Hardware tokens


A hardware token is a small, physical device that you carry with you and use for signing in with 2FA.

For example, some hardware tokens display a one-time passcode for signing in with 2FA.

You can also register your own personal hardware token (if compatible; refer below for instructions).

Hardware tokens provided by UW-IT

Hardware Token Request Form

Do I have to use hardware token?

No. You can choose to use other devices for 2FA. In fact, other device types are recommended, as described on the 2FA home page.

Can I request a hardware token from UW-IT?

Yes. UW-IT will provide a hardware token if you need one (e.g. if other device types create an undue personal or financial hardship). Please submit a Hardware Token Request.

What if I want or need multiple hardware tokens for my department?

Please contact us if you or your department are ordering 20 or more tokens. This will allow us to ensure tokens are set aside for your department and delivered in a timely manner.

How much do hardware tokens cost?

UW-IT provides hardware tokens at no charge for UW employees in Workday and students who need one.

Note: We're assessing overall sources of demand for hardware tokens to ensure a fair, sustainable funding model and cost-effective security across 2FA device types. Hardware tokens have a higher administrative cost than other options, and they require safe disposal as electronic media.

What kind of hardware token does UW-IT provide?

As of 2023, UW-IT provides Feitian OTP c100 tokens. These one-button hardware tokens display a one-time passcode for signing in with 2FA.

How do I re-sync my hardware token?

Hardware tokens can get "out of sync" and stop working if the button is pressed too many times without signing in. This might happen if it is repeatedly pressed by an object in your pocket or bag, for example. To re-sync your token, sign in with 2FA three times in a row, each time generating a new passcode. The first two tries will fail, but on the third try, Duo will automatically re-sync your token and sign you in.

Personal hardware tokens

Can I register my own hardware token?

Yes! We offer limited support for compatible hardware tokens, purchased individually or by your department. To register a token with Duo, for yourself or for someone else to link to their account, use the Identity.UW Add Token page and select the type of token to get started.

Any token that produces generic 6- or 8-digit OATH-HOTP passcodes. Please contact us if you want to confirm compatibility or registration steps ahead of time.

If you're adding a Yubikey, please refer to information on Setting up a security key.

How do I re-sync my personal hardware token?

To re-sync a personal OATH HOTP-compatible token, sign in with 2FA three times in a row, each time generating a new passcode. The first two tries will fail, but on the third try, Duo will automatically re-sync your token and sign you in.

Can I register my own WebAuthn device?

Yes. Please refer to information on Set up a security key.