Molto-2 USB Config toolMolto-2 programmable hardware token. Kindly note that this page describes the Windows version of the tool. A cross-platform Python version of the Molto-2 USB Config tool is also available. A command-line utility to configure Molto2v2 devices, molto2-config.exe, is available here.
new in v0.4 : added lock/unlock function for device security (Molto2 v2.1 devices only)
Download & installYou should start by downloading the package and extracting to a folder on your hard drive. Molto-2 USB Config tool does not need to be installed, it can be launched as a standalone executable file.
Provisioning a TOTP profileFollow the steps below to perform setting the seed for your token.
1. Launch the exe file, then select the Molto2 device from the drop-down list and click on "Connect".
You should see the serial number of the token appearing on the bottom of the window.
2. Select the seed profile from the drop-down list. The first version of Molto-2 has a total of 50 profiles available, from 0 to 49. With Molto-2 v2, the number of profiles is 100 (0-99)
The app will try to normalize the seed string when provisioning (i.e. will make all letters capital, remove spaces, append empty symbols if shorter strings are entered)
4. Enter a title for the current profile. The title entered should be maximum 12 characters, ASCII symbols only. It will show on the token display after the profile number (i.e. '2. Office 365'). You can leave it empty - then only the profile number will be displayed.
5. [Optional] Configure the TOTP parameters, if needed. In most of the cases, the default settings should be kept.
The description of some features are shown below:
- Time step: the time offset of the OTP generation (OTP regenerates after N seconds). Choose between 30 seconds and 60 seconds. This should match the TOTP parameters of the authentication system.
- Algorithm: the hashing algorithm of the secret key. Can vary between sha1 and sha256. This should match the TOTP parameters of the authentication system.
- OTP Length: choose between 4, 6, 8 and 10 digits. This should match the TOTP parameters of the authentication system.
- UTC Time: this allows to sync the system clock of the hardware token. Keep it as 'System time' to automatically sync with the computer's clock the app is running on. To manually modify the time, select 'Set time' and enter the time in the format as in this example: 2020/07/25/18/56/33 = (year 4 digits)/(month 2 digits)/(day 2 digits)/(hour 2 digits)/(minutes 2 digits)/(seconds 2 digits)
- Keyboard mode: if set to 'Auto Enter', the device will send the OTP digits together with 'Enter' keystroke (ASCII chr № 13) - this adds the convenience of minimizing user actions needed for logging on to a system (i.e. a Web login form with 2FA field), as the pressing the Enter key on the keyboard will be emulated, and the form requesting the OTP will be submitted automatically without the need of clicking the submit button.
6. Click on "provision profile #" button to complete the process. The log entry should say "N-Successful operation"
The tool gives the possibility to configure settings that are normally not required for regular use. To enable these additional functions click on the advanced checkbox on the top of the window.
The functionality is as explained below:
- Factory reset : clears all seeds, settings and titles and resets Access key to default. After this is done, the access key configuration has to be set to default in "System Configuration".
- Change Access Key : allows to set a new Access key to protect the device from unauthorized modifications. This is implemented primarily to protect the device from replay attacks by setting the time in the future and grabbing the "future OTPs". The key is expected to be in hex format.
- Write seed only : allows setting the seed without changing other configuration (such as title and hash type)
- Set title only : sets the title for the profile without changing other configuration (such as seed and hash type)
- Apply config only: sets the title for the profile without changing other configuration (such as seed and title). Important: if the type is changed from sha1 to sha256 (and vice versa), the seed will be lost
Bulk importing seeds and settings
Starting from version 0.2 Molto-2 USB Config tool supports importing multiple TOTP profiles from a special file. This may be useful when you already have the seeds and other parameters and want to quickly import it to your Molto2 device. For example, migrating TOTP profiles from your Google Authenticator app to Molto2 can be done by our Migration Toolset using this format. The format of the file is as follows (columns are tab separated):
Profile Seed (base32) Hash Digits TimePeriod TimeSync AutoEnter Title 00 JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP sha1 6 30 yes yes Token2.FR
To bulk provision, select the file using 'Import from file' button and click on 'bulk import' button.
- Display off time: the period after which the screen of the display will turn off (to save the battery). This only applies when the device runs on its battery; if plugged in, the display is constantly on.
- Use numeric keypad: this is a setting for systems with French AZERTY keyboard (France, Belgium, and some African countries). In this mode, the "NumLock" state on the keyboard has to be active
Device lock feature
Starting from Molto2 v2.1 there is a possibility of locking the screen using the "lock" button in the Windows app.
This will hide the OTPs from the device's screen until the unlock button is clicked.
Profile display modes
applies to Molto2 v2 or higher
Please note that the QR display and the HID-related features (numeric keypad and "auto-enter" feature) are only available if the devices are in Mode1 (one TOTP profile per screen). The HID and QR functionalities are not available in Mode2 (5 TOTP profiles per screen).
Subscribe to our mailing list
Want to keep up-to-date with the latest Token2 news, projects and events? Join our mailing list!