Molto-2 USB Config tool

current version: 0.4
previous versions: 0.3  0.2  0.1

This tool is used to provision and configure TOTP profiles as well as change device settings of Molto-2 programmable hardware token. Kindly note that this page describes the Windows version of the tool. A cross-platform Python version of the Molto-2 USB Config tool is also available. A command-line utility to configure Molto2v2 devices, molto2-config.exe, is available here.

new in v0.4 : added lock/unlock function for device security (Molto2 v2.1 devices only)

Download & install

You should start by downloading the package and extracting to a folder on your hard drive. Molto-2 USB Config tool does not need to be installed, it can be launched as a standalone executable file.
Download Molto2 USB Config tool v 0.4

Provisioning a TOTP profile

Follow the steps below to perform setting the seed for your token. 

 1. Launch the exe file, then select the Molto2 device from the drop-down list and click on "Connect". 
Molto-2 USB Config tool

You should see the serial number of the token appearing on the bottom of the window.

Molto-2 USB Config tool

2. Select the seed profile from the drop-down list. The first version of Molto-2 has a total of 50 profiles available, from 0 to 49. With Molto-2 v2, the number of profiles is 100 (0-99)

Molto-2 USB Config tool

Please note that there is a factory set seed named '0. Token2' under profile №0 - you can request it from us if needed. 
3. Fill the "Input seed" field with the TOTP secret hash in base32 format. You can use the additional buttons under the input field to read QR from the screen (the app will minimize, take a screenshot and restore again) or load QR code from an image file.

Molto-2 USB Config tool

The app will try to normalize the seed string when provisioning (i.e. will make all letters capital, remove spaces, append empty symbols if shorter strings are entered)

4. Enter a title for the current profile. The title entered should be maximum 12 characters, ASCII symbols only. It will show on the token display after the profile number (i.e. '2. Office 365'). You can leave it empty - then only the profile number will be displayed.

Molto-2 USB Config tool

5. [Optional] Configure the TOTP parameters, if needed. In most of the cases, the default settings should be kept.

Molto-2 USB Config tool

The description of some features are shown below:

  • Time step: the time offset of the OTP generation (OTP regenerates after N seconds). Choose between 30 seconds and 60 seconds. This should match the TOTP parameters of the authentication system.
  • Algorithm: the hashing algorithm of the secret key. Can vary between sha1 and sha256. This should match the TOTP parameters of the authentication system.
  • OTP Length: choose between 4, 6, 8 and 10 digits. This should match the TOTP parameters of the authentication system.
  • UTC Time: this allows to sync the system clock of the hardware token. Keep it as 'System time' to automatically sync with the computer's clock the app is running on. To manually modify the time, select 'Set time' and enter the time in the format as in this example: 2020/07/25/18/56/33 = (year 4 digits)/(month 2 digits)/(day 2 digits)/(hour 2 digits)/(minutes 2 digits)/(seconds 2 digits)
  • Keyboard mode: if set to 'Auto Enter', the device will send the OTP digits together with 'Enter' keystroke (ASCII chr № 13) - this adds the convenience of minimizing user actions needed for logging on to a system (i.e. a Web login form with 2FA field), as the pressing the Enter key on the keyboard will be emulated, and the form requesting the OTP will be submitted automatically without the need of clicking the submit button.

6. Click on "provision profile #" button to complete the process. The log entry should say "N-Successful operation"

Molto-2 USB Config tool

Advanced settings

The tool gives the possibility to configure settings that are normally not required for regular use. To enable these additional functions click on the advanced checkbox on the top of the window. 

Molto-2 USB Config tool

The functionality is as explained below:

- Factory reset : clears all seeds, settings and titles and resets Access key to default. After this is done, the access key configuration has to be set to default in "System Configuration".

- Change Access Key : allows to set a new Access key to protect the device from unauthorized modifications. This is implemented primarily to protect the device from replay attacks by setting the time in the future and grabbing the "future OTPs". The key is expected to be in hex format.

- Write seed only : allows setting the seed without changing other configuration (such as title and hash type)

- Set title only : sets the title for the profile without changing other configuration (such as seed and hash type)

- Apply config only: sets the title for the profile without changing other configuration (such as seed and title). Important: if the type is changed from sha1 to sha256 (and vice versa), the seed will be lost

Bulk importing seeds and settings

Starting from version 0.2 Molto-2 USB Config tool supports importing multiple TOTP profiles from a special file. This may be useful when you already have the seeds and other parameters and want to quickly import it to your Molto2 device. For example, migrating TOTP profiles from your Google Authenticator app to Molto2 can be done by our Migration Toolset using this format. The format of the file is as follows (columns are tab separated):

Profile Seed (base32)                        Hash    Digits TimePeriod TimeSync AutoEnter  Title   
00      JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP      sha1      6      30      yes      yes        Token2.FR

To bulk provision, select the file using 'Import from file' button and click on 'bulk import' button.

Molto-2 USB Config tool

Device settings

Molto-2 USB Config tool

  • Display off time: the period after which the screen of the display will turn off (to save the battery). This only applies when the device runs on its battery; if plugged in, the display is constantly on.
  • Use numeric keypad: this is a setting for systems with French AZERTY keyboard (France, Belgium, and some African countries). In this mode, the "NumLock" state on the keyboard has to be active

Device lock feature

Molto-2 USB Config toolStarting from Molto2 v2.1 there is a possibility of locking the screen using the "lock" button in the Windows app.

Molto-2 USB Config tool

This will hide the OTPs from the device's screen until the unlock button is clicked.

Profile display modes

applies to Molto2 v2 or higher

Please note that the QR display and the HID-related features (numeric keypad and "auto-enter" feature) are only available if the devices are in Mode1 (one TOTP profile per screen). The HID and QR functionalities are not available in Mode2 (5 TOTP profiles per screen).