FIDO2 is available as an option for multi-factor authentication (MFA) to NHSmail users. This gives users a secure way for logging in to systems and applications.
This article provides all the information users need for getting started with FIDO2 security tokens, including:
- Registering your FIDO2 security token
- Editing a security token nickname
- Removing a security token
- Changing a security token PIN
Registering your FIDO2 security token
This section includes step-by-step guidance for registering your FIDO2 security token. There is also a ‘How-To-Video’ available to watch.
1. When you have a security token that you want to register, please navigate to the NHSmail portal and select Login in the top right of the page.
3. Navigate to your Profile
4. On your Profile page select the Self-Service tab.
5. On the Self-Service page select the Manage FIDO2 Tokens This will take you to the FIDO2 security token registration and management page.
7. A window will appear asking you to confirm you want to set up your security key. Click OK.
8. Insert your security key into the USB port when prompted.
9. Enter a new security key PIN for this token and click OK to confirm. Please note the minimum length is 4 characters. This PIN will be required to unlock and use the security key during future authentication attempts.
10. Touch the security token to confirm your presence.
11. Enter a nickname for the security token and click Submit to confirm your choice.
12. A green “success” message in the top right of the page will indicate a successful registration of the security token. The registered security token will also appear in your list of registered tokens once the page has been refreshed.
13. Upon successful registration, you will be able to start using your FIDO2 security token as an option for MFA to securely access systems and applications.
Managing your FIDO2 security token
This section includes guidance on how to:
- Edit a security token nickname
- Remove a security token that is registered to you
- Change the PIN on your FIDO2 security token
Editing a security token nickname
1. Login to the NHSmail portal and navigate to your Profile
3. On the Self-Service page select Manage FIDO2 Tokens. This will take you to the FIDO2 security token management page, where you should be able to see all your registered FIDO2 security tokens.
5. Enter a new nickname for the security token in the pop-up box and click Save Changes.
Removing a security token
1. Login to the NHSmail portal and navigate to your Profile page.
6. The token will no longer appear in the list of registered security tokens your FIDO2 token management page. You may need to refresh the page once for this change to be reflected.
Changing a security token PIN
You can take the following steps on a Windows 10 device to change your security token PIN from an old PIN to a new PIN.
5. Navigate to Security Key PIN and select Change.
6. Change your security key PIN by entering the old PIN once and new PIN twice. The minimum length is 4 characters. Confirm by clicking OK. Once the PIN has been changed, continue to use the security key with the new PIN during future authentication attempts.
Help & Support
- For more information check out this easy to read FIDO2 User Guide
- For more information about registering and managing tokens check out this ‘how-to-video’
- For more information about Multi-Factor Authentication (MFA)
- For more information about FIDO2 at the NHS and recent updates please see here
- For more information about how to find your Local Administrator