TOKEN2 Molto-1, world's first multi-profile TOTP hardware token

    [Update 15/09/2020: Molto2 is coming]

    imageOur new product currently being finalized, the Token2 Molto-1, will expand on our technology by now supporting up to 10 Time based One-Time Password (TOTP) profiles. Earlier this year, with the miniOTP-2, miniOTP-3, and C301 we introduced the world’s first programmable TOTP tokens with time sync. The aim of these products was to provide a solution to the time drift that affects hardware tokens. We didn’t want to stop there, though! We also recognize the desire for multiple profiles which is why our latest product is a programmable multi-profile hardware token, called Token2 Molto-1. The clue is in the name, at least for anyone who understands Italian — “molto” is “many” in Italian. Having a multi-profile programmable hardware token means you can have only one device for up to 10 of your accounts.

    Hardware tokens are a great way to protect and secure your accounts from cyber-attacks and we recognize that most people will have multiple accounts they want to secure. For example, it’s common for users to have a Gmail account, a Microsoft account, a Facebook account, and so on. In the past users would need a separate device for each of their accounts, but not with the Molto-1. By supporting 10 TOTP profiles we are providing increased flexibility to our hardware token customers. The programmable nature of the Token2 Molto-1 is also aimed at providing maximum flexibility so that you can have a token that suits your cybersecurity needs. We are finalizing the development of the product and are expecting the first batch to arrive from our factory by the end of September.

    You can place a pre-sales order here.


    Dimensions 46x71x4mm
    TOTP Profiles up to 10
    Programmable via NFC, Windows and Android app
    Time sync Yes
    NFC Access Password protected — password can be changed
    Time step 30 or 60 seconds
    OTP Length 6 or 8 digits
    Maximal seed length 160 HEX (128 base32)
    Seed hash algorithm SHA-1 or SHA-256



    Have a look at the FAQ section below, or feel free to ask in the comments.

    Q. How secure is the procedure of programming/seeding the Molto-1 via NFC?
    A. There is absolutely no way to retrieve the seeds anyhow from the device. However, to fully ensure security, in particular, to prevent replay attack by modifying the system time (which is a highly demanded feature to solve the time drift issues) Molto-1 can be protected by setting an NFC access password. New devices will come with a default NFC access password which can be changed immediately. To prevent brute-force attack, the devices will be reset to factory defaults after 100 unsuccessful NFC access attempts.

    Q. What if I have set an NFC access password and forgot it. Does it mean that I can no longer use Molto-1?
    A. No, you can still use it by resetting to factory default. This reset will set NFC access password to default, but the operation will also clear all TOTP profiles (seeds and settings).

    Q. How long does the battery last?
    A. Battery life depends on usage. Burning/programming operations via NFC consume a lot more power, so we must take that into account as well. As a rough estimation, if a token is used a few times per day (i.e. each profile is used once — so 10 button presses a day) and the NFC operations are not very frequent (i.e. not more than once a month) — the Molto-1 token will last for 4-5 years.

    Q. Will I lose access to the TOTP profiles when the battery is dead?
    A. Yes, but you will have enough time to prepare. Molto-1 will have a battery indicator on the display. The indicator will show the status throughout the life of the token. You should replace your token (and migrate the TOTP tokens by resetting the second factor on each respective service) when the indicator shows the battery level as «empty» — you will still have a couple of months to do this.

    We would also like to use this chance to remind while TOTP is easy to implement and has wider use area, FIDO keys are providing greater security compared to classic OTP solutions.

    About TOKEN2

    TOKEN2 Multifactor authentication products and services (short name TOKEN2) is a group of companies providing various security solutions, including hardware tokens.

    TOKEN2 is listed as a featured hardware token vendor by companies like Microsoft, Untis, US Government and many others.
    AdBlock похитил этот баннер, но баннеры не зубы — отрастут


    Комментарии 6


      Do you have any plans to add a burner program for Linux? Or to publish NFC programming specs?

        Hi, no plans for Linux (yet), but we will think about that. We can share the NFC burner DLL with API/SDK, but this will most probably allow creating another Windows app, not Linux.

          It would be great to get a full description of NFC burning protocol. Is it possible? What is you policy about the open source and an open documentation?

          Anyway how can I get DLL with API/SDK? I have already ordered a couple of Molto-1 tokens. They look great. Hope the will perform well too :)

            Thanks for your interest. We are supporting open source, but the situation is a bit different when it comes to hardware, our management may need to decide.

            The DLLs will be provided upon signing the NDA, but they are currently under development, we will finalize it by the time you get your products delivered (in about a month).

              Hello. Our nfc apdu documentation is ready and can be shared upon NDA is signed. Let us know if you are still interested
          Thanks! Yes, it looks interesting. Great programmable hardware token! It looks like just a simple nice red calculator) I «saved» it and will take a further look.

          Только полноправные пользователи могут оставлять комментарии. Войдите, пожалуйста.

          Самое читаемое