Other Verification Devices

Using Tokens

People who wish to use a physical hardware token for 2-Step verification should pick up a Simple Hardware Token free of charge.  Advanced users may wish to enroll a YubiKey as either an HOTP or U2F token.  These are not required to use CalNet 2-Step Verification, but advanced users may wish to leverage features of YubiKeys, for example, their ability to function using USB-provided power without needing an internal battery.

CalNet recommends YubiKey 4 Series Security Keys as they have both HOTP and U2F capability.

YubiKeys as U2F Tokens

YubiKeys as a U2F Token can only be used with Chrome and the newest version of Firefox. U2F tokens can be set up through the self serve portal.  See:

YubiKeys as HOTP Tokens

YubiKeys as HOTP Tokens can be used anywhere a Duo passcode is accepted; this includes all web browsers as well as non-web integrations in the future.  In order to use a YubiKey as an HOTP Token, it must first be programmed.  This is a complicated procedure.  See specific directions below:

For most users, if you don't have a smartphone or landline available, a Simple Hardware Token is sufficient.

For more in-depth discussion of YubiKeys, see Duo Authentication Methods and Yubico OTP vs. U2F.