A hardware token is a small, physical device that you carry with you and use for signing in with 2FA.
For example, some hardware tokens display a one-time passcode for signing in with 2FA.
You can also register your own personal hardware token (if compatible; refer below for instructions).
No. You can choose to use other devices for 2FA. In fact, other device types are recommended, as described on the 2FA home page.
Yes. UWIT can provide a hardware token if you need one (e.g. if other device types create an undue hardship). Please submit a Hardware Token Request. Hardware tokens are not provided to all requests.
Please contact us if you or your department are ordering 20 or more tokens. This will allow us to ensure tokens are set aside for your department and delivered in a timely manner.
UWIT provides hardware tokens at no charge for UW employees in Workday and students who are deemed to need one.
Note: Users are able to purchase hardware tokens independently or through a department (see Personal hardware tokens below). UWIT provided tokens are for specific use cases.
UWIT provides Feitian OTP c100 tokens and YubiKeys. Feitian one-button hardware tokens display a one-time passcode for signing in with 2FA.
Hardware tokens can get "out of sync" and stop working if the button is pressed too many times without signing in. This might happen if it is repeatedly pressed by an object in your pocket or bag, for example. To re-sync your token, sign in with 2FA three times in a row, each time generating a new passcode. The first two tries will fail, but on the third try, Duo will automatically re-sync your token and sign you in.
Yes! We offer limited support for compatible hardware tokens, purchased individually or by your department. To register a token with Duo, for yourself or for someone else to link to their account, use the Identity.UW Add Token page and select the type of token to get started.
Any token that produces generic 6- or 8-digit OATH-HOTP passcodes. Please contact us if you want to confirm compatibility or registration steps ahead of time.
If you're adding a Yubikey, please refer to information on Setting up a security key.
To re-sync a personal OATH HOTP-compatible token, sign in with 2FA three times in a row, each time generating a new passcode. The first two tries will fail, but on the third try, Duo will automatically re-sync your token and sign you in.
Yes. Please refer to information on Set up a security key.
For security reasons if someone finds a token that is not theirs there is no option to look up the owner of the token to return it. The person that has found the misplaced token can return it to UWIT via campus mail (see address below) or dispose of the token (see UW Facilities map to eMedia bin locations on campus). Additionally the person that found it can call (206 221-5000 option 0) or email (help@uw.edu) UWIT to report the token was found and that it was mailed or disposed of.
UWIT's mailing address is:
UW Information Technology
4333 Brooklyn Ave NE
Campus Box 359561
Seattle, WA 98195