CalNet 2-Step Verification

All Retiree bMail account holders must enroll in CalNet 2-step to continue access to bMail service.

Visit the CalNet 2-Step website for information and instructions on how to enroll. Call (510) 664-9000 or email if you have any questions or need help enrolling.

When loging in, make sure to check the "Remember me for 30 days" box so that you only have to use 2-Step Verification every 30 days.

2-Step Verification Screen

What is two-step verification?

Two-step verification is a requirement to provide additional assurance that you are who you say you are when you use your CalNet ID to access University systems. This process typically utilizes a cell phone, but there are other options available. This new verification option ensures that you are the only person who can access your CalNet account, even if your passphrase is stolen. We are calling the Berkeley implementation the CalNet 2-Step. This approach is widely used, so you may be already using it with other online applications or to access your bank account.

Why am I required to do this?

Because you use your CalNet account to log into campus services like bConnected, two-step verification not only protects institutional data but your personal information as well.

UC Berkeley’s research, intellectual property, institutional and personal data are extremely valuable and attractive to cyber criminals. The use of stolen CalNet account usernames and passphrases is a serious, ongoing threat to the security of campus systems and data and is the most frequent way campus systems are compromised. In response to this threat, we have joined many of our peer institutions in providing two-step verification technology to protect all CalNet accounts. All faculty, staff and students have already signed up for and are currently protected by two-step verification. 

Retiring Telephone Calls for CalNet 2-Step Verification on January 12, 2022

The University will be ending the Telephone Call method for two-step verification on January 12, 2022. Below are the 2-Step Verification options offered by the University.

2-Step Verification Options:

Information on Backup Passcodes (Login Passcodes generated from your Calnet Account Manager)

You are always able to get a set of 10 login codes by logging into your Calnet Account Manager. And if you check the "Remember me for 30 days" box when you login, these codes can last you 10 months before you need to generate new ones.

To get these login codes:

  1. go to
  2. Login using your Calnet ID and Passphrase (the same login info you use for your Berkeley email)
  3. Once logged in, you will see the below screen, and you should click on the Get Backup Passcodes button at the bottom.Get back up passcodes screen
  4. Once your passcodes appear, click on Print passcodes and then save them in a safe place.
  5. You can only use a passcode once. If you ask for new passcodes, the old codes will no longer be active. Make a copy of these passcodes and store it in a safe place.

Information on Simple Hardware Token

To request a Simple Hardware Token, email

Simple OTP (one-time password) hardware tokens are available at no cost for anyone who does not have a smart phone or other 2-Step device. You can use a token to generate passcodes over and over again, but each passcode is only good to use one time. 

The Retirement Center will register your token before mailing it to you.

Once you receive your token in the mail, follow these instructions to use it for 2-Step Verification:

  1. Enter your CalNet ID and passphrase to log in as usual to the Calnet Authentication Service screen.
  2. When the 2-Step screen appears, Make sure the Device is set to "Token," and then click the "Enter a Passcode" button.
    Tokin login screen
  3. Next, tap the red power symbol on your Simple Hardware Token. A numerical code will appear on the token’s screen.
    token image
  4. If you hold down the red button too long, it will display all; 8s. Let the token be until the screen clears, and try again.
  5. Type the code that appears on your token into the field for the passcode on the 2-Step screen
    Token instructions screen
  6. If you want this web browser on this computer to remember you and not prompt you for 2-Step for 30 days, click the checkbox to "Remember me for 30 days"
  7. Click Log In.