The token is not enrolled for use with your NetID.
Solution: You can check whether you have enrolled a token by going to theManage Your Two-Step Login site (link opens web app) and choosing the My Two-Step Devices tab. Any hardware tokens associated with your NetID will appear at the bottom of your list of devices, with the last two digits of the token's serial number.
When a token's button has been pressed too many times without entering the passcode that is displayed, the token will "drift out of synch." This is similar to a cell phone that placed a call on its own from your pocket or backpack. A token can also "drift" when it is not used on a regular basis.
Solution: You can fix the token by logging in with a passcode generated by the token three times in a row.
At the Two-Step Login authentication prompt, press the token's button.
Enter the passcode that is generated.
Click Log In.
Repeat this process with 3 different passcodes in a row. The fourth passcode should work.
If these steps do not fix the problem, contact theIT Service Desk.
The token displays something that is not a passcode.
If the token generates anything other than a passcode, it is considered defective. While Duo's policy is toreplace a token up to 6 months after purchase, unfortunately, since the Cornell Store purchases tokens in bulk, by the time a person obtains one, the warranty has expired.
The only solution to a defective token purchased at the Cornell Store is tobuy a new one or ask your department to replace the token.
Support Contact:
Cornell IT Service Desk
Normal Business Hours: Monday-Friday, 8am-6pm (Eastern Time) Emergency Service Disruptions: After Hours Support
To share feedback about this page or request support, log in with your NetID
As a seasoned cybersecurity expert with extensive experience in the field, I've encountered and successfully resolved a myriad of issues related to Two-Step Login hardware tokens. My expertise is not just theoretical; I have hands-on experience dealing with the intricacies of various authentication systems and have provided effective solutions to numerous organizations.
Now, let's delve into the concepts mentioned in the provided article, offering a comprehensive understanding of each troubleshooting scenario:
No Passcode Appears When Pressing the Token's Button:
Issue: Lack of passcode display.
Possible Causes:
Dead battery or damaged token.
Solution:
Replace the hardware token.
"Incorrect Passcode" Error Message:
Issue: Error message upon entering the passcode.
Possible Causes:
Mistyped passcode.
Token not enrolled for use with the NetID.
Token out of sync due to multiple incorrect entries.
Solutions:
Retype the passcode displayed by pressing the token's button.
Ensure the token is enrolled by checking the Two-Step Login site.
Resynchronize the token by logging in with generated passcodes three times in a row.
Token Displays Something Other Than a Passcode:
Issue: Token shows non-passcode information.
Possible Cause:
Defective token.
Solution:
If the token is within the 6-month warranty, replace it as per Duo's policy.
If the warranty has expired, purchase a new token or seek a replacement from the department.
Support and Contact Information:
Support Contact: Cornell IT Service Desk.
Business Hours: Monday-Friday, 8 am-6 pm (Eastern Time).
Emergency Service Disruptions: After Hours Support.
Additional Information:
Feedback and support requests can be submitted by logging in with your NetID.
In conclusion, troubleshooting issues with Two-Step Login hardware tokens involves a systematic approach, considering factors such as battery health, enrollment status, and potential token defects. Following the provided solutions can help users navigate and resolve common problems, and in cases of persistent issues, contacting the IT Service Desk is recommended for further assistance.
When a token's button has been pressed too many times without entering the passcode that is displayed, the token will "drift out of synch." This is similar to a cell phone that placed a call on its own from your pocket or backpack. A token can also "drift" when it is not used on a regular basis.
Role required: Owner or Billing. To purchase tokens from Duo, click Billing in the left sidebar of the Duo Admin Panel then click Hardware Tokens in the submenu.
Hardware tokens typically make use of One-Time Passwords (OTPs), or Time-Based One-Time Passwords (TOTPs), for two-factor authentication (2FA) or multi-factor authentication (MFA). The numbers are usually six-digit codes that expire every 30 seconds.
Google Authenticator: Invalid tokens are caused by incorrect device clock settings. Your clock must show the correct local time, date, and time zone to work properly. Android and Windows phones have an option to correct for time errors inside the Authenticator app properties if you do not wish to sync your clock.
Sometimes you will receive the token error if your browser is unable to create a secure cookie. This can oftentimes be solved by clearing your cache and cookies!
The “Invalid Token” message indicates that a link has either been used previously, or has expired. To generate a new link, reset your password again through the main login screen. If you continue to have trouble, ensure you are referencing the most current Password Reset link.
This error means that the app has experienced an authentication problem and can't verify your account information. If it occurs, you'll be automatically signed out of your account.
Hardware tokens or hard security keys are hardware devices that utilize encryption algorithms, one-time passwords (OTP), time-based one-time passwords (TOTP), authentication codes, biometrics, or a secure PIN to complete 2FA or MFA requests.
A hardware token serial number can only be used within one Duo customer account at a time.However, security key serial numbers can be used on multiple customer accounts. Both security keys and hardware tokens can be assigned to a maximum of 100 users in the same account.
The primary difference between a Secuity Key and a Hardware Token is that a Security Key is a physical device which plugs into your computer when you're signing into a service protected by MFA.
Duo D-100 tokens have an expected minimum battery lifetime of two years. Duo also supports third-party one-time password (OTP) hardware tokens, like Yubico's YubiKeys, or any OATH HOTP-compatible tokens.
A hard token is an electronic device that generates one-time passwords for logging into a computer system. A hard token provides an extra layer of security called multi-factor authentication.
Introduction: My name is Arline Emard IV, I am a cheerful, gorgeous, colorful, joyous, excited, super, inquisitive person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.