I'm using a Yubikey for security key login to Windows 11, and everything works great when my laptops are connected to the domain. However, I'm running into an error saying 'Your credentials couldn't be verified' when trying to log in offline. I've noticed other laptops set up a while back don't have this issue, so I'm confused about what I'm missing.
2 Answers
Could you provide a bit more information? Are you setting these up with PIV smart cards and possibly using an internal Windows CA for certificates? It might not be applicable since you're using Windows Hello, but it could be worth checking if that's the issue. Also, are you using the Yubikey login app? I wouldn't recommend it as it mainly supports local accounts and might be causing some problems.
It sounds like you're trying to use the Yubikey as a two-factor authentication method that relies on online verification. When you're offline, the system can't connect to the servers to verify your credentials, which is likely causing the error. It should ideally work offline, though, so maybe there's a setup difference between the laptops that are functioning and those that aren't. Have you checked the configuration on both types?
Yeah, I hear you. I've got setups that work offline too. It really points to a setup issue on the new machines.
Thanks for the tips! I'm just using the Yubikey itself without any CA, and we're hybrid with Entra.