Information technology tools and resources at the UW
A hardware token is a small, physical device that you carry with you. UW-IT provides one-button hardware tokens that display a one-time passcode for signing in with 2FA. You can also register your own personal hardware token (if compatible; see below).
Hardware tokens aren’t recommended because they have a higher administrative cost than other options, and they require safe disposal as electronic media.
Hardware tokens provided by UW-IT
Do I have to use hardware token?
No. You can choose to use other devices for 2FA. Other device types and sign-in options are described on the 2FA home page.
Can I request a hardware token from UW-IT?
Yes. UW-IT will provide a hardware token if you need one. If you don’t have an Entrust token, please submit a Hardware Token Request. If you currently have an Entrust token, please visit the Migration from Entrust to Duo page for more information.
How much do hardware tokens cost?
UW-IT provides hardware tokens at no charge. We’re assessing demand for new and replacement tokens to ensure a fair, sustainable funding model across 2FA device types.
What kind of hardware token does UW-IT provide?
As of June 12, 2017, we are providing Feitian OTP c100 tokens to new users. Previously, we provided Entrust tokens and some Duo D-100 tokens.
Hardware tokens can get “out of sync” and stop working if the button is pressed too many times without signing in. This might happen if it is repeatedly pressed by an object in your pocket or bag, for example.
To re-sync your token, sign in with 2FA three times in a row, each time generating a new passcode. The first two tries will fail, but on the third try, Duo will automatically re-sync your token and sign you in.
To re-sync an Entrust token, use the self-service Entrust token re-sync process.
Personal hardware tokens
Can I register my own hardware token?
Yes. We offer limited support for compatible hardware tokens, purchased individually or by your department. Please contact us if you want to register other hardware tokens. Please include the device type (Yubikey, OATH HOTP-compatible token, etc.) in your message and we’ll confirm whether or not it’s compatible. If it is, we’ll help you register and link the device to your account.
How do I re-sync my personal hardware token?
To re-sync a personal OATH HOTP-compatible token, sign in with 2FA three times in a row, each time generating a new passcode. The first two tries will fail, but on the third try, Duo will automatically re-sync your token and sign you in.
Can I register my own Universal 2nd Factor (U2F) device?
Yes. Please refer to information on setting up a U2F device.