FAQ: Hardware tokens and purchases

FAQ - burner apps FAQ - Office365/ Azure AD (Microsoft Entra ID) MFA



  • How is my credit card data stored and processed on your website?

    We do not  store or process any payment information on our website. After you fill your order data, an order ID is created and passed to one of our payment processors (SIX Payments, Stripe or PayPal). You only enter the credit card information on the payment page hosted by the payment gateway.

  • How do clients obtain the seeds/secrets/CSV for purchased TOTP tokens?

    The seeds (also known as secrets or secret keys) can be requested in various formats, including CSV, exclusively by users authorized to receive them. When placing an order, you can specify additional email addresses in the "Additional info" field to ensure the seeds are sent to the appropriate recipients. For further details, please refer to our documentation here.

  • Do I need to register on your website to proceed with my order?

    There is no requirement to register, you only need to provide your email address when completing the order (Guest mode). You can register aftewards if needed and all orders previously made in guest mode using your email address will appear under your account. Invoices, tracking information, seed request links can be found on the order page links (last column). There is also a downloads section where you can access entitled software and tools that are available only to Token2 customers and partners. The list of available downloads depend on the products you have previously ordered with us (i.e. the Python solution can be downloaded only if you have purchased our Python-compatible NFC writer etc.)

  • Can I get a free sample?

    We normally do not  provide free samples. If you want to test the functionality, feel free to use our virtual TOTP toolset . It fully emulates our hardware tokens.

  • Can I use the programmable tokens with AWS or Fortnite 2FA?

    Yes, our second-generation tokens support longer seeds generated by AlibabaCloud AWS , or Fortnite . Make sure you have the latest version (at least NFC Burner 2.1 for Android or NFC Burner 0.1 Advanced for Windows). Previous versions of the app do not support longer seeds.

  • Which of your tokens support Azure Cloud MFA?

    All our token models support Azure Cloud MFA as long as your Azure AD (Microsoft Entra ID) license is P1 or P2. If you do not have any Azure AD (Microsoft Entra ID) license, you can still benefit from our tokens, but only the programmable  ones. They act as a drop-in replacement of mobile authenticator apps (i.e. Microsoft Authenticator or Google Authenticator). This flowchart decision tree will help you to choose the right token model for your case.

  • Can I use hardware tokens to implement Active Directory login with two-factor authentication?

    Microsoft does not natively support TOTP authentication for the Active Directory. Azure Active Directory supports logging in with FIDO2 Security keys, but this is not an OTP-based multifactor authentication. If you need to implement TOTP as a second factor for on-premise Azure Directory user authentication, we recommend third-party products, such as UserLock or MultiOTP .

  • Can I get a discount?

    Discounts are possible with orders starting from 50 units. To request a discounted quote, add the products to the basket, proceed with the checkout and at the final phase, click on the « Request quote » button.

  • Can the token be used with multiple services at once or is it one token per one service?

    This depends on the authentication system itself. If the system supports importing the seeds, then yes. If out of 2 systems, one supports importing the seeds and the second is hardcoded to QR code-based provisioning, then the same token can be used for 2 systems, for example, you can use the same token to login to both  Google and Office365 . For other cases, you can use our multi-profile TOTP tokens that can hold up to 100 TOTP profiles.

  • Can your tokens be used with DUO?

    DUO supports TOTP hardware tokens, but they have not fully implemented the time drift adjustment as per RFC6238. So, after some time, the tokens' hardware clock will become out of sync and the OTP codes will not be accepted by DUO authentication servers because of the system clock not matching. The time of the token then needs to be adjusted keeping the current seed intact. This is only possible with Token2 programmable tokens with unrestricted time sync: miniOTP-2 OTPC-P1 , C302 Molto-1  and some others. Read more about using Token2 hardware tokens with DUO here .

  • How do I receive the seeds (secret shared keys) for the purchased tokens?

    Once the products are delivered, customers should request the secret keys by filling the seed request form (the URL of the form is unique for each order and is shown on the relevant order page). Kindly note that the order verification process is done manually and may take some time. Please note that the seeds can only be sent to the emails specified when the order is placed . Keys requested in standard formats (Hex, Base32 or CSV for Azure MFA) are normally sent within one business day (CET timezone). After the secret keys are received, you should import them to your authentication system. The full procedure is described here .
    Please note that you do not need to request secret keys for programmable tokens or FIDO keys with TOTP/HOTP - you can set the keys yourselves using one of our burner/companion apps

  • Can I use the NFC cards or dongles for my access control systems?

    Yes, even if not powered on, our NFC devices act as simple NFC tags and can be used as a part of your access control system or "follow-me" printing systems. The only requirement is to support the same standard (ISO14443)

  • Do you ship to my country?

    We ship worldwide * with regular post or FedEx or UPS express services. Kindly note that shipping with regular post is longer and delivery times shown on the shipping form are approximate and not guaranteed. Shipping with FedEx or UPS is relatively more expensive ** , but delivery times are guaranteed (from 1 to 5 business days depending on your location, not counting customs clearance delays).

    * - except for some countries, i.e. Russia, due to local cryptography-related legislation issues. ** - the shipping cost for express delivery shown on the checkout page is a ballpark figure for the most expensive location within the country selected. You can contact us if you believe shipping to your city must be cheaper, we can check the exact price with FedEx or UPS



  • I have chosen Regular Post and my order is still not delivered.

    If the shipping option chosen for your order is "Regular post" (priority or with tracking) usually delivered within a week in Europe, US & Canada, 2 weeks to MENA region and 6-8 weeks to Australia and New Zealand, and the post says it may take up to 4, 6 and 10 weeks respectively. However, please note that this is approximation without warranty and the service is of a "best-effort" type. We have absolutely no visibility (except the tracking code, which is communicated to customers when the order is shipped) nor any further control. 

  • Where are your products manufactured?

    For many of our products, we are considered a systems integrator rather than a manufacturer, as our products may contain different components, such as batteries, NFC chips or plastic cases, from various countries. According to Article 60(2) UCC, when two or more countries are involved in the manufacture of the product, it shall be deemed to originate in the country or territory where they underwent their last, substantial, economically justified processing or working. In this context, we declare the country of the origin as Switzerland where allowed (i.e. in customs declaration). This is not, however, enough to declare the product as Swiss-made as Switzerland has a stricter rule on this: at least 60% of the components must be produced in Switzerland.  Currently, having more than 60% of the components produced in Switzerland would make the final price of the product several times higher. We are still working on moving the production to Switzerland while keeping the costs at an affordable level.

    Nevertheless, be assured that all the production phases are under the thorough control of our specialists, and the components supplied by our partners undergo regular quality checks. The software, firmware, and sensitive data (such as seeds) handling operations are done in Switzerland. Furthermore, our business model is based not just on selling or reselling hardware, but more on providing full high quality technical support at all stages, starting from choosing the most suitable and cost-effective device model to its activation and configuration with any compatible authentication system used by the client. 

  •  Are your products unique?


    In addition to generic standards-based devices such as TOTP tokens and FIDO2 security keys that are not unique, of course, many devices we produce are unique and innovative and never existed before. Devices such as tokens for EVV verification, TOTP tokens with time sync , multiprofile TOTP hardware tokens and FIDO2 keys with PIN complexity enforcement are fully based on our inventions and research papers - there are proofs and evidences showing that they appeared first in our publications. Due to the limitations of the Swiss legislation, these inventions are not patentable (Article 1 of the Swiss Patent Act), therefore we do not have any mechanism of protecting from replicas of our inventions, however it is clear that the suppliers of such replicas are obviously not in a position to provide the same level of support for these devices.