The 2-Factor Authentication (“2FA”) is a security measure for strengthening the information security protection of the authentication process in using the central IT services. On top of HKU Portal UID/PIN, a one-time token code is required for accessing those services that require 2FA to login.
2FA is now used in accessing HKU Virtual Private Network (“HKUVPN“) and some applications under HKU Portal outside campus network (for staff only).
How to get the token code
Alternate email address
Staff and students
Staff (including HKU SPACE staff):
NOTE: Staff will be required to input their HKID card no./passport no. for identity verification during 2FA registration or update of 2FA registration information.
Students/Departmental Account Holders (including honorary appointees):
The token code will be sent to the alternate email address automatically after a correct input of HKU Portal UID/PIN and confirmation to login using 2FA, if applicable.
2FA Mobile App (FortiToken)
Staff (except visiting, hourly-paid staff and honorary appointees)
The token code can be obtained from the 2FA Mobile App (FortiToken) anytime whenever in need.
(Staff can choose to receive the token code either through alternate email address or 2FA Mobile App (FortiToken)).
Reset of 2FA Mobile App (FortiToken)
Reset is needed for staff who choose to use 2FA Mobile App (FortiToken) to receive the token code when
- their mobile device for receiving the token is changed or lost
- the 4-digit PIN of the 2FA Mobile App is forgotten
Please refer to the procedures here to arrange a reset.