Two-factor Authentication Token Frequently Asked Questions
Q.What are two-factor authentication tokens?
A. Sometimes referred to as usb security keys, a token, when the button is pressed, automatically enters a 6-digit passcode at the Duo two-factor authentication prompt.
A variety of tokens are shown here:
Q. Can I use a token as my primary two-factor authentication method?
A. Yes, but if one or both of the following circumstances are true:
- You have a physical disability that makes using other methods burdensome
- You do not own or have access to a university-owned mobile device
Tokens are only provided to faculty or staff. We recommend Yubikeys, which can be purchased through Amazon.
Q. Are there limitations on using a token?
A. Yes, there are some limitations to tokens.
First, you must be using a device with a compatible USB port and the USB port must not be disabled (some kiosks and computer labs disable USB ports for security reasons). At this time, only USB A tokens are available.
Second, you must use a supported browser. Google Chrome and Opera support tokens natively. Firefox now supports tokens, but support must be enabled in the browser on any computer you want to use your token. To do so, follow these step by step directions:
- Type "about:config" (without quotes) into the Firefox address bar and press Enter
- Search for “u2f”
- Double-click on security.webauth.u2f to enable U2F (or right-click and select Toggle)
For assistance with this process, contact your IT Pro or the IT Help Desk.
Q. How do I obtain a token?
A. One token per person is provided by IT. Complete this form: https://support.ewu.edu/support/catalog/items/111
Q. My token is lost, damaged, or stolen. What do I do?
A. Report damaged, stolen, or lost tokens immediately to the Information Technology department so the token can be disabled. Departments and/or Individuals are responsible for any replacement charges.
Q. I am a departing employee, what do I do with my token?
A. Much like other university property, you are required to return your two-factor token.