A hardware token is a small, physical device that you carry with you and use for signing in with 2FA.
For example, some hardware tokens display a one-time passcode for signing in with 2FA.
You can also register your own personal hardware token (if compatible; refer below for instructions).
Hardware tokens provided by UW-IT
Do I have to use hardware token?
No. You can choose to use other devices for 2FA. In fact, other device types are recommended, as described on the 2FA home page.
Can I request a hardware token from UW-IT?
Yes. UW-IT will provide a hardware token if you need one (e.g. if other device types create an undue personal or financial hardship). Please submit a Hardware Token Request.
How much do hardware tokens cost?
UW-IT provides hardware tokens at no charge for people who need one.
Note: We’re assessing overall sources of demand for hardware tokens to ensure a fair, sustainable funding model and cost-effective security across 2FA device types. Hardware tokens have a higher administrative cost than other options, and they require safe disposal as electronic media.
What kind of hardware token does UW-IT provide?
As of June 12, 2017, UW-IT provides Feitian OTP c100 tokens. These one-button hardware tokens display a one-time passcode for signing in with 2FA.
Hardware tokens can get “out of sync” and stop working if the button is pressed too many times without signing in. This might happen if it is repeatedly pressed by an object in your pocket or bag, for example.
To re-sync your token, sign in with 2FA three times in a row, each time generating a new passcode. The first two tries will fail, but on the third try, Duo will automatically re-sync your token and sign you in.
Personal hardware tokens
Can I register my own hardware token?
Yes! We offer limited support for compatible hardware tokens, purchased individually or by your department. To register a token with Duo, for yourself or for someone else to link to their account, use the Identity.UW Add Token page and select the type of token to get started.
Any token that produces generic 6- or 8-digit OATH-HOTP passcodes or Yubico’s proprietary AES OTP passcodes is compatible. Please contact us if you want to confirm compatibility or registration steps ahead of time.
If you’re adding a Yubikey, please refer to information on Using Yubikey as a OTP Token.
To re-sync a personal OATH HOTP-compatible token, sign in with 2FA three times in a row, each time generating a new passcode. The first two tries will fail, but on the third try, Duo will automatically re-sync your token and sign you in.
Can I register my own Universal 2nd Factor (U2F) device?
Yes. Please refer to information on setting up a U2F device.