Requesting and Using a Hard Token

About Hard Tokens

A hard token is an electronic device that generates one-time passwords for logging into a computer system. A hard token provides an extra layer of security called multi-factor authentication.

Hard tokens have acquired many different names here on campus, however, they all refer to the same device. Some names for tokens include DES token, authentication token, two-step authentication token, two-factor authentication token, multi-factor authentication token, PIN generator, Duo token, or just 'token.'

Request an MFA Token

To request an MFA token, contact the IT Services Desk at (805) 893-5000 or x5000.

Using the MFA Token

a) To authenticate using a hardware token, click the “Enter a Passcode” button. Press the button on your hardware token to generate a new passcode, type it into the space provided, and click “Log In” (or type the generated passcode in the Second Password field). Using the “Device:” drop-down menu to select your token is required before entering the passcode.

*NOTE: For specific instructions on how to select your MFA factor during the VPN client process, visit https://www.it.ucsb.edu/pulse-secure-campus-vpn/get-connected-vpn and select the appropriate operating system under the heading ‘Instructions and Software.'

Lost MFA Tokens

a) Please contact our service desk at (805) 893-5000 or x5000.

Returning an MFA Token

a) Please contact our service desk at (805) 893-5000 or x5000.

You can also view, download, or print a PDF of the instructions.

Token Replacement (March 2025)

Please note: UCSB-issued Duo hardware tokens that were issued prior to 2025 have reached the end of their expected battery life and must be replaced. If you wish to continue using a Duo MFA hardware token, please let us know how you’d like to receive your new token by February 28th, 2025.

Replacement Options:

By Mail: We will send a new token to your current address.
In-Person Pickup: You can collect a replacement token at our office on campus during regular business hours.

How to Request a Replacement:

Please call our Service Desk at 805-893-5000 or send an email to its-servicecenter@ucsb.edu.
A support ticket will be opened on your behalf. In the ticket, we will ask you for your preferred delivery method and any details needed to coordinate.

If no action is taken by February 28th, your current token will be deactivated and you may lose access to Duo-protected services.

Hard Token FAQs

What kind of tokens can I use?

There is one token that is supported for use with Duo:

Can a token be reassigned to a different user?

No, unused tokens should be returned to the Core IT Service Desk. If you are a department staff and need a token assigned to a person in your department, please have the user call x5000 for further assistance.

Do I need to register or enroll my hard token to start using it?

No, you will receive the hard token preregistered to your account. You may begin using it immediately.

How do I use a hard token?

When you are prompted for a two-factor authentication code, you press the button on the front of the hard token. The token will display a six-character passcode, which you enter at the prompt.

My hard token was lost or stolen. What do I do?

Contact the IT Services Service Desk at (x5000) immediately if your hard token is lost or stolen so they can lock the hard token and send you a replacement.

What do I do if my token stops working?

Hard tokens operate like any battery-operated device in that they will eventually stop working and need to be replaced. If you are having a problem with a Duo token (no longer generating a passcode, with either a corrupt or blank display), contact the IT Services Service Desk at (x5000) so they can send you a replacement.

Tokens that no longer work are e-waste.