communicate with iOS and Android mobile devices that support this feature. The ID.me Authenticator app is installed on the NFC-enabled mobile device and communicates with the NFC-enabled mobile YubiKey.
Initial Enrollment Flow
The instructions below detail the steps for downloading and using the ID.me Authenticator app to secure your account with MFA using a mobile YubiKey.
Choose “Mobile YubiKey” from the available 2FA options:
There are two methods you can use to download (or activate) the ID.me Authenticator App: Text Message or Email. If you have previously installed the ID.me Authenticator app, you will still need to enter your phone number or email in order to activate it app for this method.
If you select the “Text Message” option, you will enter your mobile phone number and receive a text message that includes a link to the App Store.
The text message received will look similar to this:
If you chose the “Email” option, you would need to open the email on your phone to access the App Store:
Once the ID.me Authenticator application is downloaded (or activated), the application will prompt you to touch the YubiKey to the top left of the mobile device. NOTE: The exact location where you tap the key may vary from device to device.
A checkmark is shown once the YubiKey has been successfully connected:
Once the YubiKey is successfully connected, the prompt to touch the YubiKey to the mobile device is no longer displayed:
NOTE: YubiKey 2FA will only work with the current and prior 2 mobile device versions. For example, if a user tries to set up YubiKey 2FA using an iPhone 6, the following error message will be shown:
Authentication Flow - For subsequent sign-ins.
This section describes the ongoing sign-in flow using a previously-enrolled (NFC-enabled) Mobile YubiKey as a new 2-factor authentication method:
The user is notified that a sign in notification will be sent to their ID.me Authenticator app. The mobile phone notification might look like the notification shown here:
The ID.me Authenticator application will prompt the user to touch the YubiKey to the top left of the mobile device:
A checkmark is shown once the YubiKey has successfully connected:
Why am I getting an error when I attempt to sign in using my YubiKey?
YubiKey 2FA will only work with the current and prior 2 mobile device versions. For example, if a user tries to set up YubiKey 2FA using an iPhone 6, the following error message will be shown: