An Important Note Before You Begin:
You should only follow these steps if you are unable to enroll in Cougar Lock using the standard method of using the standard method of using an authenticator app on your phone. This standard method is more convenient, less complicated, and does not require you to purchase any hardware.
Table of Contents:
Step 1: Acquire a hardware token
Step 2: Download and install Yubico Authenticator
Step 3: Run the Yubico Authenticator program
Step 5: Set Up Your APU Account
Step 6: Print the Multifactor Authentication Page to a physical piece of paper
Step 7: Input the 32-digit code into the Yubico Authenticator App
Step 8: Finalizing Cougar Lock
What is Cougar Lock?
Cougar Lock adds security to your APU account by sometimes prompting for an additional "Six Digit Auth Token" after you use your APU NetID and Password to log into an APU service, such as your APU email or home.apu.edu. The steps on this page show you how to use a small USB device with a laptop or desktop computer to generate the six-digit codes required for Cougar Lock, rather than an Authenticator App on a phone.
Step 1: Acquire a hardware token
This guide is written to cover the Yubico YubiKey 5 Nano. (Use a YubiKey 5C Nanoif you have a laptop which only has the smaller USB-C ports.)
Step 2: Download and install Yubico Authenticator
You can download it for Windows or MacOS by following this link.
Step 3: Run the Yubico Authenticator program
Note: If you get a message that it is already running, find it in the System Tray by clicking on the carat icon (^) at the bottom right of your screen, right-clicking on the green icon with a padlock and white circle with a key, and clicking on "Show Yubico Authenticator."
Step 4: Insert Your YubiKey
Initially, the program will say "Insert your YubiKey".
Plug your YubiKey into a USB Port. You may want to use a port you utilize less frequently, as you might choose to leave the YubiKey plugged in all the time. It can also be difficult to remove due to it's size; you may need to carefully hook a bent paperclip or even staple into the hole in the end of it to remove it.
Step 5: Set Up Your APU Account
Back in the Yubico Authenticator app you should see "Add accounts to this YubiKey in order to generate security codes.
Click on "Add Account".
Enter "APU" as the Issuer.
Enter your APU NetID as the Account name.
To get the Secret Key, you will need to go through the Cougar Lock enrollment process. Open another tab or web browser, navigate to the support article Setting up Cougar Lock, and follow Steps 1 through 4.
Step 6: Print the Multifactor Authentication Page to a physical piece of paper
After you have completed the steps on this page, store that paper somewhere secure but accessible. Think of it like a backup/spare key to your account. It will allow you to configure a replacement YubiKey yourself later without requiring IT to reset your Cougar Lock. It would also let you enroll this account for Cougar Lock with an app on a phone.
Additionally, you can log in up to six times without using the one-time codes from a mobile App or the Yubico Authenticator program. This physical page includes six single usebackup codes. Keeping these written down somewhere and stored on you at all times somewhere like a purse or wallet will allow you to log in, even if you don't have access to the Yubico Authenticator App, without needing to contact IT for assistance.
Step 7: Input the 32-digit code into the Yubico Authenticator App
Just below the QR code, you will notice the bold line of 32 capital letters and numbers under the text, "you can manually enter this key to register."
Use copy/paste or manually type that line of letters and numbers into the Yubico Authenticator app as the "Secret Key."
If you get the errors "Invalid Base32 format (A-Z and 2-7)" or "Security key have the wrong format" (sic)", please find and fix any typos in the Secret Key you entered.
Leave "Require touch" and "Show advanced settings" unchecked.
Finally, click "Add account".
Step 8: Finalizing Cougar Lock
The Yubico Authenticator application should now show a six digit code, along with a pie chart icon to the right which shows how much longer the code will be valid (the displayed code changes every 30 seconds).
Right-click on the code and click "Copy to clipboard". (Or you can just type the six digits in the next step.)
Switch back to the "Multifactor Authentication Page". Take the six digit code from the Yubico Authenticator program and paste or type it at the bottom of the page and click "Register".
Wait until a different six digit code is displayed. If you attempt to use the same code, the system will not accept it.
Sign in again, using the new six-digit number displayed in the Yubico Authenticator program.
Congratulations, you’re enrolled and logged in! Whenever you log into to an APU website that asks for a "Six Digit Auth Token", you would just make sure the YubiKey is plugged in (it's so tiny you might leave it plugged in all the time), open the Yubico Authenticator program, copy the six-digit code, and paste it into the Cougar Lock window.
You should also keep with you the six one-time use codes on your person in case you are ever in a situation where you do not have access to the Yubico Authenticator App.
You are the most important part in APU fulfilling its obligation to keep our systems safe. APU's systems hold your information and the information of many, many other people. You are a critical link in keeping your and our constituent's data safe. Please show due care in safeguarding your password, the secret key used by Cougar lock, your one time use codes, and your authentication token in a responsible manner.