• Paper-based TOTP tokens

      Enterprise policies are different, and in some cases weird. In this article, we will describe a very unusual problem raised by one of our customers. In a nutshell, the organization does not allow bringing any devices onsite, no smartphones, no mobile phones, and even no hardware tokens are allowed on-premises. At the same time, the organization is using Office 365 services from Microsoft and has enforced multi-factor authentication for all users to be activated.

      To address this issue, our research and development team has spent some time and found a solution, which is a paper-based TOTP token. We are hereby presenting the solution, which is available for free (well, if you don't count the paper and ink cost).

      Our solution is a web-based tool that generates the list of one-time passwords (OTPs) for an arbitrary seed. The list can be printed out and handed over to the end-users to serve as their second factor for authenticating in Azure AD with multi-factor authentication enabled. To associate this paper TOTP token with a user, you can follow the same procedure as with the regular TOTP tokens.

      The procedure is simple, you enter the seed and click on submit to get the list generated. You will get a printable list similar to the one shown below for the next few days. By changing the number of future OTPs you can make the list longer or shorter.

      Read more
    • Enrolling and using Token2 USB Security keys with UserLock MFA

        UserLock provides two-factor authentication & access management for Windows Active Directory. By adding two-factor authentication, contextual restrictions and real-time insight around logons, UserLock helps administrators to secure, monitor and respond to all users' access, UserLock reduces the risk of external attacks and internal security breaches while helping to address regulatory compliance.

        Read more
      • Molto-2 — a USB programmable multi-profile TOTP hardware token

          About a year ago, we released Token2 Molto-1, the world's first programmable multi-profile hardware token. While Molto-1 is still the only solution of its kind currently available on the market, we will be soon releasing a new variation of a multi-profile hardware token, in a different form-factor and with a different set of features available.

          While Molto-1 has its advantages, there were some shortcomings that we wanted to address, for example, it can only hold up to ten TOTP profiles, which is not enough for many users. Also, using NFC to program the device does not look very convenient for some users. There were also requests to have a backlight for the screen of the token, so it can be used in the dark. With Molto-2 we tried to address this and a few other concerns. So, we hereby present our new device model, Token2 Molto-2 with the following specifications:

          TOKEN2 MOLTO-2 multi-profile programmable TOTP hardware token:

          ▣ RFC 6238 compliant

          ▣ supports up to 50 accounts/profiles

          ▣ USB-programmable with a Windows app

          ▣ RTC battery life: 8 years

          ▣ LCD screen battery: 3-4 months (rechargeable)

          The table below shows the comparison between Molto-1 and Molto-2

          Read more
        • EVVIS-QR1 USB Programmable TOTP hardware token

            imageToday, we are presenting a new type of TOTP hardware tokens — USB Programmable token that displays the OTP value as a QR code and also can send the current OTP value over USB as a part of its HID emulation feature.

            What is EVVIS-QR1?


            EVVIS-QR1 is a hardware device developed primarily for Electronic visit verification (EVV) information systems (hence the name). It is a standards-based TOTP hardware token that can also be programmed over USB. The OTP generated is shown on the display both as regular digits as well as a QR image. Both features (OTP shown as QR code and HID keyboard emulation) are intended to make it possible to minimize typos when entering the OTP.
            Read more →
          • Ads
            AdBlock has stolen the banner, but banners are not teeth — they will be back

            More
          • Token2 C301-i, the first iOS-compatible programmable TOTP token

              TOKEN2 started manufacturing and selling programmable hardware tokens back in 2015 and we have been constantly asked questions about iPhone support. So far, our burner apps were available only for Android and Windows, as Apple did not allow using the NFC protocol on their devices, even though the hardware supporting NFC was physically present.

              iOS 13 — coreNFC


              The situation has improved a little bit with the release of iOS v13 when access to more features of coreNFC Developer API was introduced. Unfortunately, we discovered that it is not fully compatible with the NFC chips we are using. As there are little chances that Apple will make an effort to change this to adapt to our NFC chips, we had to do the opposite and develop a new, iOS13 compatible, NFC chip instead.

              Token2 C301-i, the first iOS-compatible programmable TOTP token


              Our first iOS-compatible token (model reference: “C301-i”) is currently being beta-tested and will start selling in a couple of months. Pre-orders are available here.
              Read more →
            • TOKEN2 Molto-1, world's first multi-profile TOTP hardware token

                [Update 15/09/2020: Molto2 is coming]

                imageOur new product currently being finalized, the Token2 Molto-1, will expand on our technology by now supporting up to 10 Time based One-Time Password (TOTP) profiles. Earlier this year, with the miniOTP-2, miniOTP-3, and C301 we introduced the world’s first programmable TOTP tokens with time sync. The aim of these products was to provide a solution to the time drift that affects hardware tokens. We didn’t want to stop there, though! We also recognize the desire for multiple profiles which is why our latest product is a programmable multi-profile hardware token, called Token2 Molto-1. The clue is in the name, at least for anyone who understands Italian — “molto” is “many” in Italian. Having a multi-profile programmable hardware token means you can have only one device for up to 10 of your accounts.
                Read more →
              • Yet another review of OATH hardware tokens feature in Azure Cloud MFA

                  About three months ago Microsoft has announced the availability of OATH TOTP hardware tokens in Azure MFA. The feature is still in “public preview”, but we see many of our customers using the feature in production already now. As we are testing this for the last couple of months in our lab environment and, in many cases, we are also assisting our customers with the activation of the feature, we have some observations that we believe are worth sharing.

                  image
                  Read more →
                • Programmable TOTP tokens in a key fob form-factor

                    TOTP tokens are small, easy-to-use devices that generate one-time passcodes. These tamper-evident devices can be used wherever strong authentication is required.

                    TOKEN2 is selling programmable hardware tokens in credit card format for already a few years now. Token2 miniOTP cards are marketed as a hardware alternative to Google Authenticator or other OATH-compliant software tokens. Having the same functionality extended to tokens in classic keyfob/dongle format was one of the features our customers asked for.

                    We are hereby announcing our new product, TOKEN2 C300 TOTP hardware token, which is possible to be reseeded for an unlimited number of times via NFC using a special «burner» app.
                    Читать дальше →