A hardware token is a small, physical device that you carry with you and use for signing in with 2FA.
For example, some hardware tokens display a one-time passcode for signing in with 2FA.
You can also register your own personal hardware token (if compatible; refer below for instructions).
No. You can choose to use other devices for 2FA. In fact, other device types are recommended, as described on the 2FA home page.
Yes. UW-IT will provide a hardware token if you need one (e.g. if other device types create an undue personal or financial hardship). Please submit a Hardware Token Request.
Please contact us if you or your department are ordering 20 or more tokens. This will allow us to ensure tokens are set aside for your department and delivered in a timely manner.
UW-IT provides hardware tokens at no charge for UW employees in Workday and students who need one.
Note: We're assessing overall sources of demand for hardware tokens to ensure a fair, sustainable funding model and cost-effective security across 2FA device types. Hardware tokens have a higher administrative cost than other options, and they require safe disposal as electronic media.
As of 2023, UW-IT provides Feitian OTP c100 tokens. These one-button hardware tokens display a one-time passcode for signing in with 2FA.
Hardware tokens can get "out of sync" and stop working if the button is pressed too many times without signing in. This might happen if it is repeatedly pressed by an object in your pocket or bag, for example. To re-sync your token, sign in with 2FA three times in a row, each time generating a new passcode. The first two tries will fail, but on the third try, Duo will automatically re-sync your token and sign you in.
Yes! We offer limited support for compatible hardware tokens, purchased individually or by your department. To register a token with Duo, for yourself or for someone else to link to their account, use the Identity.UW Add Token page and select the type of token to get started.
Any token that produces generic 6- or 8-digit OATH-HOTP passcodes. Please contact us if you want to confirm compatibility or registration steps ahead of time.
If you're adding a Yubikey, please refer to information on Setting up a security key.
To re-sync a personal OATH HOTP-compatible token, sign in with 2FA three times in a row, each time generating a new passcode. The first two tries will fail, but on the third try, Duo will automatically re-sync your token and sign you in.
Yes. Please refer to information on Set up a security key.
For security reasons if someone finds a token that is not theirs there is no option to look up the owner of the token to return it. The person that has found the misplaced token can return it to UW-IT via campus mail (see address below) or dispose of the token (see UW Facilities map to eMedia bin locations on campus). Additionally the person that found it can call (206 221-5000 option 0) or email (help@uw.edu) UW-IT to report the token was found and that it was mailed or disposed of.
UW-IT's mailing address is:
UW Information Technology
4333 Brooklyn Ave NE
Campus Box 359561
Seattle, WA 98195