Simple Hardware Token

Simple OTP (one-time password) hardware tokens are available at no cost for students, employees and affiliates who do not have a smart phone or other 2-Step device. Tokens are not available to alumni. You can use a token to generate passcodes over and over again, but each passcode works only one time. We recommend that you use a smart phone with Duo Push for the CalNet 2-Step. 

Obtaining a Token

If you need a Simple Hardware Token, you can pick one up on campus at the following locations. Tokens are not availble to alumni.


Student Technology Services (STS)

If you are a student and need a Simple Hardware Token, you can pick one up from the Student Technology Services helpdesk. Visit https://studenttech.berkeley.edu/techsupport for current locations and hours.


IT Client Services (ITCS)

Employees and affiliates may submit a ticket to calnet2-stephelp@berkeley.edu to set up an appointment to obtain a hardware token. You can also submit a ticket for ITCS to ship a token directly to your address. 

  • 1608 Fourth St, Berkeley, CA 94710

UCB Retirement Center (UCBRC)

Emeriti and subscribers to retiree email service can email ucbrc@berkeley.edu to request a token.


Returning a Token

If you no longer need a simple hardware token, you can return yours by dropping it off at STS (see above), or return via ITCS Drop In hours at Dwinelle Hall

You can also return a token by sending it by postal or inter-office mail to: ITCS, 1608 4th street, Berkeley CA 94710


Using a Token

If you already have a Simple Hardware Token, you must register it before you can use it:

Step 1: Register your Simple Hardware Token

  1. Register your token using this form: https://docs.google.com/forms/d/e/1FAIpQLSdk6SWJGMMzuJQwIUJ9y-eWcCS4bdGyIeycfXyW6yUa-zPLMQ/viewform

  2. You will receive an email notification when your token is registered.

Step 2: Try it out

  1. Once you have received confirmation that your token is registered, go to mycalnet.berkeley.edu’s Manage 2-Step Verification page.

  2. Enter your CalNet ID and passphrase to log in as usual to the CAS screen.

  3. If the security key is not your default mode of authentication, click Other options, then click the Security Key button.

    *If you are automatically logged in and the 2-Step prompt is bypassed, try either clearing cache/cookies(link is external) or using an incognito browser

security key

  1. Next, tap the red power symbol on your Simple Hardware Token. A numerical code will appear on the token’s screen.

    1. If you hold down the red button too long, it will display all; 8s. Let the token be until the screen clears, and try again.

  1. Type the code that appears on your token into the field for the passcode on the 2-Step screen.

  2. Click Verify. 

Ta da!  You have successfully done the 2-Step.

Note: You will see your token listed as a device when you log in to the 2-Step Device Control Panel.

Step 3: Print your backup passcodes

Before leaving mycalnet.berkeley.edu, please take a moment to click the blue Get Backup Passcodes button, and print your codes. Click here to find out more about backup passcodes.