Overview

---

Tokens are a small hardware device (pictured below) that generates passcodes on demand to use with the Duo two-step login. You can request a token by filling out the Duo Hardware Token Request Form. Upon requesting a token, you will be asked to verify ID in person or via Zoom. 

1. Power button - Press to generate a code that can be used for the two-step login

2. Timer - Countdown indicating when passcode will expire (10 - 15 seconds)

3. Generated Code - 6-digit passcode that can be used on the two-step login

Critical Concepts

---

• A passcode can also be generated from within the Duo phone or tablet app. The app-generated passcode is accessible even without a cell or wifi connection. Whether you're on a flight or a ship, traveling internationally or working in a subterranean bunker, if you're using the app and have the device, you should be covered. 
  
  
• It is best practice to register multiple two-step login devices. Even with a token, you'll want a backup plan for the day you lose it or leave it at home. Therefore, we recommend setting up various devices to complete two-step login to ensure you have multiple options. 
  
  
• Passcodes generated from the hardware token are only good for a single-use. Also, previous passcodes expire when you generate a new one on the token.

Steps to Take

---

Generate & Use a Passcode

1. You can generate a passcode by pressing the power button (do not hold down)
2. A 6-digit passcode will now appear on screen.  This passcode will be valid until the timer expires (10-15 seconds).
3. Enter passcode on two-step login.  To use your passcode for two-step verification:
   
   • On Single Sign-On Applications: When you receive the prompt for two-step verification:
     1. click Other Options
     2. click Hardware token
     3. enter the passcode on your token
     4. click Verify
   • On UCSD VPN: See the Duo Two-Step Login on VPN article for steps to take to use two-step passcodes on the VPN.