r/yubikey A chip A chipIt's not asking for a pin because it isn't using the key on the yubikey. Once the YubiKey is inserted (and only then!), the app is enabled to generate TOTP codes. The tool uses a simple step-by-step approach to configuring YubiKeys and works with any YubiKey (except the Security Key). pamsm 0. Use the YubiKey Personalization Tool to configure the two slots on your YubiKey on Windows, macOS, and Linux operating systems. If the goal is strong 2FA, your native options are Smart Card auth and Windows. There are generally two steps: 1: Find all YubiKeys available on the host machine and choose the one to use. This screws up alot of the password edit UIs. There is a nifty button to cut & paste the code into the web browser challenge field. Open Interfaces and confirm that both FIDO2 and FIDO are ticked under NFC. If you are running this from a non-Administrator account, you will be. Microsoft have just announced the Public Preview for Hardware OATH Tokens such as the Yubico YubiKey with Azure MFA. However, both Yubikey will not be detected, the message is "gpg: selecting card failed: No such device". This is why ET&S strongly recommends you have a alternate method(s) set up for MFA. Insert the YubiKey into the USB port of your laptop or computer. 4 and YubiKey 5 NFC Bug description summary: If the computer is put to sleep and woken up multiple times with a yubikey inserted and the application running, the application cannot detect any yubikeys anymore until either the system is restarted, or all yubikeys removed and the. Make sure no other YubiKey is connected when running the test! poetry run pytest --device 123456 To run the tests over NFC, place the YubiKey to test on an NFC reader, and indicate both the. The YubiKey Bio will appear here as. 4 includes OpenSSH 8. Created June 8, 2022 - Updated 7 months ago The YubiKey works directly out of the package. Once installed, you have to override the one in your PATH by putting the openssh folder at the beginning of your PATH in your rc file like this. 8p1, OpenSSL 1. Then from here, you can select Security Key. Heads-up: one should set different PIN for user vs admin and never use admin PIN on macOS (or any other computer that isn’t air-gapped and hardened). The app displays just the one TOTP code (which is no longer valid 30 seconds later). 3. All of the guides that I've seen only apply to either a local windows account (not MSA, AD, or AAD) or to businesses with AD/AAD. MacBook Air, macOS 13. docker run -d -p 80:80 --name mern-stack mern-image:1. To set up your YubiKey with your Android phone, please refer to service-specific instructions provided via the Works With YubiKey Catalog. Repeat this process above for each Yubikey USB device / User Account Pair you want to associate with this Linux System for U2F login. 11. (Black) View Black. Edit: in the personalisation tool you can factory reset the key and generate a new serial. If your laptop is on your lap and your yubikey inserted into it, the yubikey has to sustain the weight of the keychain. Nothing to do with macOS. e. 2 Answers Sorted by: 1 +50 In the post Yubikey is not recognized right after boot , a method to force the detection of the YubiKey was to enter the command: sudo. Do I have to use a yubikey? A. To regenerate your YubiKey's parameters, use the following process. When KeePassium requests your YubiKey, you will need to touch the “Y” button on the NFC key (or touch the sides of the YubiKey 5Ci key). Use an up-to-date Chrome browser to open the YubiKey Bio Series setup website. Learn how you can set up your YubiKey and get started connecting to supported services and products. This document explains how to configure a Yubikey for SSH authentication. If it doesn't have the private key locally, it will only work with the yubikey. I get "unknown error" and no info on the key is displayed (no version, firmware etc. 0-Beta. To do this: On Windows: Double-click the YubiKey Personalization Tool shortcut. users simply log in as normal using username and password with the only addition of pressing the button on the inserted YubiKey. My personal PC's all just work fine with the Yubikey connected even the whole. Wait for the Personalization Tool to recognize the YubiKey. It’s quite easy just run: # WSL2 $ gpg --card-edit. 2. The purpose of the Yubikey Client API is to encapsulate the complexities of data exchange with the Yubikey hardware and to provide an easy to use interface that allows simple integration with any COM enabled application. $ rpm -q yubikey-personalization-gui yubikey-personalization-gui-3. Leaving it plugged in could result in the yubikey being lost or damaged. For those that already enabled Yubikey support, it will be mostly minor changes. My machine is currently running build 22621. Click Yes when prompted. Click “Scan”. Select database. How does the website authenticate when there is no new six digit code from the Yubikey. " on built-from-source Linux 4. 4. Now here's the hard to explain part. The YubiKey is an extra layer of security to your online accounts. If that's the case, you can't do this. Depending on the protocol, it might not need to be a same model. 0. Use the YubiKey Personalization Tool to configure the two slots on your YubiKey on Windows, macOS, and Linux operating systems. key private key files basically tell gpg "this private key is in Yubikey. 2 features:Key is recognized as a USB device in System Report, but YubiKey Manager is stuck on the "Insert your YubiKey" screen upon launch. To solve your problem, you can instead disable the OTP application to prevent the YubiKey from printing an OTP when you touch it. It can store up to 32 OATH event-based HOTP and time-based TOTP credentials on the device itself, which makes it easy to use across multiple computers. I also tried it on a second PC (always under Window 10) with the same result. Insert the YubiKey into a free USB slot on your machine so the gold contact point is touching the physical lip inside the USB Slot. To associate the U2F key(s) with your Ubuntu account, open terminal and insert your YubiKey: $ mkdir -p ~/. Select the configuration slot you would like the YubiKey to use over NFC. x86_64 $ lsb_release -aI am getting "No YubiKey inserted" using the YPT package as provided by Fedora. First thing I notice is that inserting the Yubikey in a Mac Mini (OSX 10. It should say scfilter, I have confirmed the scfilter driver is started on the remote machine when the yubikey is inserted so there is some detection. Step 3: On the Authentication tab, click “ Delete “. Save the triple-encrypted file to Google Drive. Note the YubiKey 4/5 and YubiKey NEO have different hardware IDs. PS: This Yubikey initially. so mode=challenge-response. From what I understand, if these are trusted websites, you do not have to insert your Yubikey to log in. This feature is only offered by the (somewhat dated) Yubikey Neo and thus this is the only one being compatible with phones. Step 13 - When prompted, touch your YubiKey again to complete the request. NDEF programming does not apply to. 819 (just updated with KB5019980 this morning). The Yubico PIV tool is used for interacting with the Privilege and Identification Card (PIV) application on a YubiKey, which you'll need to do to determine if your YubiKey is locked. (Remember the password you used to encrypt your keys, as the exported blob will be encrypted with it). x86_64 $ lsb_release -aUse Magikeyboard to launch keepassdx. The following screenshot is an. Vote. Insert the YubiKey into a USB port of your computer. Insert the YubiKey into a USB port of your computer. Then store the keys on a flash drive and you've essentially created 2FA for yourself (login in to your computer, plus have the flash drive inserted to mount the container). 6 and 2. In practice, a security key is a physical security device with a totally unique identity. Unfortunately, the update. The current known workaround is to. 18. Just touch the metal circle and it’ll bind the SSH key pair to your Yubikey. Tried Win10 and Ubuntu so far, and both show the device being inserted, Win10 gives me "device successfully installed", but still it won't show up in the Personalization Tool. But I don't get prompted for "Touch the USB" :-( I'm only offered PIN or Password after I've locked the PC. In another terminal type sudo whoami. Decrypt the file with Yubikey's OpenPGP private key. But i gotta say that i can't say if the PC which has been used for this is just weird, wasn't my personal. It generates one time passwords (OTPs), stores private keys and in general implements different authentication protocols. 3, Apple announced the general availability of security key support for Apple ID accounts — so grab your iPhone and your YubiKey and turn it on today! Check out our support center here for a step-by-step guide and setup instructions on how to do so. The other Yubikey works perfectly. Select Add Account. FITS USB-A PORTS: Once registered, each service will request you to insert the Yubico PC Security Key into a USB-A port and tap the gold contact to. Clicked on it, confirmed my password, clicked on Security key, clicked twice OK, next or whatever it is the popup for the key, inserted the key, touched it and VOILA, its now activated. Then it will be up to the software providers to start enabling Passkey support. So we're starting to trial our first Yubikey, and we're having no luck getting it to show up in the Personalization tool. Open Yubico Authenticator for iOS. This article provides tips on where to place your YubiKey when using it with a mobile phone. This makes using a Yubikey via USB impossible unless you insert it prior to opening the Bitwarden app to start the login process. 1. Two-factor authentication makes an enormous amount of difference to your personal security, and anything that can improve that situation, making it faster and easier to use, is worthwhile. Press the Windows+R keys in combination on your keyboard to bring up the Run prompt. Step 3. To view details about a YubiKey 1. Use the procedures below to remove just the certificates generated following the completion of the macOS login instructions: Step 1: Open the YubiKey Manager and go to “ Applications ” and “ PIV “. Copy the above public key, including the begin and end blocks, and then add it as a new key on GitHub. Yubico Authenticator should parse the QR code as normal and add the new TOTP account to the YubiKey. Click NDEF Programming. com popup appears, this wizard walk you through the PIN setup (if no PIN is set) and fingerprint enrollment. c:parse_cfg(39)] called. Click the dropdown arrow below Select USB drive. Some time ago I installed Windows Hello and set it up to use my Yubikey 5 NFC for added security when logging in to my local accounts. For instance, the YubiKey is not a two-factor authenticator for Windows Hello. Share On: Facebook: Twitter: Tumblr:I purchased two Yubikey 4. Press Finish to program the YubiKey. Before generating a one-time password, you need to decide which slot of the YubiKey (slot 1 or slot 2) you're going to use for authentication throughout. . ago. Insert the YubiKey. More specifically, each YubiKey contains a 128-bit AES key unique to that device, which is also stored on a validation server. # To switch to Yubikey1 at any time run this script to force GPG. We then need to tell Git to use GPG to sign commits, and specifically this key. To emulate a factory reset, program a new Yubico OTP credential in slot 1, upload that. Yubico internally found this issue mid-March, 2019, followed by a full investigation of root cause, impact, and mitigations for customers. However, both Yubikey 5 are not recognized any more. # Running any decrypt, auth or sign will now ask you to insert Yubikey2. PivSession ). A nice workaround is to allow Veracrypt auto-mounting with a blank password and a few keyfiles. Open the decrypted file with KeePassXC by entering a password and pressing a Yubikey button for HMAC-SHA1. 2. Open yubioath-desktop, either from the command line or through the application launcher. 11. This document explains how to configure a Yubikey for SSH authentication. g. YubiOTP isn't terribly useful for most consumers. 3) causes the keyboard setup assistant to appear. A. YubiKey YubiKey 5C Nano SKU: 5060408461518 Computer: MacBook Pro. I got the YubiKey 4 ($40) as well the YubiKey 4 Nano ($50). If you're not sure which slot to use, use slot 1. Windows Hello is an inbuilt FIDO2 platform authenticator, and it's an. The older smaller 5C (non-NFC) and the 5Ci are bulkier and more complex in their design, and. I am trying to register two YubiKey 5C NFC keys with USB-C plug-ins. The current known workaround is to disable the OTP interface using our YubiKey Manager. Select Add from the Security Key PIN area, type and confirm your new security. Select user to configure in the drop down menu in the YubiKey Login Administration window. I purchased two Yubikey 4. Question: Is it possible to provide YubiKey input on GRUB Stage 1 to automatically decrypt the system if the YubiKey is inserted - so that no passphrase is needed. 4. Yubico Authenticator uses your Yubikey to store that info. So when the YubiKey is inserted, iOS thinks that the YubiKey is a USB keyboard and thus hides the on-screen keyboard. Click Yubico OTP Mode in the main tool window, or Yubico OTP at the top-left. If no one knows the code then it's basically toast. For each service you set up, have your spare YubiKey ready and add it right after the first one before moving to the next. c:parse_cfg(40)] flags 32768 argc 3. Unless using it to login to Windows (see Specify Configuration #2) or another OS 2FA access requiring Admin rights, this is abnormal, likely having nothing to do with the YubiKey or Yubico software themselves and is more likely a configuration issue/works as expected on the specific PC being used (especially since it's not replicated on another. See full list on support. fc18. 1. FriendlyName -like "*YubiKey*"} | Select-Object -ExpandProperty FriendlyName. Steps to reproduce in Mac OSX: Go to the Apple Main Menu. Insert the YubiKey and press its button; the YubiKey then enters the master password. com I purchased two Yubikey 4. When I RDP into that machine from another machine, the yubikey will not emit OTP's or connect the card via the PIV tool. While not possible to fully reset the YubiKey's OTP application to factory defaults, it is possible to get very close. Click Configure under the “Short Touch (Slot 1) area. You may need to touch your security key to authorize key generation. To fix it what I did is go to each computer and clicked on the Yubico Login app. YubiKey core error: Timeout If you selected Require User input (button press) on the Challenge-Response tab of the YubiKey Personalization Tool while you were configuring your YubiKey, the YubiKey begins blinking immediately after you. I get the same when running as regular user or root. Under "Security Keys," you’ll find the option called "Add Key. 5. We have exciting news for our Apple users: just yesterday, as part of iOS 16. To solve your problem, you can instead disable the OTP application to prevent the YubiKey from printing an OTP when you touch it. I get the same when running as regular user or root. Note | This project is supported but no longer under active development. Level 3: NFC. With a Yubikey (under Window 10), using the tool Yubikey Personalization Tool, I get the message: No Yubikey inserted. Having this driver installed the behaviour changes to the following. What's the problem? Can you someone explain to me why the Yubikey NEO cannot be accessed by programs with non-admin. I have the same "Failed to connect" issue on macOS Catalina, ykman 3. They are created and sold via a company called Yubico. Show information about inserted YubiKey: poetry run ykman info Run ykman in DEBUG mode: poetry run ykman --log-level DEBUG info Code Style & Security. Both machines use the yubioath-desktop application from the Debian repositories. The issue has been fixed in YubiKey FIPS Series firmware version 4. I have registered Yubikeys with Microsoft, Google, and Apple. Dependencies ~17–25MB ~402K SLoC. There is definitely a way. 18. 5;Again,I have the same problem docker: you are not authorized to perform this operation: server returned 401. " Yubikey Manager has field called Serial # when connected. # 7. The YubiKey supports a bunch of different authentication protocols and depending on what you're trying to do, the user experience might be a little different. The default configuration for Yubikey is to support the CCID (Smart Card) interface. @JimmyJames The Yubikey is a USB device. At the prompt, plug in or tap your Security Key to the iPhone. I just got a yubikey4 and while it produces a one time password with a touch, I was wondering what other capabilities it had so I installed yubikey-personalization-gui on my Mint 17 box. I've attached a screenshot that shows where in the PT the secret key will be. When prompted, touch the YubiKey to confirm# If all went well, the sudo command will work. Use the YubiKey Personalization Tool to configure the two slots on your YubiKey on Microsoft Windows, macOS 10. Do I need to keep my yubikey plugged in all the time? A. Once the first level of authentication succeeds, Password Manager Pro will prompt you to enter your YubiKey one-time password. I get the same when running as regular user or root. 7. $ sudo dnf install -y yubikey-manager yubikey-manager-qt. It won't detect in windows and the led light just flashes rapidly when plugged in and there is no USB connection noise made by windows. I tried turning off "Secure Keyboard Input" in Terminal, rebooted, but the YubiKey is still not. Note | This project is supported but no longer under active development. Click a drive. Run: ykpersonalize -2 -ochal-resp -ochal-hmac -ohmac-lt64 -oserial-api-visibleA YubiKey adds a significant additional level of security to your online accounts, doesn't take long to set up, and isn't a huge outlay. . I am getting "No YubiKey inserted" using the YPT package as provided by Fedora. 0:12 My Yubikey is already inserted, so I hit the Use Security Key button and promptly get a dialog saying "This security key doesn't look familiar. Ensure the Yubikey is inserted and can be read. Click Interfaces and make sure that OTP is checked for both USB and NFC interfaces. First, you’ll need to ensure that your system is fully up-to-date: kali@kali:~$ pcsc_scan Scanning present readers. msi INSTALL_LEGACY_NODE=1 /quiet. Over the last few years, we’ve heard a lot of talk about the Yubikey, a physical authentication security key made by Yubico. The user can see and manage the devices he has registered his user profile of the Identity Authentication service:my YubiKey with USB-C is not being recognized. Click Interfaces and make sure that OTP is checked for both USB and NFC interfaces. But of course this will only work if you don't. 2a: Create an instance of one of the "Session" classes (e. Note: Mac - If Apple’s Keyboard Setup Assistant launches on your macOS machine, close the window. I am currently aware of the issues with FIDO2 security logon after updating to Windows 11 22H2. In my windows 10 machine it shows as below because I use a different smartcard. The YubiKey communicates via the HID keyboard interface, sending output as a series of keystrokes. I inserted it while the personalisation tool (latest version) was launched. " Yubikey Manager has field called Serial # when connected. Prerequisites. Please note if the lights on the YubiKey appear when you insert the YubiKey into your device. Insert your YubiKey Bio into your computer. config/Yubico/u2f_keys. 1, which does not yet understand the new -sk key types. ssh. CreateRequest (EncodingType. So we're starting to trial our first Yubikey, and we're having no luck getting it to show up in the Personalization tool. Step 2: Select Your Key, Insert and Tap. I just received my Yubikey 5 NFC for use with Coinbase (which is supposed to support it). macOS comes with a command line tool for testing smart cards (PC/SC), which I used to get the machine name of my smart card. –. I also tried it on a second PC (always under Window 10) with the same result. Quit out of the YubiKey Personalization Tool completely by clicking YubiKey Personalization Tool > Quit YubiKey Personalization Tool, or pressing ⌘+Q on your keyboard with the YPT window in focus. Both of these readers also work well with other manufacturer’s keys like the YubiKey 5 NFC to read the x. For more information, see Understanding YubiKey PINs. Plug in a YubiKey 5Ci. . ilikeplanesandtech • 6 mo. Note that the Security Key Series are FIDO devices only, if you want to use a. You can create a new security key PIN for your security key. 0. It recognizes the key and allows me to initialize it. Nov 12, 2021 at 17:36. To fix it what I did is go to each computer and clicked on the Yubico Login app. Open Terminal. FIDO2 is a technology / interface on your Yubikey, which stands for Fast IDentity Online. Press Finish to program the YubiKey. 0. The FIDO2-only Security Key is perfect for Windows Hello for Business, but it cannot be managed using the YubiKey Personalization. Choosing a random new key invalidates all your existing credentials enrolled with that Yubikey, since your Yubikey will no longer be able to decrypt the identifier provided and sign proof that it knows the associated private key (in practice. The decrypted (usable) private key never leaves the YubiKey, it's just used to sign the challenge. I place the cursor in #2 field and try to continue. The SCFILTER\CID_ID# value for the YubiKey will be displayed. A notification should appear: Re-launch Veracrypt, select your encrypted drive, click , select Add/Remove keyfiles To/From Volume, and then fill in your drive credentials again. The certificate chain is not trusted. Remove your YubiKey if it is still connected to your machine, then launch ykman and insert your key. With a Yubikey (under Window 10), using the tool Yubikey Personalization Tool, I get the message: No Yubikey inserted. sgallagh. So, either the browser would have to be modded in some way to communicate with the FIDO agent through some interface other than the USB interface - or somehow the the browser. 2 Answers. yubikey at any time, so make sure you keep it handy. I got the YubiKey 4 ($40) as well the YubiKey 4 Nano ($50). NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 931,5G 0 disk └─sda1 8:1 0 931,5G 0 part └─md0 9:0 0 1,8T 0 raid5 └─cryptdata 254:6 0 1,8T 0 crypt /data. ssh/id_ecdsa_sk Generating public/private ecdsa-sk key pair. SoCleanSoFresh • 2 yr. I use Windows 10 on several devices. 1. " Keepass2 (RSA Certificate Key Provider plugin - uses windows security): "No cerficiate available. Actual results. Any instruction I find moves the key do yubikey making it imposible to sign/encrypt without youbikey inserted into PC. This SDK allows you to integrate the YubiKey into your . If entered correctly the Yubico Authenticator App will notify you that No Accounts Exist on your key during first. Click the. Open the Yubico Authenticator for Desktop application on the Windows machine. Click on. Alessio Post subject: Re: pam-u2f and. Open the Run prompt (Windows Key + R). The applet works perfectly in yubioath for android. The solution to this problem can be found in bitwarden's guide on using yubikey. You will have done this if you used the Windows Logon Tool or Mac Logon Tool. Insert your YubiKey. 1 participant. Insert the YubiKey into your computer USB port, make sure the YubiKey pop up window is the active window on your machine, and then tap the YubiKey. 0. I walk you through step by step process. When your device begins flashing, touch the metal contact to confirm the association. Done. Right click on the YubiKey Smart Card and select Properties. One or more domain controller(s) are missing certificates. The default action should be "failed" BR Manuel. Type the following commands: gpg --card-edit. 1. The username refers to the hard drive directory the directions specify. usually, the disk will light up on inserting into the usb port, telling you that your computer has recognised the device. I have a Yubikey inserted in a machine running Windows 7. Click Applications, then OTP. This started today. Here's a few tips for you to read about. This is why non-discoverable credentials take no storage on the YubiKey and are unlimited. Click the Tools tab at the top. Yubikey 4 in smartcard mode There is one annoying problem left: If the Yubikey is removed and inserted again during OpenVPN startup, it will not be recognized anymore and the message dialog "Please insert PIV_II (PIV Card Holder pin)" (OK/Cancel) opens again and again in an endless loop regardless if you press OK or Cancel. I've attached a screenshot that shows where in the PT the secret key will be. Run: sudo apt install libpam-yubico yubikey-manager; 2 Configuring the YubiKey. To save those hours for future users, I suggest that scdaemon not require reader-port for PC/SC when only one card is inserted (and for parity with the built-in CCID driver, which works for me without reader. The Yubikey is ABSOLUTELY working with Windows Hello, because on either laptop I can use it to log into Okta, or into my Microsoft account. Click on next one more time. Note: This section can be skipped if you already have a challenge-response credential stored in slot 2 on your YubiKey. I can get YubiKey PIV Manager to recognize the key again if I follow these steps: Leave the YubiKey 4 inserted; Leave YubiKey PIV Manager (1. The other Yubikey works perfectly. Reddit, My friend gave me a Yubikey as a gift (unopened). I don't see any option on my login screen to login via local acct. It says "No YubiKey Inserted" It occurs to me that perhaps it isn't designed to work with yubikey4. Windows users check Settings > Devices > Bluetooth & other devices. One or more domain controller(s) are missing certificates. 68. Tested on macOS Monterey and OpenSSH_8. and either. (note: I found that not letting the macbook automatically sleep with the yubikey inserted generally helps prevent any problems from happening. It should blink once when plugged in. ”Finally, if I examine the YubiKey Smart Card Minidriver in Device Manager under device status - it says the device is working properly but the location is value is "unknown". The login panel will disappear. -when I tap it on my phone with yubikey app installed, nothing happens -when I open yubikey personalisation tool on windows - it shows no yubikey detected -when I try to set up yubikey login on my windows laptop it keeps saying 'insert yubikey' even after I've done it, -keepasxc 2. Run: hdwwiz. Login avatars for options three and four are a simple key picture, but since those options should not be visible at all in the first place, this will be of no consequence when issue Windows 10, default credential provider is available at. . Configure the YubiKey OTP authenticator. It is possible for more than one device driver to be associated with a given hardware device, so be on the lookout for multiple entries changing in the Device Manger when the YubiKey is inserted. The Yubico Authenticator tool lets you generate OATH one-time password codes with your YubiKey. but that is just the serial number of the USB port that the key is connected to. Coinbase sends me a code on my phone, I enter that and it accepts it and it says to insert the Yubikey in a USB port. Click “ Next “, and then insert your YubiKey and press the Yellow button on your YubiKey. The SCFILTERCID_ID# value for the YubiKey will be displayed. Once I imported the private key the Yubikey is all. Run: ykman otp. Re: adding a second 2 factor key to my account - issues. ”. Run `gpg2 --card-status` (if set up as a hardware token for GPG keys) Actual results: "systemctl status" journal logs: Jul 02 08:42:30 sgallaghp50. Click Next, then it said it was Programming the device. Bug description summary: "No YubiKey detected. Step 4:YubiKey model and version: YubiKey 5 Nano firmware 5. You will be told to insert the Yubikey in the laptop and press the gold disc to create a code for Google Chrome. I get the same thing. YubiKey is simply the best hardware security key :) Hah, that's just great! Since I'm using it to log into my Windows laptop, Linux workstation and many online services. So: Buy a 2nd Yubikey to work as a backup. Select Open. I purchased two Yubikey 4. If the YubiKey menu option is already selected, click the three dots or the X on the upper right. Result: Full disk encryption (incl. FWIW, my NEO also works fine with the Android app, this is the first time I've tried the desktop (python) client. If not already done so, please insert your YubiKey in the computer via a USB port. I'm seeing "No YubiKey inserted" in the app (installed from App Store). Click the "Add method" button. " Insert YubiKey into a USB port.