skip to main content
Caltech
Information Management Systems and Services
IMSS  /  Services  /  Information Security  /  Duo MFA  /  Authentication Methods  /  Hardware token passcode

How to use hardware token passcode

Hardware token passcode is one of many second-factor options with Duo. With this method, When prompted by Duo, you enter the passcode that is displayed on the hardware token into your computer.

Note: Duo considers hardware token passcode to be a less secure option, and for most cases IMSS recommends using a more modern method such as Duo Mobile Verified Push or a platform authenticator like Touch ID or Windows Hello.

How hardware token passcode works

You carry a small electronic device that generates passcodes and displays them on a screen. After you log in with your username and password, Duo prompts you to "Use your security key". Tap the button on your YubiKey device.

How to set up a hardware token

In order to be used as a passcode generator with Duo at Caltech, a hardware token must support OTP protocols and must be set up initially by the IMSS Help Desk. The Help Desk will configure the hardware token and attach it to your account.

How to authenticate using a hardware token

  1. Log in to a Duo-protected service using your username and password
  2. Duo will prompt you to "Enter your passcode". If you do not see the this prompt, Duo may have defaulted to a different authentication method. Click "Other options" and then "Hardware token" to manually select this option. If you do not see "Hardware token" in the list of options, you have not set up this method yet. Refer to the instructions above.
  3. Enter the password displayed on your hardware token into the Duo prompt.