Tools for hardware tokens and security keys
Burner apps and config tools for TOTP tokens
Special Android, iPhone, or Windows applications (i.e. Token2 Burner app) should be used to "burn" the secret hash seeds. The apps require an NFC module to operate. Cross-platform (Python) solution is also available for some models (and coming soon for others). This table below provides a list of the available burner applications or configuration tools for different models of Token2 programmable tokens. The table is interactive: you can choose the token model in the first column, then the platform in the second column to see if the combination is supported.
- Cross-platform (Python) solutions have been tested with Windows 10/11, Ubuntu 20.04 and macOS Big Sur, but should, in theory, work with any *nix platform.
- iPhone apps only work with models with part numbers ending with "-i" (i.e. C301-i) and only with iPhones newer than iPhone 8 and iOS version 13 or higher.
Choose a token model | Choose platform | |
---|---|---|
miniOTP-1, C105 | Android | Google Play |
miniOTP-1, C105 | Windows | burner.exe command line tool |
C301, C302 | Android | Google Play |
C301, C302 | cross-platform (Python) | token2_config.py |
C301-i, C302-i | Android | Google Play |
C301-i, C302-i | Windows | Windows NFC Burner |
C301-i, C302-i | iPhone | iPhone app guide |
C301-i, C302-i | cross-platform (Python) | token2_config.py |
miniOTP-2, miniOTP-3 | Android | Google Play |
miniOTP-2, miniOTP-3 | Windows | Windows NFC Burner |
OTPC-P1, OTPC-P2 | Android | Google Play |
OTPC-P1, OTPC-P2 | Windows | Windows NFC Burner |
miniOTP-2-i, miniOTP-3-i | Android | Google Play |
miniOTP-2-i, miniOTP-3-i | Windows | Windows NFC Burner |
miniOTP-2-i, miniOTP-3-i | iPhone | iPhone app guide |
OTPC-P1-i, OTPC-P2-i | Android | Google Play |
OTPC-P1-i, OTPC-P2-i | Windows | Windows NFC Burner |
OTPC-P1-i, OTPC-P2-i | iPhone | iPhone app guide |
miniOTP-2-i, miniOTP-3-i | cross-platform (Python) | token2_config.py |
OTPC-P1-i, OTPC-P2-i | cross-platform (Python) | token2_config.py |
Molto-1 | Android | Android app guide |
Molto-1 | Windows | Windows app guide |
Molto-1-i | Android | Android app guide |
Molto-1-i | Windows | Windows app guide |
Molto-1-i | iPhone | iPhone app guide |
Molto-1-i | cross-platform (Python) | molto1_config.py |
EVVIS-QR-1 | Windows | EVVIS-QR1 USB Config tool |
Molto-2 | Windows | Molto-2 USB Config tool |
Molto-2v2 | Windows | Molto-2 USB Config tool |
Molto-2v2 | cross-platform (Python) | molto2.py |
Important! Please make sure you use the correct application, as using a wrong app may lock the device out. While this authentication is implemented in some models (Molto1 and Molto2 etc.), in some models, such as C301, OTPC* and miniOTP* cards, NFC access is left unrestricted by design. We use ready components for our cards (often called Java-chips) and they have by default NFC access authentication, the access key was hard coded , currently "8A D20 688 3CA3 694 82 AB2 7182 B6E 832 24" for single profile tokens (which cannot be changed) and "544 F4B 454 E32 4D4 F4C 544 F31 2D4 B4 55 9" for multi-profile models (which can be changed) ; removing authentication routine completely would make the final cost of the products higher. While this does not compromise security (as it is only possible to write the seeds and never read) , using a wrong app will damage the card for this reason.
Prerequisites
NFC Tokens
Android devices should be equipped with an NFC chip. iPhone apps are compatible with models newer than iPhone 7 and with iOS v13 or higher. Windows application will require an external USB NFC reader or a built-in NFC module (existing on some models of modern laptops). So far the application has only been tested under Windows 10 and Windows 8 64 bit. Python-based NFC Burner script (token2_config.py) requires the PN533-chip based NFC Writer device.
USB Tokens
No additional device, driver nor any other installation is needed. USB cable is supplied (USB-A to micro-USB port), any standard USB cable can be used (with data support). For computers without USB-A ports, USB-Type-C adapters can be used.
TOKEN2 FIDO2 Security keys
FIDO2 Keys can be managed and configured using standard operating systems tools. In addition, we have our own tools to manage the FIDO settings and some additional features
You can use the standard Windows control panel tool to manage your key, as long as you run Windows 10 build 1903 or later. Please note that the standard control panel applet has some limitations: i.e. it cannot remove individual fingerprints in the Bio FIDO2 Keys and cannot manage TOTP profiles.
FIDO2 Key management using Chromium based web browsers
If you are using macOS or Linux, you can manage your FIDO2 keys using the tool integrated into the latest Chromium based browsers, such as Google Chrome (starting from v80).
TOKEN2 Companion app is a tool to leverage the use of TOKEN2 FIDO2 security keys (second-generation only, T2F2-ALU, and T2F2-NFC) beyond classic U2F and standard FIDO2/WebAuthn functionality. The app enables you to set and use TOTP profiles on a computer or on an Android device (NFC or USB/OTG) as well as iOS (with NFC only). The guides are available below:
- Token2 FIDO2 Companion app - Windows version
- Token2 FIDO2 Companion app - iOS (only T2F2-NFC is supported)
- Token2 FIDO2 Companion app - Android version (T2F2-NFC and T2F2-ALU with OTG adapter are supported)
Virtual TOTP Tokens and converters
The tools below can be used to emulate hardware tokens. This can be used to test the functionality or to verify the OTP generation.
TOTP Toolset
This open-source toolset can be used to emulate a hardware token and as to perform OTP verification and drift detection. It can also be used to generate random seeds for programmable tokens and record generated data as CSV file for Azure MFA as described here.
The source code of Token2 TOTP Toolset is available under our GitHub repository. You can also use the hosted version.
t2otp.exe - command-line tool
This tool is created as a command-line emulator of Token2 hardware tokens. It can generate any combination of 6 or 8 digits OTP, with 30 or 60 seconds interval, with SHA1 or SHA256 secret keys. Click here for more information and download.
base32-to-hex-converter
A powershell script to convert files containing TOTP seeds(secrets) from base32 format to hex. The main use case is to convert Azure MFA CSV file to DUO-Compatible TOTP Import file
Subscribe to our mailing list
Want to keep up-to-date with the latest Token2 news, projects and events? Join our mailing list!