The Token2 miniOTP-2 Token is a Token on which you can authenticate via a TOTP code, which is actually a QR scanned image, that generates an unique 6-digit code for 2FA to authenticate to your cloud service, if enabled.
Setting up the Token2 miniOTP-2 Token for 2FA
What you need to know:
The current card miniOTP-1 / miniOTP-2 supports only One QR Code to Scan, to Authenticate against a Cloud Service. Keep this in mind, it’s not suited for multiple accounts.
Development of feature products
Within a reasonable time, the following product will be delivered to the market
https://www.token2.com/site/page/introducing-the-token2-molto-1
This item, only supports up to 10 QR / TOTP tokens. So choose wisely.
If you are in need of more then 10 Cloud Accounts whom support QR 2FA, I suggest you take a good look at my article about Yubikey 2FA Hardware Security Key (Dutch). To my knowledge there are not any Security Key’s capable of larger QR / TOTP capacities.
Want to know more?
Again: note that only 1 QR code is to be programmed, no support for multiple Tokens.
Use case Private: Only a Google Account
Use case Companies: Authenticate against Azure Cloud.
- For this you’ll need, Azure Premium + 2FA enabled and your Federation Services / SSO page, can if you’ve setup multiple providers authenticate via the Azure Portal to use other services connected to you Federation.
You can place your order at:
https://www.token2.com/shop/category/classic-tokens
This tutorial will be about the: Token2 miniOTP-2 where it is only 20 euro.
https://www.token2.com/shop/product/token-miniotp-2-card
From my site: you can get a discount of 5% with the DISCOUNT CODE: BTLST5319
The Expected lifetime: 3-5 years
When you have received your order you can: Request the key on the following link to be able to use it.
https://www.token2.com/getkeys
For this process I explain at the end of this article: Requesting Authentication for the MiniOTP-2 Token.
What you need is an order ID and on the backup of de Token2 miniOTP-1 the serial (which is on the backside of the token).
And an GPG Public Key.
How to setup an GPG Public and Private Key.
Upon requesting, pretty soon you will receive the Base32 / Azure Token, which is also Base32.
You’ll be using this in the Burner App to Authenticate before syncing your QR Codes for 2FA.
https://www.token2.com/site/page/tools-for-programmable-tokens
Install the Burner APP – Most likely Android as you most probably do not have an NFC Reader for Windows.
Token2 NFC burner for miniOTP-1
https://play.google.com/store/apps/details?id=com.token2.nfcardotp_nfcburner
Install it.
Press de power button to turn the Card On
Hold it to the back of your phone > The application opens.
Scan QR cod of your Cloud Service.
Perform a Set Time and Sync Time
Hold the card while ON, to the back of you phone, till you hear a sound.
Click connect and hit Burn Seed.
Login on the website you scanned the QR code for.
Press the power button
Fill in the code displayed on your Card.
You’re logged in.
Setup an Google Account (we’ll not be covering Azure), but this method is valid for any kinds of Websites / Cloud Providers whom support A TOTP / QR Code of 30 seconds.
https://t2.click/63cd / https://www.token2.com/shop/page/secure-your-gmail-account-with-a-hardware-token
Mandatory: Requesting Authentication for the MiniOTP-2 Token.
Again, for reference on how to create a public GPG Key: How to setup an GPG Public and Private Key.
Fill in the details on:
https://www.token2.com/getkeys
As instructed with your order.
Wait for confirmation:
During weekday’s they respond quite rapidly even on EU hours where there’s always’s a USA representative able to respond to your requests.
Open de mails attachment
Save / Open it
Open with Kleopatra (GPG).
Decrypt with your private key password.
Click Save ALL, look where you openen it in your browser downloads > last item > name of the file > open folder. Send it back to your mail client on your phone.
I did this, but am unsure if it needs to be done.
Open the burner App
Enter the base32 code
Hold your card to the back of your phone.
Perform a time synchronization and click set time.
Click Connect Token
You’re done.
Personal experience
One would say, this is great for cost minimzation for companies to authenticate against Azure.
On a personal note I would not use it, simply because I allready come short with my YubiKey with 32 TOTP tokens, and I need to exempt services I do not use often, to have the other TOTP in my Yubikey.
But this is a company whom is growing, and you might develop a sincere interest in their products in due time.
As I was thinking along with Token2 on how to approach this more commercially and in benefit of their end-users, I've made a simple sketch and send them, what I think must be done.
Who knows? They just might develop a product that is going to set the market to a new level
Here we have the original items and my suggested hardware setup.
1 TOTP Max
10 TOTP Max
.
That's all folks,
Hoped you liked it.
Kind regards,
Martijn Kamminga