[Campus Notice] Replace Your ITS-Issued Hardware Security Token Before October 10, 2025

UCR Information Technology Solutions tech-bulletin at lists.ucr.edu
Tue Aug 19 10:27:22 PDT 2025 

[image: image]
If you use an ITS-issued hardware token, you may exchange it for a new one
until October 10, 2025. After this date, old HOTP hardware tokens will no
longer work.

Dear Highlander,

You are receiving this notice because our records indicate that you were
previously issued a hardware security token from Information Technology
Solutions (ITS).

UC Riverside is undertaking an important security upgrade and is
transitioning from HOTP to TOTP hardware security tokens for those who
require them (learn more
<https://its.ucr.edu/mfa#why-do-i-need-to-exchange-my-i>). If you have an
ITS-issued security token, we ask that you evaluate whether or not it is
still needed and, if needed, submit a request to exchange it for a new TOTP
token before October 10, 2025. After this date, the old HOTP tokens will no
longer work.
Recommendation

ITS strongly recommends you use the Duo Mobile app
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0010310>,
as it is UCR’s official MFA method and it offers robust features.
Alternative methods include the Duo Desktop app
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012281>
and configuring biometric authentication
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012279>
on your device. However, if none of these options meet your needs and you
require a security token, please follow the process below.
Hardware Security Token Replacement Process

If you would like to replace your HOTP hardware security token with a TOTP
hardware security token, kindly take the following steps:

   1.

   Obtain Supervisor Approval: As with all university-owned equipment,
   supervisor awareness is crucial for proper inventory management by your
   unit leadership and ITS. Secure written approval from your supervisor using
   the Hardware TOTP Security Token Supervisor Approval Form
   <https://goto.ucr.edu/hardware-token-approval> to receive a TOTP
   security token.
   2.

   Submit a Request Ticket: Once you have your supervisor’s written
   approval, submit a ticket
   <https://ucrsupport.service-now.com/ucr_portal?id=sc_cat_item&sys_id=d10c39ee0f348300138942bce1050e8b>
   to request your new security token.
   -

      Select the category “Accounts & Passwords” and subcategory “MFA.”
      -

      In the Short Description field, indicate “TOTP hardware security
      token request.”
      -

      Before submitting the ticket, add the Hardware TOTP Security Token
      Supervisor Approval Form you filled out as an attachment.
      -

      Submit the form and wait for a BearHelp technician to get in touch
      with you to process your request.
      3.

   Surrender Your Token: Bring your ITS-issued HOTP security token to
the Computing
   & Communication Center
   <https://campusmap.ucr.edu/?id=2106#!ct/71247,71297,71304,71305?m/905411?s/>
   (open Monday through Friday, 8:00 am to 5:00 pm) to receive your new TOTP
   security token. Your new ITS-issued TOTP security token will be linked to
   your user account and pre-registered with Duo, UCR’s MFA provider.


When no longer in use, it is important that you return the security token
to ITS. More information on hardware security tokens can be found in the
MFA webpage FAQs <https://its.ucr.edu/mfa#mfa-faq>.

If you have questions or concerns regarding your ITS-issued security token,
please get in touch with the IT help desk at (951) 827-4848 from Monday to
Friday, 8:00 am to 5:00 pm. To learn more about using hardware security
tokens for multi-factor authentication (MFA), please read the IT knowledge
article
<https://ucrsupport.service-now.com/ucr_portal?id=kb_article_view&sysparm_article=KB0012205>
.


Sincerely,

Dewight Kramer

Chief Information Security Officer

Lily Barger

Director of Campus Support Services

Information Technology Solutions

University of California, Riverside



Information Technology Solutions

Computing & Communications Building

900 University Ave.

Riverside, CA 92521

951-827-4848 | its.ucr.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ucr.edu/pipermail/tech-bulletin/attachments/20250819/7627ede5/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image
Type: image/png
Size: 40409 bytes
Desc: not available
URL: <https://lists.ucr.edu/pipermail/tech-bulletin/attachments/20250819/7627ede5/attachment-0001.png>

More information about the Tech-Bulletin mailing list