Simple Hardware Token

Simple hardware token verification will be turned off for employees and affiliates on March 18th, 2025

For more information see: https://calnet.berkeley.edu/news/new-multi-factor-authentication-enhancements

Overview

A Simple OTP (One-Time Password) hardware token is a security device or software application that generates a unique, single-use code for authentication, often used in multi-factor authentication (MFA) systems to enhance security beyond standard passwords. You can use a token to generate passcodes repeatedly, but each passcode works only once. We recommend using a smartphone with Duo Push for the CalNet 2-Step.

Obtaining a Token

Students:

For students without smartphones, simple OTP (one-time password) hardware tokens are available at no cost and can be picked one up from the Student Technology Services helpdesk. Visit https://studenttech.berkeley.edu/techsupport for current locations and hours.

Staff, faculty, and student employees:

Simple hardware tokens are inappropriate for staff, faculty, and student employees. The campus will provide Security Keys at no cost for those populations without smartphones.

Alumni:

Tokens are not available to alumni.

Returning a Token

If you no longer need a simple hardware token, you can return yours by dropping it off at STS (see above), or return via ITCS Drop In hours at Dwinelle Hall.

You can also return a token by sending it by postal or inter-office mail to: ITCS, 1608 4th street, Berkeley CA 94710

Using a Token

If you already have a Simple Hardware Token, you must register it before you can use it:

Step 1: Register your Simple Hardware Token

Register your token using this form: https://docs.google.com/forms/d/e/1FAIpQLSdk6SWJGMMzuJQwIUJ9y-eWcCS4bdGyIeycfXyW6yUa-zPLMQ/viewform
You will receive an email notification when your token is registered.

Step 2: Try it out

Once you have received confirmation that your token is registered, go to mycalnet.berkeley.edu’s Manage 2-Step Verification page.
Enter your CalNet ID and passphrase to log in as usual to the CAS screen.
If the security key is not your default mode of authentication, click Other options, then click the Security Key button.

*If you are automatically logged in and the 2-Step prompt is bypassed, try either clearing cache/cookies(link is external) or using an incognito browser

security key

Next, tap the red power symbol on your Simple Hardware Token. A numerical code will appear on the token’s screen.
1. If you hold down the red button too long, it will display all; 8s. Let the token be until the screen clears, and try again.

Type the code that appears on your token into the field for the passcode on the 2-Step screen.
Click Verify.

Ta da! You have successfully done the 2-Step.

Note: You will see your token listed as a device when you log in to the 2-Step Device Control Panel.

Step 3: Print your backup passcodes

Before leaving mycalnet.berkeley.edu, please take a moment to click the blue Get Backup Passcodes button, and print your codes. Click here to find out more about backup passcodes.

Quick Links