A hard token is a physical device that generates secure authentication codes for your DrFirst ePrescribe portal. After receiving your token, you'll need to add it to your account before you can use it to prescribe controlled substances through Practice Better.
Once your hard token arrives, activating it in your DrFirst account takes just a few minutes and ensures secure access for prescribing controlled substances.
💡 Don't have a hard token yet? See our article: Requesting a Hard Token for EPCS for ordering instructions.
In this article:
- Preparing Your Hard Token
- Accessing Token Management
- Adding Your New Token
- Managing Your Tokens
- Important Information About Hard Tokens
- Troubleshooting
Preparing Your Hard Token
Before you begin the activation process, take a moment to test your hard token and confirm it's working properly.
- Locate the power button on your token device and press the button firmly.
- Confirm that:
- The device powers on
- The screen lights up
- A six-digit code appears on the display
If your token doesn't turn on, doesn't display anything, or shows an error, contact DrFirst support for assistance before proceeding.
Accessing Token Management
To add your new token, you'll need to access DrFirst's Token Management screen.
You can access these settings through your Practice Better integration or by logging in directly to the EPCS Prescriber Dashboard.
📍 Please note: You'll need an existing active token to log in directly. If you don't have any active tokens yet, follow the steps to access token management through the integration.
This is the most common path for Practice Better users:
- Launch the DrFirst (Rcopia) portal through your Practice Better integration.
- Click the hamburger menu icon (three horizontal lines) at the top left corner of the DrFirst screen and select Utilities.
- Click Token Management.
-
Log in to EPCS Gold Prescriber Dashboard. Enter your NPI and Passphrase on the login screen.
📍 Please note: Your passphrase is the specific password you created for prescribing controlled substances during your EPCS enrollment. This is different from your regular DrFirst login password.
- Enter a one-time pin (OTP) from a token that's already associated with your account.
- Once logged in, click the Tokens tab at the top of the screen, or click the Manage Tokens button on the right side of the page.
Adding Your New Token
Now you're ready to add your new hard token to your account.
- From the Token Management screen, click the Add New Token button at the top left.
- A section titled Add Two Factor Authentication Token will appear with several fields to complete.
-
Fill in all six required fields:
Token Manufacturer
Select ONESPAN from the dropdown menu.
Token Issuer
Select DRFIRST from the dropdown menu.
Token Type
Select OTP HARD TOKEN from the dropdown menu.
Token Name
Enter a descriptive nickname that will help you identify this specific token later. This is especially important if you have multiple tokens.
Good examples: "orange keyfob," "office desk token," "backup token," "travel token"
Avoid generic names like: "token," "my token," "token1"
S/N or Credential ID
Flip your token over and locate the serial number printed on the back. Enter this number exactly as shown, without any spaces or dashes.
Format: A long string of numbers (typically 11-12 digits)
Example: 331551111
OTP
Press the button on your physical token to generate a fresh code. Enter the six-digit number displayed on the screen.⚠️ Important: Token codes expire quickly (usually within 30-60 seconds). If you're not sure your code is still valid, press the button again to generate a new one before clicking Save.
- Review all fields carefully to ensure accuracy, especially the serial number.
- Click Save to complete the activation.
✅ All set! Your hard token is now associated with your account and ready to use for prescribing controlled substances through Practice Better's ePrescribe integration.
Managing Your Tokens
Once you've added tokens to your account, you may need to disable or re-enable them from time to time.
Disabling a Token
You might need to disable a token temporarily (if it's misplaced) or permanently (if it's lost, damaged, or you're replacing it with a new one).
- From the Token Management screen, locate the token you want to disable.
- Click Disable in the Action column for that token.
- Select the appropriate Reason for disabling from the dropdown menu:
- Temporarily Unavailable - Use this if the token is misplaced but you expect to find it
- Lost - The token cannot be located
- Damaged - The token is broken or malfunctioning
- Canceled - You no longer want to use this token
- Click Disable to confirm.
⚠️ Important: If you select "Lost," "Damaged," or "Canceled," the token will be permanently disabled and cannot be reactivated. Only select "Temporarily Unavailable" if you plan to use the same token again later.
Enabling a Token
If you previously disabled a token with "Temporarily Unavailable" status, you can reactivate it.
- From the Token Management screen, locate the disabled token.
- Click Enable in the Action column.
- Press the button on your physical token to generate a current code.
- Enter the one-time pin (OTP) displayed on your token.
- Click Activate Token.
Your token is now active again and ready to use for authentication.
Important Information About Hard Tokens
Battery Life and Replacement
Hard token batteries are sealed and can't be replaced. When your token's battery runs out (typically after several years of use), the device will stop generating codes, and you'll need to order a replacement token.
Signs your battery may be dying:
- The screen becomes dim or hard to read
- The token powers on but codes don't appear
- The device won't turn on at all
→ See our article: Requesting a Hard Token for EPCS for replacement ordering instructions.
Token Nicknames
Choose unique, descriptive nicknames for each token you add. These names appear in dropdown menus when you're selecting which token to use for authentication, making it easier to identify the right device quickly.
If you have multiple tokens, consider naming them based on:
- Physical characteristics (color, size)
- Location where you keep them (office, home, travel bag)
- Purpose (primary, backup, emergency)
Security Best Practices
Your hard token is a critical security device. Follow these best practices to keep your prescribing access secure:
- Keep your token in a secure, consistent location
- Don't share your token with anyone
- Report lost or stolen tokens immediately
- Disable old tokens when activating replacements
- Consider having a backup token in a separate secure location
DEA Requirements
The DEA requires specific security measures for controlled substance prescribing. Your hard token is part of the two-factor authentication system that meets these federal requirements. Always keep your token secure and use it only for your own prescribing activities.
💡 Tip: Many practitioners attach their hard token to their keychain or keep it in a specific desk drawer to ensure it's always available when needed for prescribing.
Troubleshooting
I can't find the serial number on my token
The serial number is printed on the back of the physical device. It's a long string of numbers (typically 11-12 digits). If the numbers are worn off or illegible, contact Practice Better support for assistance.
My token code doesn't work when I try to add it
Token codes expire quickly (within 30-60 seconds). Generate a fresh code by pressing the button again, and immediately enter it before clicking Save. Make sure you're entering all six digits correctly.
I disabled my token by mistake
If you selected "Temporarily Unavailable," you can re-enable it by following the steps in the Enabling a Token section above. If you selected a permanent reason like "Lost" or "Damaged," the token cannot be reactivated and you'll need to order a replacement.
My token is working but I want to add a backup token
You can have multiple active tokens on your account. Simply order an additional token and follow the activation steps above to add it. Make sure to give each token a unique, descriptive name.