What is an authentication token device?
A one-time passcode (OTP) authentication hardware token is a small device with an internal passcode generator that can be associated with a Two-Step Login account. With the press of a button, it will generate and display a single-use passcode to complete the second step of a login.
A token device that works with the University of Iowa's Two-Step Login system is shown above. The green button generates a passcode that is valid for 30 seconds. Pressing the button again generates a new passcode.
- The token device is designed to attach to a key chain
- Tokens cannot be shared, as they are uniquely associated with a HawkID account
- If a token is lost or stolen, there is no way to determine it is associated with a HawkID account. If the token is lost with a set of physical keys, it may be possible to identify its owner. But the device cannot be used by anyone who does not know the associated HawkID and password
Faculty, staff, and students who cannot utilize other supported devices for Two-Step Login—a mobile phone, the Duo Mobile app on a tablet or smartphone, a landline telephone, or a list of saved passcodes—may request a token device.
Tokens have a finite battery life and carry an associated cost. For these reasons, we recommend using one of the other supported options for completing your Two-Step Logins.
However, some circumstances may prohibit use of other supported options. These include:
- Computer logins performed in restricted areas where mobile phones are not allowed and landline phones are not available
- Computer logins performed in areas that do not have cellular or wireless service, or assigned landline phones, by users without smartphones (which can be used to complete Duo Mobile app logins even when there's no cellular/wireless service)
- Logins performed by users who do not have mobile phones, cell phones, tablets, nor unique landline phone numbers to enroll in their Two-Step profiles
- Logins by users who do not have the ability to carry other devices to locations where they need to access protected applications
Other situations will be considered on a case basis.
Send an email to the ITS Help Desk (firstname.lastname@example.org) requesting a token. Provide an explanation for your request, and include your name, HawkID, and phone number.
A token device will be assigned to your HawkID account and Two-Step Login profile.
When the token has been set up, you will be contacted to pick up your device at the ITS Help Desk (second floor, 2800 University Capitol Center). You'll be required to provide proof of identity—an IowaOne Card, valid drivers license, or passport will be accepted.
It's possible. Contact the ITS Help Desk (email@example.com) and provide details on the type, model, and manufacturer of the token, along with what it's currently being used for. Staff will determine if it is compatible with our Two-Step Login system.