--- title: Authenticating with PingID using a hardware token description: Use a one-time passcode (OTP) from your hardware token to authenticate securely with PingID. component: pingid-user-guide page_id: pingid-user-guide:secure_authentication_with_pingid:pid_ug_auth_using_a_hardware_token_intro canonical_url: https://docs.pingidentity.com/pingid-user-guide/secure_authentication_with_pingid/pid_ug_auth_using_a_hardware_token_intro.html revdate: March 15, 2026 section_ids: before-you-begin: Before you begin about-this-task: About this task authenticating-using-a-hardware-token-web: Authenticating using a hardware token (Web) steps: Steps result: Result: result-2: Result: authenticating-using-a-hardware-token-vpn: Authenticating using a hardware token (VPN) steps-2: Steps result-3: Result: result-4: Result: authenticating-using-a-hardware-token-windows-login: Authenticating using a hardware token (Windows login) steps-3: Steps result-5: Result: result-6: Result authenticating-using-a-hardware-token-mac-login: Authenticating using a hardware token (Mac login) before-you-begin-2: Before you begin steps-4: Steps result-7: Result: result-8: Result: result-9: Result resynchronizing-a-hardware-token: Resynchronizing a hardware token steps-5: Steps choose-from: Choose from: result-10: Result: result-11: Result: --- # Authenticating with PingID using a hardware token Use a one-time passcode (OTP) *(tooltip: \
\

A passcode valid for only one sign-on or transaction on a computer system or other digital device. Also known as a one-time password, one-time PIN, or dynamic password.\

\
)* from your hardware token to authenticate securely with PingID. ## Before you begin * Pair your device with your account to enable authentication. Learn more in [Using a hardware token (OTP) for authentication with PingID](pid_ug_setting_up_a_hardware_token_general.html). * You might also need to resynchronize your hardware token, if required. ## About this task If your organization allows it, you can use a hardware token to access your account using a web browser, to access your company's VPN, or to access a Windows login or Mac login machine. * Web or Mac * VPN * Windows login * Mac login * Resync a hardware token ## Authenticating using a hardware token (Web) Use a OTP *(tooltip: \
\

A passcode valid for only one sign-on or transaction on a computer system or other digital device. Also known as a one-time password, one-time PIN, or dynamic password.\

\
)* from your hardware token to authenticate securely with PingID when accessing your account or app through a web browser. ### Steps 1. Sign on to your account or access an application that requires authentication. #### Result: The **Authentication** window appears requesting your passcode. ![A screen capture of the Authentication window requesting a passcode from your hardware token.](_images/nrw1634025599781.png) 2. Enter the OTP from your hardware token. Click **Verify**. #### Result: A green check mark appears, indicating your successful authentication and access. You are automatically signed on to your application. ![A screen capture of the successful authentication window displaying a green check mark and the Authenticated message.](_images/crl1564021153806.png) | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you did not get the green check mark, your hardware token might be out of sync. You see a further authentication window.![A screen capture of the Authentication window final step](_images/xoy1607414848580.png)Enter the OTP from your hardware token. Click **Sign On**. You should see the green check mark shown above. | ## Authenticating using a hardware token (VPN) Use a OTP *(tooltip: \
\

A passcode valid for only one sign-on or transaction on a computer system or other digital device. Also known as a one-time password, one-time PIN, or dynamic password.\

\
)* from your hardware token to authenticate securely with PingID when accessing your VPN. ### Steps 1. From your web browser or app, sign on to your VPN with your username and password. #### Result: You're offered a text entry field for an OTP. 2. In the text entry field, enter the OTP displayed on your hardware token to authenticate to your VPN. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If your VPN sign-on screen is set to ask for your password, and you're using an 8‑digit OTP code from your hardware token, enter your password, then a comma, then the 8-digit code.For example, `MyPassword,12345678`. | 3. Click **Sign in**. #### Result: After You're authenticated, You're signed on to your VPN. ## Authenticating using a hardware token (Windows login) Use a OTP *(tooltip: \
\

A passcode valid for only one sign-on or transaction on a computer system or other digital device. Also known as a one-time password, one-time PIN, or dynamic password.\

\
)* from your hardware token to authenticate securely with PingID when accessing your Windows machine. ### Steps 1. Sign on to your Windows machine. #### Result: The **Authentication** window appears requesting the OTP displayed on your hardware token. ![A screen capture of the Authentication window requesting the OTP displayed on the hardware token.](_images/gei1564021407824.png) 2. Enter the OTP from your hardware token. Click **Verify**. ### Result The green **Authenticated** message with a check mark appears, indicating authentication is successful and your access is approved. After a few moments, you are signed on to Windows. ![A screen capture of the green Authenticated message with a check mark indicating successful authentication.](_images/crl1564021153806.png) | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you did not get the green check mark, your hardware token might be out of sync. You will see a further authentication window.![A screen capture of the Authentication window final step.](_images/xoy1607414848580.png)Enter the OTP from your hardware token. Click **Sign On**. You should see the green check mark shown above. | ## Authenticating using a hardware token (Mac login) Use a OTP *(tooltip: \
\

A passcode valid for only one sign-on or transaction on a computer system or other digital device. Also known as a one-time password, one-time PIN, or dynamic password.\

\
)* from your hardware token to authenticate securely with PingID when accessing your Mac machine. ### Before you begin Make sure: * Your Apple Mac is running Mac OS 10.13 or later. * You have [paired your hardware token](pid_setting_up_hardware_token_web.html). ### Steps 1. Sign on to your Mac machine. #### Result: You'll see the **Authenticating** window, prompting you to enter a passcode. ![A screen capture of the Authentication window showing the passcode field.](_images/gei1564021407824.png) 2. Generate an OTP using your hardware token. 3. In the **Authentication** window, enter the OTP and click **Verify**. #### Result: The green check mark indicates authentication is successful and your access is approved. ![A screen capture showing the green Authenticated success window.](_images/crl1564021153806.png) | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | | If you did not get the green check mark, your hardware token might be out of sync. You will see a further authentication window.![A screen capture of the Authentication window final step](_images/xoy1607414848580.png)Enter the OTP from your hardware token. Click **Sign On**. You should see the green check mark shown above. | ### Result You're signed on to your Mac machine. ![A screen capture of the Mac login desktop following successful sign-on.](_images/mac_login_success.png) ## Resynchronizing a hardware token Hardware tokens need to maintain time synchronization. To resync your token if you receive an error: ### Steps 1. Access the **Devices** page, do one of the following. #### Choose from: * During authentication: When the **Authentication** screen opens, click **Settings**. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | To resync an out-of-sync hardware token, you must first authenticate using an alternative method, such as email. That is the situation assumed in the example below. | * From your organization dock: Click the **Account** icon (![meg1564020909807](../_images/meg1564020909807.png) ) and then click **Devices**. * From a link provided by your IT department. #### Result: The **Devices** page opens, showing the devices you currently have paired with your account. The primary device is shown in green. ![A screen capture of the My Devices page with a primary device enabled.](_images/sxa1600343223812.png) Click the **Expand** icon(![qpr1564020912200](../_images/qpr1564020912200.png)) to view details of a device. ![A screen capture of the My Devices page with the details expanded for a device.](../_images/cat1600339536953.png) 2. Click the **Resync Token** option. The **Hardware token sync** window is displayed: ![A screen capture of the Hardware token sync page where the end user enters the passcode.](_images/qdg1596719474956.png) 1. Enter the passcode displayed on the token. The **Final step** window is displayed. ![A screen capture of the Final step window where the end users enters a new passcode.](_images/mmo1596719658113.png) 1. Wait for a new passcode on your token and enter it. 2. Click **Sync** to complete the resync. #### Result: Your token is now resynced and should be available for authentications.