Returning to campus: Information, updates and vaccination requirements. Learn more.

MFA Hardware Tokens

token.pngMFA Hardware Tokens (Duo D-100 Devices) are small fobs which can be utilized as an alternative to enrolling a mobile device such as a smartphone.

The MFA Hardware tokens produce a new passcode each time the button is pressed, and can be used to authenticate by entering the passcode into the MFA prompt.

The following instructions will guide you through requesting a hardware token, authenticating with a hardware token, creating backup codes, removing hardware tokens, and returning hardware tokens if no longer in use.   

Requesting a Hardware Token

Hardware tokens are not the recommended authentication method. The Duo Mobile App on a mobile device is recommended. If you wish to proceed with the Duo Mobile App enrollment, see the enrollment guide for directions.

Hardware tokens are only to be utilized if you have a business need or if you cannot use Duo on other devices. When requesting a hardware token, you will be asked to provide your business need for a hardware token.

Hardware tokens are considered less convenient, and have a slightly lower degree of security assurance than using a mobile device with Duo. As such, users are recommended to utilize Duo Mobile App on mobile devices whenever possible.

To request a token, visit a ITSC walk-in location with a valid photo ID.

If you are not in a campus location with access to walk-in ITSC services, please call ITSC and arrangements will be made to deliver a hardware token to you. 

Authentication with a Hardware Token

The MFA Hardware tokens produce a new passcode each time the button is pressed, and can be used to authenticate by entering the passcode into the MFA prompt. See the instructions on how to use a hardware token to authenticate to an application.

Create Backup Codes With Hardware Token

Backup codes are important to create ahead of time in case your hardware token stops working, is lost, or is stolen.  

Step 1) Go to the Backup Code Page and Log In

Go to the "Create Backup Codes" button on the MFA main page, or go to: https://novapp.cc.uregina.ca/perl/mfapasscode.cgi

If prompted to login, please do so. You will also be presented with an MFA prompt. 

Press "Enter a Passcode"  

backup1.JPG

Press the green button on your hardware token to generate a new passcode.

Enter the passcode from the hardware token into the passcode field which is circled in red, and press login.

token2.png

Step 2) Create Backup Codes

Once your authentication is approved, you will now be logged in to create backup codes. Click "Get Codes".

backup2.JPG

10 Codes will be generated and shown on screen.

backup3.png

Each code can be used to log in to a MFA protected application one time. They will expire after 1 year.

Do not share these codes.  They must be stored in a secure location. It is recommended that these codes be stored offline, such as printed and stored in a desk drawer. 

You can generate new backup codes at any time. New backup codes will invalidate any old backup codes.

The creation of backup codes is complete. You can now click "Logout". 

If you need to use a generated passcode to log in to an application, see instructions on how to use a backup code to authenticate.

Removing a Hardware Token

To remove a hardware token from your MFA account, you can follow the Remove Device instructions via the Device Management Portal.  

To reduce security risk, make sure you remove lost or stolen hardware tokens devices from your account immediately. Report all lost or stolen hardware tokens to ITSC as soon as possible.  

Returning a Hardware Token

You are requested to return your Hardware Token if it is broken or no longer in use.

  • To return your token, visit a walk-in location for unlinking and disposal. 
  • Alternatively, you can send it by interoffice mail to:

    Information Technology Support Centre
    Main Campus, University of Regina
    3919 University Drive South
    Education Building
    Room ED 137

    Include a note with your name and whether the token is defective or you are staff leaving the University.