People who wish to use a physical hardware token for 2-Step verification should pick up a Simple Hardware Token free of charge. Advanced users may wish to enroll a YubiKey as either an HOTP or U2F token. These are not required to use CalNet 2-Step Verification, but advanced users may wish to leverage features of YubiKeys, for example, their ability to function using USB-provided power without needing an internal battery.
CalNet recommends YubiKey 4 Series Security Keys as they have both HOTP and U2F capability.
YubiKeys as U2F Tokens
YubiKeys as a U2F Token can only be used with Chrome and the newest version of Firefox. U2F tokens can be set up through the self serve portal. See:
YubiKeys as HOTP Tokens
YubiKeys as HOTP Tokens can be used anywhere a Duo passcode is accepted; this includes all web browsers as well as non-web integrations in the future. In order to use a YubiKey as an HOTP Token, it must first be programmed. This is a complicated procedure. See specific directions below:
For most users, if you don't have a smartphone or landline available, a Simple Hardware Token is sufficient.