Device initialization

Source: Yubico

Device initialization is straightforward but requires some organization around secret management. In the future, this can be improved by defining a group policy distributed via MDM which can enforce some of the settings mentioned below.

  1. Enter a new PIN with 8 numeric characters if macOS login is intended. macOS won't work if the PIN contains alphanumeric characters. Generate and store this PIN securely on a password manager.
  2. Set the Management Key option to Use a separate key.
  3. Under Store management key, randomize and store the resulting key on a password manager.
  4. Enter a new PUK with 8 alphanumeric characters (A-Z, a-z, 0-9 and symbols are allowed), also generated on a password manager.
  5. When asked if you want to Set up Yubikey for macOS by generating certificates, choose No. This can be handled later on more selectively.

results matching ""

    No results matching ""