Main Content

Instructions for two-factor authentication with YubiKey (USB one-time password token)

Das YubiKey- token is a USB one-time password token and will be issued as standard from 2022 for all staff accounts (if an employment contract with the State of Hesse, represented by the university, exists), represented by the university) is issued.

Receiving a YubiKey token

  • Members* of Philipps-Universität Marburg who - in accordance with the terms of use for two-factor authentication - are authorised to use a token for two-factor authentication, will be provided with a Yubikey token by the University Computer Centre in person or by post, which must then be activated.
  • As soon as a token has been activated for two-factor authentication, the user receives a corresponding notification in their email inbox, including brief instructions on how to log in to the 2FA portal. The use of the second factor by the user is mandatory for all two-factor authenticated services from the time of activation, i.e. a token is required for login.
  • The 2FA portal can then be used to roll out additional tokens in the self-service if required (e.g. App token or TAN-Token).

Activation and use of the Yubikey

  • Please go to the activation page
  • Please agree to the terms of use and continue. A new form will appear
  • Enter your staff username. e.g. mueller

Now go to the field with the password and 2FA.
First enter your password, leave the pointer in the field, insert the Yubikey to be activated into a USB slot and wait for it to light up. Then press the golden area on the Yubikey for approx. 1 second. The password field should now continue to fill in automatically and the form should be sent.
If it is not sent automatically, please press the Activate button again.

  • Info: The Yubikey has two token slots, both of which are already pre-assigned:
    • Slot 1 is assigned to the staff account, which you activate by pressing it briefly (maximum 1 second).
    • Slot 2 is usually not occupied, but still generates a token, which is activated by holding it down for longer.

 For services that are used with your staff account + 2FA, you need the first slot, i.e. the Yubikey only press briefly (maximum 1 second).

Logging in to two-factor authenticated services

  • In the web browser (e.g. Firefox, Chrome, Safari, Internet Explorer, Edge), call up the desired two-factor authenticated service
    • Enter your user name (username) as usual.
    • In the password field, enter your user password without pressing the Enter key. Stay in the password field.
    • Now insert the YubiKey into a USB port on the computer. If a dialogue for configuring a keyboard appears on the screen, please cancel the dialogue (only in Apple macOS / Apple OS X, action only necessary once).
    • Wait until the button (y) of the YubiKey lights up green.
    • Touch the button (y) on the YubiKey: The characters in the password field are supplemented by the one-time password of the token. The login is usually automatic.

      Note: Please use a standard keyboard layout. Ergonomic keyboard layouts such as Neo are not supported.

    • You can now remove the Yubikey againIn the login dialogue of the two-factor authenticated service, proceed as follows
  • If you have any problems with logging in, please contact your local Windows or network administrator or the IT-Servicedesk des HRZ.

Use within Marvin

  • Only the one-time password is required for exam registration in Marvin.
  • You can find detailed instructions in the 2FA instructions for Marvin.

Suspending a token

Blocking a token (e.g. when leaving the university or losing the token) is done via

Returning a token

The return of a token (e.g. when leaving the university) is made to the IT Service Desk of the University Computer Centre (e.g. in person, by internal mail or by post).

Alternative ordering of tokens (after the introductory phase)

If you have not automatically received a token, you can request one via the web form Request for the issue of a token for two-factor authentication.

*Partners, service providers or guests are usually issued with TAN tokens in the form of TAN lists and do not receive a Yubikey.