UPDATE, December 3, 2020: UCPath Error Message

When logging into UCPath, employees may see an "oops" error message from UCPath. This error is unrelated to the MFA implementation. To fix it, open a private or incognito window to log in to UCPath, or click the "back" button to log in again. Visit the MFA FAQ web page to learn more. 

About Hard Tokens

A hard token is an electronic device that generates one-time passwords for logging into a computer system. A hard token provides an extra layer of security called multi-factor authentication.

Hard tokens have acquired many different names here on campus, however, they all refer to the same device. Some names for tokens include DES token, authentication token, two-step authentication token, two-factor authentication token, multi-factor authentication token, PIN generator, Duo token, or just 'token.'

Request an MFA Token

To request an MFA token, contact the IT Services Desk at (805) 893-5000 or x5000.

Using the MFA Token

a) To authenticate using a hardware token, click the “Enter a Passcode” button. Press the button on your hardware token to generate a new passcode, type it into the space provided, and click “Log In” (or type the generated passcode in the Second Password field). Using the “Device:” drop-down menu to select your token is not necessary before entering the passcode.

*NOTE: For specific instructions on how to select your MFA factor during the VPN client process, visit https://www.it.ucsb.edu/pulse-secure-campus-vpn/get-connected-vpn and select the appropriate operating system under the heading ‘Instructions and Software.'

Testing an MFA Token

Test the Hard Token

a) Open a web browser to https://duo-mgmt.identity.ucsb.edu/.

b) Log into SSO.

c) Your browser will show the MFA with Duo Self-Registration form.

d) Click “Generate a Passcode” using your MFA hardware token.

e) Click the “Enter a Passcode” button on the Self-Registration form.

f) Enter the passcode and press “Log In.”

g) You will see the My Settings & Devices screen. This means your token works as configured. You may exit the application and the single sign-on web browser.

Lost MFA Tokens 

a) Please contact our service desk at (805) 893-5000 or x5000.

Returning an MFA Token

a) Please contact our service desk at (805) 893-5000 or x5000.

You can also view, download, or print a PDF of the instructions.


Hard Token FAQs

There is one token that is supported for use with Duo:

UCSB MFA Duo hard token

Yes. If a department has a spare Duo hard token, IT Services can assign it to a different user.

Once you have obtained a hard token, follow the instructions on the Enroll a Hard Token page or contact the IT Service Desk at (805) 893-5000 (x5000) to register the device with your account. Once registered, you can start using the hard token to login to Duo.

When you are prompted for a two-factor authentication code, you press the button on the front of the hard token. The token will display a six-character passcode, which you enter at the prompt.

There is no PIN that accompanies the token, it only needs to be assigned to your account, which can be done by contacting the IT Services Catalog.

Contact the IT Services Service Desk at (x5000) or submit a ticket via the IT Services Catalog immediately if your hard token is lost or stolen so they can lock the hard token until you receive a replacement. To enroll the new hard token, visit the Enroll a Hard Token pagesubmit a ticket to the IT Services Catalog, or call (805) 893-5000 (x5000).

Within 6 Months of Purchase

If you are having a problem with a Duo token (no longer generating a passcode, with either a corrupt or blank display) within the 6 month warranty period, you will need to contact Duo directly for replacement under the warranty.

Required information: Serial Number (located on the back of the token), Shipping Address for return
Phone: (866) 760-4247
Email: support@duosecurity.com

The replacement token will be shipped directly to the customer that requested the replacement. Once the new token has been received, contact the IT Services Catalog at x5000 to add it to your Duo account.

More than 6 Months Since Purchase

If your hard token stops working after the six-month warranty period, you will need to purchase a new one. Use these instructions to purchase a new token.

Tokens that no longer work are e-waste.