Notes on hardware tokens
In this article you will learn what hardware security keys are, how RWTH employees can gain access to them and what alternatives exist:
- What is a hardware security key?
- Who gets a YubiKey?
- Where can I get a Yubikey?
- How do I set up the YubiKey?
- What alternatives are there?
What is a hardware security key?
Hardware security keys (also called hardware keys or hardware tokens) are physical security keys that can be used for authentication.
Such a key can be used as a second factor for multi-factor authentication (MFA) for protected RWTH services.
In order to be able to use all protected RWTH services, such a security key must support at least the HOTP and WebAuthn/FIDO2 protocols.
This means that the security keys for both token types Hardware token for VPN and RWTH Single Sign-On (HOTP) and Hardware token for RWTH Single Sign-On (WebAuthn/FIDO2) can be used.
YubiKeys, Nitrokeys (Pro 2 and 3) and selected Feitian Keys are examples of hardware security keys that can be used. At the RWTH, YubiKeys are used as standard.
Employees of RWTH Aachen University will receive YubiKeys from their institution if it provides YubiKeys.
In addition to the YubiKeys provided, you may also use your own security keys.
Please make sure that the security keys, if purchased by yourself, support at least the HOTP and WebAuthn/FIDO2 protocols if you want to use them for all protected services.
Organizations of RWTH Aachen University have been provided with a limited number of YubiKeys by the IT Center in 2024.
Employees of RWTH Aachen University can ask their own institution whether they will be provided with a YubiKey if YubiKeys are still available.
Please contact your supervisor or a person with the role Bestellung IT (Ordering IT) at your institution.
If you do not know who has this role, a role administrator at your institution can provide you with information.
Role administrators can e. g. be viewed in IdM Selfservice under Roles and groups / Role administrators.
Additional YubiKeys can be purchased from the respective institutions via the RWTH Kaufhaus (RWTH Department store).
Instructions for setting up the YubiKey can be found here:
- Hardware Token for VPN and RWTH Single Sign-On (HOTP)
- Hardware Token for RWTH Single Sign-On (WebAuthn/FIDO2)
An overview of the other available token types that can be used for multi-factor authentication (MFA) can be found here.
In order to be able to use all protected RWTH services as easily as possible, we would recommend using an Authenticator app.
Additional token types:
