Option 3: One-Time Passcode [OTP] “Hardware Token" (Physical Key Fob)

Option 3: One-Time Passcode [OTP] “Hardware Token" (Physical Key Fob)

The OTP “Hardware Tokens" are physical key fobs devices that you can carry with you, to authenticate your identity online for secure login. The device will generate a unique 6-digit passcode on a 60 second rotation, that will allow you to gain access to KBR systems, networks, or applications.

OTP Hardware Tokens are typically used for individuals who cannot use the Duo Mobile app for technical reasons or are not allowed mobile devices in secure areas.

NOTE: OTP Hardware Tokens will not grant you access to your computer if it is not connected to the internet. The Duo Mobile app and our FIDO Security Key support offline use login at this time. If you don’t have access to the Duo Mobile app or a FIDO Security key and you are offline, you will have to connect to the internet to gain access to your computer.

OTP Hardware Tokens must be requested in DASH and are set up for you by an IT Admin at the time of request. Once the OTP Token has been enrolled on your behalf, it will be delivered to you. No registration on your part is necessary.

When prompted for Duo authentication, enter the 6-digit code that appears on the OTP Token screen at that time.

Is the OTP Hardware Token the right choice for me?

Pros
Cons

Enhanced Security: OTP adds an extra layer of security by requiring users to provide a unique password for each login attempt. This reduces the risk of unauthorized access even if the primary password is compromised.

Dependency on External Factors: OTPs rely on external factors such as mobile networks or email services. If these services experience downtime or delays, it may hinder the user's ability to receive the OTP in a timely manner.
Convenience: OTPs can be generated and delivered quickly through various methods such as SMS, email, or mobile apps. This makes it easy for users to authenticate themselves without the need for physical tokens or hardware devices.
User Error: Users may accidentally delete or misplace the OTP, leading to difficulties in accessing their accounts. Additionally, if users fail to follow proper security practices, such as keeping their devices secure, the OTP may be compromised.