Enroll a Hard Token

About Hard Tokens

A hard token is an electronic device that generates one-time passwords for logging into a computer system. A hard token provides an extra layer of security called multi-factor authentication.

Hard tokens have acquired many different names here on campus, however, they all refer to the same device. Some names for tokens include DES token, authentication token, two-step authentication token, two-factor authentication token, multi-factor authentication token, PIN generator, Duo token, or just 'token.'

Request an MFA Token

To request an MFA token, contact the IT Services Desk at (805) 893-5000 or x5000. 

Using the MFA Token

a) To authenticate using a hardware token, click the “Enter a Passcode” button. Press the button on your hardware token to generate a new passcode, type it into the space provided, and click “Log In” (or type the generated passcode in the Second Password field). Using the “Device:” drop-down menu to select your token is not necessary before entering the passcode.

Testing an MFA Token

a) Open a web browser to https://duo-mgmt.identity.ucsb.edu/.

b) Log into SSO.

c) Your browser will show the MFA with Duo Self-Registration form.

d) Click “Generate a Passcode” using your MFA hardware token.

e) Click the “Enter a Passcode” button on the Self-Registration form.

f) Enter the passcode and press “Log In.”

g) You will see the My Settings & Devices screen. This means your token works as configured.

Lost MFA Tokens 

a) Please contact our service desk at (805) 893-5000 or x5000.

Returning an MFA Token

a) Please contact our service desk at (805) 893-5000 or x5000.

You can also view, download, or print a PDF of the instructions.

Hard Token FAQs

There is one token that is supported for use with Duo:

UCSB MFA Duo hard token

Yes. If a department has a spare Duo hard token, IT Services can assign it to a different user.

Once you have obtained a hard token, contact the IT Service Desk at x5000 to register the device with your account. Once registered, you will be able to start using the hard token to login to Duo.

When you are prompted for a two-factor authentication code, you press the button on the front of the hard token. The token will display a six-character passcode, which you enter at the prompt.

There is no PIN that accompanies the token, it only needs to be assigned to your account, which can be done by contacting the IT Services Catalog.

Contact the IT Services Service Desk at x5000 or submit a ticket via the IT Services Catalog immediately if your hard token is lost or stolen so they can lock the hard token until you get a new one. Hard tokens are available at XXXXX. To enroll the new hard token, contact the IT Services Desk.

Within 6 Months of Purchase

If you are having a problem with a Duo token (no longer generating a passcode, with either a corrupt or blank display) within the 6 month warranty period, you will need to contact Duo directly for replacement under the warranty.

Required information: Serial Number (located on the back of the token), Shipping Address for return
Phone: (866) 760-4247
Email: support@duosecurity.com

The replacement token will be shipped directly to the customer that requested the replacement. Once the new token has been received, contact the IT Services Catalog at x5000 to add it to your Duo account.

More than 6 Months Since Purchase

If your hard token stops working after the six-month warranty period, you will need to purchase a new one. Use these instructions to purchase a new token.

Tokens that no longer work are e-waste.