This tool is used to provision and configure TOTP profiles as well as change device settings of Molto-2 programmable hardware token
. Kindly note that currently only Windows version of this tool is available.
Meanwhile, the HID feature of the device (sending OTP via USB by keyboard emulation) works on Windows, macOS and Linux as well
Download & install
You should start by downloading the package and extracting to a folder on your hard drive. Molto-2 USB Config tool does not need to be installed, it can be launched as a standalone executable file. Download Molto2 USB Config tool v 0.1
Provisioning a TOTP profile
Follow the steps below to perform setting the seed for your token.
1. Launch the exe file, then select the Molto2 device from the drop-down list and click on "Connect". You should see the serial number of the token appearing on the screen.
2. Select the seed profile from the drop down list. The device has a total of 50 profiles available, from 0 to 49
Please note that there is a factory set seed named '0. Token2' under profile №0 - you can request it from us if needed.
3. Fill the "Input seed" field with the TOTP secret hash in base32 format. You can use the additional buttons under the input field to generate a random seed, paste from clipboard, read QR from the screen (the app will minimize, take a screenshot and restore again) or load QR code from an image file.
The app will try to normalize the seed string when provisioning (i.e. will make all letters capital, remove spaces, append empty symbols if shorter strings are entered)
4. Enter a title for the current profile. The title entered should be maximum 12 characters, ASCII symbols only. It will show on the token display after the profile number (i.e. '2. Office 365'). You can leave it empty - then only the profile number will be displayed.
5. [Optional] Configure the TOTP parameters, if needed. In most of the cases the default settings should be kept.
The description of some features are shown below:
- Time step: the time offset of the OTP generation (OTP regenerates after N seconds). Choose between 30 seconds and 60 seconds. This should match the TOTP parameters of the authentication system.
- Algorithm: the hashing algorithm of the secret key. Can vary between sha1 and sha256. This should match the TOTP parameters of the authentication system.
- OTP Length: choose between 4, 6, 8 and 10 digits. This should match the TOTP parameters of the authentication system.
- UTC Time: this allows to sync the system clock of the hardware token. Keep it as 'System time' to automatically sync with the computer's clock the app is running on. To manually modify the time, select 'Set time' and enter the time in the format as in this example: 2020/07/25/18/56/33 = (year 4 digits)/(month 2 digits)/(day 2 digits)/(hour 2 digits)/(minutes 2 digits)/(seconds 2 digits)
- Keyboard mode: if set to 'Auto Enter', the device will send the OTP digits together with 'Enter' keystroke (ASCII chr № 13) - this adds the convenience of minimizing user actions needed for logging on to a system (i.e. a Web login form with 2FA field), as the pressing the Enter key on the keyboard will be emulated, and the form requesting the OTP will be submitted automatically without the need of clicking the submit button.
6. Click on "PROVISION PROFILE № .." button to complete the process. The log entry should say "N-Successful operation"
- Standby time: the period after which the screen of the display will turn off (to save the battery). This only applies when the device runs on its battery; if plugged in, the display is constantly on.
- Use numeric keypad: this is a setting for systems with French AZERTY keyboard (France, Belgium, and some African countries)
You can enable expert mode to show additional controls shown below.
The functionality is as explained below:
- Factory reset : clears all seeds, settings and titles and resets Access key to default. After this is done, the access key configuration has to be set to default in "System Configuration".
- Change Access Key : allows to set a new Access key to protect the device from unauthorized modifications. This is implemented primarily to protect the device from replay attacks by setting the time in the future and grabbing the "future OTPs". The key is expected to be in hex format.
- Set seed : allows setting the seed without changing other configuration (such as title and hash type)
- Set title : sets the title for the profile without changing other configuration (such as seed and hash type)
- Apply config: sets the title for the profile without changing other configuration (such as seed and title). Important: if the type is changed from sha1 to sha256 (and vice versa), the seed will be lost