Overview
There are two types of hardware tokens/security keys:
- A legacy hardware token is a small device that can be attached to your keychain that will generate a time-based code used during the two-factor authentication process. Visit the Token Request form to request a legacy hardware token, view eligibility requirements, and related costs.
- A FIDO security key is a small hardware device used for secure sign-in and multi-factor authentication. It typically plugs into a USB port or connects over NFC. Instead of relying on a text message, a phone app, or a bypass code, a FIDO key provides physical proof of possession during sign-in.
Note: On August 4, 2026, the University of Tennessee will no longer distribute legacy hardware tokens. Please consider purchasing a FIDO security key.
Campus-Specific Support:
- UTK, UTSA, IPS, UTIA, and UTSI - OIT HelpDesk (865) 974-9900
- UTC - UTC HelpDesk (423) 425-4000
- UTHSC - UTHSC HelpDesk (901) 448-2222
- UTM - UTM HelpDesk (731) 881-7900
Using your Legacy Hardware Token
- Access the desired UT system like you normally would using your NetID and password.
- After successful authentication with your NetID password, Select Enter a Passcode on the next screen.
- Press and release the red button on your hardware token and enter your code.
*If the machine or device you are connecting from is trusted, like your computer or laptop (not a public use machine), you can select the Remember me for 7 days option to remember the device.
- Click Login to continue.
Note: Do not press and hold the button, as this will generate an error code of 888888.
Purchasing a FIDO Security Key
FIDO keys are commonly used as a more secure and more consistent authentication method for people who:
- do not have a compatible smartphone
- want a dedicated sign-in device
- need a backup authentication method
What does “FIDO” mean?
FIDO stands for Fast Identity Online. In practice, a FIDO key is a hardware security key that supports standards such as FIDO2 and WebAuthn for secure login.
When purchasing a key, look for these terms in the product description:
- FIDO2
- WebAuthn
- Security Key
Purchasing guidance
The OIT Security team currently recommends Feitian and Yubico keys, but other standards-based FIDO2/WebAuthn security keys are also expected to work in many cases. Because not every model is tested in every scenario, users should understand:
- FIDO2 keys may be purchased from VolTech, Feitian, Yubico, or many other online retailers.
- Feitian and Yubico are the recommended brands when possible
- Other brands may work if they support FIDO2/WebAuthn
- Support may be more limited for keys outside the preferred models
Recommended key types by use case
| Use case |
Recommended type |
Why |
| USB-C laptops, tablets, or newer phones |
USB-C FIDO2 key |
Best fit for modern devices with USB-C ports |
| USB-A desktops or older laptops |
USB-A FIDO2 key |
Best fit for older computers and common desktop setups |
| iPhone / iPad (iOS) |
NFC-capable FIDO2 key |
Usually the most flexible option for iOS users, especially if a direct USB connection is not convenient |
Platform-specific recommendations
For USB-C users
For users with newer laptops, tablets, or phones that use USB-C, purchase a USB-C FIDO2 security key.
- Direct connection
- No adapter required
- Best for newer Windows, macOS, and USB-C mobile device workflows
Recommended purchase choice for USB-C:
Other options:
- Other FIDO2/WebAuthn-compatible USB-C security keys may also work
For USB-A users
For users with older laptops, docking stations, or desktop computers that use USB-A, purchase a USB-A FIDO2 security key.
- Fits older and more common desktop hardware
- Avoids the need for USB-C adapters
- Useful for shared office and legacy workstation environments
Recommended purchase choice for USB-A:
Other options:
- Other FIDO2/WebAuthn-compatible USB-A security keys may also work
For iOS users
For users who primarily sign in on an iPhone or iPad, the safest recommendation is an NFC-capable FIDO2 security key.
- NFC is often the easiest option for iOS sign-in
- It avoids needing the correct physical connector for the phone
- It gives more flexibility across devices
If the user has a newer iPad or iPhone with USB-C, a USB-C FIDO2 key may also be a good option, but NFC remains the most broadly practical iOS recommendation.
Recommended purchase choice for iOS:
Other options:
- Other FIDO2/WebAuthn-compatible NFC security keys may also work
Things to look for before buying
Before purchasing a security key, confirm the following:
- The key supports FIDO2
- The key supports WebAuthn
- The connector matches the device you will use most often:
- NFC for iOS convenience
- USB-C for modern devices
- USB-A for older computers
- If you use more than one device type, consider the option that best matches your primary device, or purchase a model that supports multiple connection methods
Important notes
- A FIDO key is a physical device and should be stored securely
- Users may want to purchase two keys if they want a backup
- Not every low-cost “security key” sold online is fully compatible; the product listing should clearly state FIDO2/WebAuthn support
- If a user wants the most supportable option, they should choose a Feitian model that matches their device type
Quick recommendation summary
If you are unsure what to buy:
- Use an iPhone or iPad? Buy an NFC-capable FIDO2 key
- Use a newer USB-C laptop? Buy a USB-C FIDO2 key
- Use an older desktop or laptop with USB-A? Buy a USB-A FIDO2 key