What is an authentication token device?   

A one-time passcode authentication hardware token, often called a token device, is a small device with an internal passcode generator that can be associated with a Two-Step Login account. With the press of a button, it will generate and display a single-use passcode to complete the second step of a login.  

Duo Token

A token device that works with the University of Iowa's Two-Step Login system is shown above. The green button generates a passcode that is valid for 30 seconds. Pressing the button again generates a new passcode.  

  • The token device is designed to attach to a key chain.
  • Tokens cannot be shared, as they are associated with a unique HawkID account.
  • If a token is lost or stolen, a third party cannot determine which account is associated with the device. If it is found with other items, such as keys, it is possible to identify the token's owner. However, the token will only work for someone who knows the HawkID and password associated with the token.

Who is eligible for an authentication token?

Faculty, staff, and students who cannot use the Duo Mobile app on a tablet or smart phone or use a list of saved passcodes for Two-Step Login may request a token device.

Tokens have a finite battery life and carry an associated cost. For these reasons, we recommend using the Duo Mobile app on a tablet or smart phone.

However, some circumstances may prohibit use of other supported options, such as:

  • Computer logins performed in restricted areas where mobile phones are not allowed.
  • Computer logins performed in areas that do not have service by users without smartphones (which can be used to complete Duo Mobile app logins even when there's no cellular/wireless service).
  • Logins performed by users who do not have mobile phones or tablets to enroll in their Two-Step Login profiles.
  • Logins by users who do not have the ability to carry other devices into locations where they need to access protected applications.

Other situations will be considered on a case-by-case basis.

How do I get an authentication token?

Come to the ITS Help Desk walk-in area (second floor, 2800 University Capitol Center) during business hours to pick up a hardware token. You will be required to provide:

  • A valid reason for using a hardware token instead of other Duo methods.
  • A photo ID as proof of identity (an IowaOne Card, valid driver's license, or passport will be accepted).

If you cannot come to the ITS Help Desk in person, call the ITS Help Desk at 319-384-4357 to provide verification and your reason for requesting a token. 

Can I use a token I already own?

It's possible. Contact the ITS Help Desk (its-helpdesk@uiowa.edu) and provide details on the type, model, and manufacturer of the token, along with it's current use. Staff will determine if it is compatible with our Two-Step Login system.

How do I use a token device?
  1. Log in to any UI website. When prompted for Duo, you will see a screen asking for a bypass code.

    • If the screen does not ask for a bypass code, select "Other options," then select "Bypass code."
       

      Image shows the blue "other options" link at the bottom of the Duo prompt which can be clicked on.
  2. Press the green button on the Duo token. A code will appear on the token's screen.

  3. Type the code into the textbox and click "Verify" to sign in.
     

    Picture shows the Duo bypass code and a text box to enter the code into
Last updated
Article number
5096