Skip navigation

Tokens and Passcodes

With multiple passcode configurations, native hardware tokens, and integrations with a broad range of third-party devices, Duo is an easy-to-use two-factor authentication solution that fits seamlessly in your users’ daily workflows.

Time-Based One-Time Passcodes

Some websites and online services let users protect their accounts with a mobile-generated passcode that must be manually entered and only works for a certain amount of time — typically 30-60 seconds. Duo Mobile can generate these time-based one-time passcodes (TOTP) for all third-party sites, letting users keep all of their accounts in one app.

SMS Passcodes & Phone Callback

Users without Internet connectivity or smartphones can still authenticate easily with Duo’s SMS passcode or phone callback options.

To generate an SMS passcode, a user logs into an application with their usual account credentials. Duo will then send them a one-time passcode via text that can be typed into a two-factor authentication prompt on the user’s device.

To use phone callback, simply call any phone number enrolled to a user and let them confirm their identity by answering the call and pressing a key. Access keys can easily be configured and managed via Duo’s administrator dashboard.

Bypass Codes

When other multi-factor authentication (MFA) methods aren’t an option, you can manually generate a bypass code. This feature comes in handy when you need to provide temporary access for a contractor or vendor, or when an employee forgets their laptop or phone but still needs to access their applications.

Duo also lets you manually prevent logins. If a user loses their authentication device or reports it stolen, Duo lets you disable and disassociate the device from the user. You can also re-enable the device if found, and send a new activation link for Duo Mobile by SMS or email.

Security Tokens

Duo supports standalone, one-time password hardware devices for two-factor authentication — and thanks to Duo’s flexibility, choosing the right one for your business is easy.

cybersecurity tokens mfa and 2fa with duo security

Choose Your Token

Duo supports third-party hardware tokens, like Yubico’s YubiKeys, or any OATH HOTP-compatible tokens. Third-party hardware tokens can be imported into the system by an administrator.

Order Tokens Directly from Duo

Duo’s D-100 tokens have an expected minimum battery lifetime of 2 years. They are only available in increments of 10. You can purchase tokens from the Duo Admin Panel or through your Account Team.

Shipping prices are dependent on the destination location.

Currently Duo Security cannot ship to PO Boxes or any of the following countries: Central African Republic, China, Comoros, Cuba, Equatorial Guinea, Falklands, Guinea Bissau, India*, Iran, Johnston Island, Kiribati, Korea, North (North Korea), Libya, Mayotte Island, Myanmar, Nauru, Niue, Philippines*, Saint Pierre Et Miquelon, Sao Tome & Principe, Sierra Leone, Solomon Islands, Somalia, St. Helena (S. Atlantic), Sudan, Syria, Tajikistan, Tokelau Islands, Turkmenistan, Republic Of - TM, Tuvalu, Wake Islands.
*Shipping for these countries only available if purchasing via Cisco Commerce (CCW).

Duo Security reserves the right to not ship to additional locations not listed above. If you have questions about shipping tokens to a specific country, please contact your Duo Sales representative or submit a request using this form.

For security reasons, Duo hardware token orders may not be cancelled, suspended, changed or returned. This includes changes to delivery location or quantity. Hardware tokens cannot be returned except pursuant to warranties.

Other Multi-Factor Authentication (MFA) Methods

There’s a solution for every situation.

Duo Push

Duo Push is our most commonly-used second factor of authentication, thanks to its simplicity and reliability. Users just download the Duo Mobile app and are automatically prompted to confirm each login attempt — all it takes is a single tap.

Biometrics and Security Keys

Duo's multi-factor authentication solution taps into the power of security keys and biometric authentication methods, such as TouchID via WebAuthn, allowing users to leave the traditional passcode behind.

Cover of  eBook

Phishing: A Modern Guide to an Age-Old Problem

Phishing has evolved to keep up with the changing enterprise. Get an in-depth guide to modern phishing tactics and how you can establish user and device trust to protect against the impact of phishing attacks.

Get the Free Guide