Simple Hardware Token

Simple OTP (one-time password) hardware tokens are available at no cost for students who do not have a smartphone. Tokens are not available to alumni. You can use a token to generate passcodes over and over again, but each passcode works only one time. We recommend using a smartphone with Duo Push for the CalNet 2-Step. 

Obtaining a Token

If you need a Simple Hardware Token, you can pick one up on campus at the following locations. Tokens are not available to alumni.

Students

If you are a student and need a Simple Hardware Token, you can pick one up from the Student Technology Services helpdesk. Visit https://studenttech.berkeley.edu/techsupport for current locations and hours.

Faculty and Staff
Starting March 18, 2025, faculty, staff, and affiliates including Emeriti will no longer be able to use Simple Hardware Tokens.

Faculty or Staff needing a token can obtain one in any of the following ways:

• Go to the ITCS Drop-in Location at 117 Dwinelle. Visit https://berkeley.service-now.com/kb?id=kb_article_view&sysparm_article=KB0014900 for current location and hours.
• Go to 1608 Fourth Street during regular business hours.
• Go to the Student Technology Services helpdesk. Visit https://studenttech.berkeley.edu/techsupport for current locations and hours.
• Open a ticket with ITCS to have a token shipped to you directly: calnet2-stephelp@berkeley.edu.

Emeriti

• Emeriti and subscribers to retiree email service can email the UCB Retirement Center (UCBRC) at ucbrc@berkeley.edu to request a token.

Returning a Token

If you no longer need a simple hardware token, you can return yours by dropping it off at STS (see above), or return via ITCS Drop In hours at Dwinelle Hall. 

You can also return a token by sending it by postal or inter-office mail to: ITCS, 1608 4th street, Berkeley CA 94710

Using a Token

If you already have a Simple Hardware Token, you must register it before you can use it:

Step 1: Register your Simple Hardware Token

1. Register your token using this form: https://docs.google.com/forms/d/e/1FAIpQLSdk6SWJGMMzuJQwIUJ9y-eWcCS4bdGyIeycfXyW6yUa-zPLMQ/viewform

2. You will receive an email notification when your token is registered.

Step 2: Try it out

1. Once you have received confirmation that your token is registered, go to mycalnet.berkeley.edu’s Manage 2-Step Verification page.

2. Enter your CalNet ID and passphrase to log in as usual to the CAS screen.

3. If the security key is not your default mode of authentication, click Other options, then click the Security Key button.

    *If you are automatically logged in and the 2-Step prompt is bypassed, try either clearing cache/cookies(link is external) or using an incognito browser

3. Next, tap the red power symbol on your Simple Hardware Token. A numerical code will appear on the token’s screen.

   1. If you hold down the red button too long, it will display all; 8s. Let the token be until the screen clears, and try again.

5. Type the code that appears on your token into the field for the passcode on the 2-Step screen.

6. Click Verify. 

Ta da!  You have successfully done the 2-Step.

Note: You will see your token listed as a device when you log in to the 2-Step Device Control Panel.

Step 3: Print your backup passcodes

Before leaving mycalnet.berkeley.edu, please take a moment to click the blue Get Backup Passcodes button, and print your codes. Click here to find out more about backup passcodes.