Signing in to Chrome OS

Since Chromebooks use Google accounts for logging in, it should be possible to involve a YubiKey by following the guidance in this Google article.

Note: It's possible for your Chromebook to become a trusted device (in the "eyes" of your Google account), in which case, two-step verification (using a YubiKey) won't be required for every login.

If you want to perform two-step verification every time you log in to your Chromebook, follow the steps below. Please note - this will not apply when you "lock" your Chromebook.

1. On your Chromebook, once logged in, click on the time, which can be found at the bottom right.
2. Click the gear icon to open Settings.
3. On the left, select Security and Privacy.
4. Towards the middle of the window, select Manage other people.
5. Toggle off Show usernames and photos on the sign-in screen.

Now, any time you log in, you will need to enter your username, password, and perform two-step verification. To undo this, re-follow the steps, but toggle back on Show usernames and...

Accessing web services (after signing in)

Yubico OTP and FIDO, two of the most often used functions of our keys, should work on Chromebooks to sign in to services via a web browser. Yubico Authenticator on the other hand, which provides authenticator app two-factor authentication, does not currently work in Chrome OS. You can find discussion about why this is the case here. Yubico Authenticator is also available for Android and iOS, which may provide a workaround if you need to perform authenticator app 2FA on your Chromebook.