WSU Recommendation
WSU only recommends WebAuthn (FIDO2 or biometrics) as an authenticator in specific controlled situations.
...
- MFA does not use any network
- Very good Phishing resistance
- Does not require second device to be online during authentication
- Does not require separate purchase (when using biometric login)
- Requires a physical device (for FIDO2 tokens)
- Support for FIDO2/WebAuthn is not universal overall browsers and apps
- Each browser on a device must be registered separately for each domain (login.wsu.edu and wsu.okta.com)
Anchor | ||||
---|---|---|---|---|
|
Okta maintains a list of 126+ compatible tokens. Choose a token from the list of ITS supported hardware below, or confirm with ITS that a token is on the recognized list before making a purchase.
ITS supported FIDO2 hardware:
- YubiKey 5 Series with NFC
- YubiKey 5 Series
- Security Key NFC by Yubico
- Google Titan Security Key v2
- Feitan BIoPass FIDO2 Plus Authenticator
Purchase the token from any commercial source.
How to Set Up a hardware FIDO2 token
- Activate or log in to your account (how?)
- From login.wsu.edu, click your name then settings
- Select "Security Key or Biometric Authenticator" and click Set Up. If you already have one "Security Key or Biometric Authenticator", click Set up Another
- When prompted, insert the key and register it with Okta
- Log in to wsu.okta.com, click your name, then settings.
- Repeat steps 3 and 4.
How to Set up Biometric WebAuthn
Note |
---|
Every web browser you use may require independent registration. You should assume that setting up Chrome and Firefox requires you to set up biometric authentication 2 separate times. |
...
- Activate or log in to your account (how?)
- From login.wsu.edu, click your name then settings
- Select "Security Key or Biometric Authenticator" and click Set Up. If you already have one "Security Key or Biometric Authenticator", click Set up Another
- When prompted, Follow your browser's wizard to set up Touch-ID, Face-ID, Windows Hello, or similar biometric login.
- Log in to wsu.okta.com, click your name, then settings.
- Repeat steps 3 and 4.
How to Use
- Enter your username to login in to login.wsu.edu
- Enter your password when prompted*
- When prompted to verify your account, if "Security Key or Biometric Authenticator" isn't presented, choose "Select another Auth..."
- Choose "Security Key or Biometric Authenticator"
- Click the blue "Verify" box
- When prompted, verify with your token or biometric identity data.
Further Reading
https://help.okta.com/oie/en-us/content/topics/identity-engine/authenticators/configure-webauthn.htm
...