Device Accounts

Token2 2FA Authentication Tutorial + Review

The Token2 miniOTP-2 Token is a Token on which you can authenticate via a TOTP code, which is actually a QR scanned image, that generates an unique 6-digit code for 2FA to authenticate to your cloud service, if enabled.

 

Setting up the Token2 miniOTP-2 Token for 2FA

 

1 Token Off

 

What you need to know:

 

The current card miniOTP-1 / miniOTP-2 supports only One QR Code to Scan, to Authenticate against a Cloud Service. Keep this in mind, it’s not suited for multiple accounts.

 

Development of feature products

Within a reasonable time, the following product will be delivered to the market

https://www.token2.com/site/page/introducing-the-token2-molto-1

2 Token2 Molto 1

 

This item, only supports up to 10 QR / TOTP tokens.  So choose wisely.

If you are in need of more then 10 Cloud Accounts whom support QR 2FA, I suggest you take a good look at my article about Yubikey 2FA Hardware Security Key (Dutch). To my knowledge there are not any Security Key’s capable of larger QR / TOTP capacities.

Want to know more?

 

Again: note that only 1 QR code is to be programmed, no support for multiple Tokens.

 

Use case Private: Only a Google Account

Use case Companies: Authenticate against Azure Cloud.

  • For this you’ll need, Azure Premium + 2FA enabled and your Federation Services / SSO page, can if you’ve setup multiple providers authenticate via the Azure Portal to use other services connected to you Federation.

 

You can place your order at:

https://www.token2.com/shop/category/classic-tokens

 

This tutorial will be about the: Token2 miniOTP-2 where it is only 20 euro.

https://www.token2.com/shop/product/token-miniotp-2-card

From my site: you can get a discount of 5% with the DISCOUNT CODE: BTLST5319

The Expected lifetime: 3-5 years 

 

 

When you have received your order you can: Request the key on the following link to be able to use it.

https://www.token2.com/getkeys

 

For this process I explain at the end of this article: Requesting Authentication for the MiniOTP-2 Token.

 

What you need is an order ID and on the backup of de Token2 miniOTP-1 the serial (which is on the backside of the token).

And an GPG Public Key.

 

How to setup an GPG Public and Private Key.

 

Upon requesting, pretty soon you will receive the Base32 / Azure Token, which is also Base32.

You’ll be using this in the Burner App to Authenticate before syncing your QR Codes for 2FA.

https://www.token2.com/site/page/tools-for-programmable-tokens

 

Install the Burner APP – Most likely Android as you most probably do not have an NFC Reader for Windows.

Token2 NFC burner for miniOTP-1 

https://play.google.com/store/apps/details?id=com.token2.nfcardotp_nfcburner

Install it.

3 Token2 Burner App

 

 

Press de power button to turn the Card On

Hold it to the back of your phone > The application opens.

 

Scan QR cod of your Cloud Service.

Perform a Set Time and Sync Time

Hold the card while ON, to the back of you phone, till you hear a sound.

Click connect and hit Burn Seed.

 

4 Token2 Burn Seed

 

 

 

Login on the website you scanned the QR code for.

5 Login

Press the power button

7 Token On

Fill in the code displayed on your Card.

 

6 OTP

 

You’re logged in.

 

Setup an Google Account (we’ll not be covering Azure), but this method is valid for any kinds of Websites / Cloud Providers whom support A TOTP / QR Code of 30 seconds.

https://t2.click/63cd / https://www.token2.com/shop/page/secure-your-gmail-account-with-a-hardware-token

 

Mandatory: Requesting Authentication for the MiniOTP-2 Token.

 

Again, for reference on how to create a public GPG Key: How to setup an GPG Public and Private Key.

 

1 1

 

Fill in the details on:

https://www.token2.com/getkeys

 

As instructed with your order.

Wait for confirmation:

During weekday’s they respond quite rapidly even on EU hours where there’s always’s a USA representative able to respond to your requests.

 

Open de mails attachment

2 1 Received Seed

Save / Open it

Open with Kleopatra (GPG).

2 3 Open with

Decrypt with your private key password.

2 4 Enterpassword

 

Click Save ALL, look where you openen it in your browser downloads > last item > name of the file > open folder. Send it back to your mail client on  your phone.

 

I did this, but am unsure if it needs to be done.

Open the burner App

Enter the base32 code

Hold your card to the back of your phone.

Perform a time synchronization and click set time.

Click Connect Token

4 Token2 Burn Seed

 

You’re done.

 

Personal experience

One would say, this is great for cost minimzation for companies to authenticate against Azure.

On a personal note I would not use it, simply because I allready come short with my YubiKey with 32 TOTP tokens, and I need to exempt services I do not use often, to have the other TOTP in my Yubikey.

But this is a company whom is growing, and you might develop a sincere interest in their products in due time.

As I was thinking along with Token2 on how to approach this more commercially and in benefit of their end-users, I've made a simple sketch and send them, what I think must be done.

Who knows? They just might develop a product that is going to set the market to a new level

 

Here we have the original items and my suggested hardware setup.

1 TOTP Max

7 Token On

 

miniOTP

 

10 TOTP Max

.

2 Token2 Molto 1

 

Token2KeyPad

 

That's all folks,

Hoped you liked it.

 

Kind regards,

Martijn Kamminga