MFA Hardware Tokens

Hardware tokens are not the recommended authentication method. The Duo Mobile App on a mobile device is recommended. If you wish to proceed with the Duo Mobile App enrollment, see the enrollment guide for directions.

Hardware tokens are only to be utilized if you have a business need or if you cannot use Duo on other devices. When requesting a hardware token, you will be asked to provide your business need for a hardware token.

Hardware tokens are considered less convenient, and have a slightly lower degree of security assurance than using a mobile device with Duo. As such, users are recommended to utilize Duo Mobile App on mobile devices whenever possible.

To request a token, visit a ITSC walk-in location with a valid photo ID.

If you are not in a campus location with access to walk-in ITSC services, please call ITSC and arrangements will be made to deliver a hardware token to you. 

The MFA Hardware tokens produce a new passcode each time the button is pressed, and can be used to authenticate by entering the passcode into the MFA prompt. See the instructions on how to use a hardware token to authenticate to an application.

Backup codes are important to create ahead of time in case your hardware token stops working, is lost, or is stolen.  

Step 1) Go to the Backup Code Page and Log In

Go to the "Create Backup Codes" button on the MFA main page, or go to: https://novapp.cc.uregina.ca/perl/mfapasscode.cgi

If prompted to login, please do so. You will also be presented with an MFA prompt. 

Press "Enter a Passcode"  

Press the green button on your hardware token to generate a new passcode.

Enter the passcode from the hardware token into the passcode field which is circled in red, and press login.

Step 2) Create Backup Codes

Once your authentication is approved, you will now be logged in to create backup codes. Click "Get Codes".

10 Codes will be generated and shown on screen.

Each code can be used to log in to a MFA protected application one time. They will expire after 1 year.

Do not share these codes.  They must be stored in a secure location. It is recommended that these codes be stored offline, such as printed and stored in a desk drawer. 

You can generate new backup codes at any time. New backup codes will invalidate any old backup codes.

The creation of backup codes is complete. You can now click "Logout". 

If you need to use a generated passcode to log in to an application, see instructions on how to use a backup code to authenticate.

To remove a hardware token from your MFA account, you can follow the Remove Device instructions via the Device Management Portal.  

To reduce security risk, make sure you remove lost or stolen hardware tokens devices from your account immediately. Report all lost or stolen hardware tokens to ITSC as soon as possible.  

You are requested to return your Hardware Token if it is broken or no longer in use.

• To return your token, visit a walk-in location for unlinking and disposal. 
• Alternatively, you can send it by interoffice mail to:
  
  Information Technology Support Centre
  Main Campus, University of Regina
  3919 University Drive South
  Education Building
  Room ED 137
  
  Include a note with your name and whether the token is defective or you are staff leaving the University.