Pull to refresh

The Token2.com company has temporarily suspended it’s blog on Habr

Show first

MFA-protected SSH access to Ubuntu servers with LDAP or Azure AD Credentials and hardware or software tokens

Reading time 4 min
Views 3.6K

SSH, the secure shell, is often used to access remote Linux systems. Because we often use it to connect with computers containing important data, it’s recommended to add another security layer, such as the second factor.

In this guide, we will show how to leverage the TOKEN2 TOTPRadius appliance to organize SSH access to your Ubuntu server using local LDAP or Azure AD as the primary authentication factor, and TOTP factor from TOTPRadius as the secondary factor. The secondary authentication factors available with TOTPRadius can be a mobile authentication app or a hardware token.

Read more
Total votes 3: ↑3 and ↓0 +3
Comments 0

Paper-based TOTP tokens

Reading time 2 min
Views 1.4K

Enterprise policies are different, and in some cases weird. In this article, we will describe a very unusual problem raised by one of our customers. In a nutshell, the organization does not allow bringing any devices onsite, no smartphones, no mobile phones, and even no hardware tokens are allowed on-premises. At the same time, the organization is using Office 365 services from Microsoft and has enforced multi-factor authentication for all users to be activated.

To address this issue, our research and development team has spent some time and found a solution, which is a paper-based TOTP token. We are hereby presenting the solution, which is available for free (well, if you don't count the paper and ink cost).

Our solution is a web-based tool that generates the list of one-time passwords (OTPs) for an arbitrary seed. The list can be printed out and handed over to the end-users to serve as their second factor for authenticating in Azure AD with multi-factor authentication enabled. To associate this paper TOTP token with a user, you can follow the same procedure as with the regular TOTP tokens.

The procedure is simple, you enter the seed and click on submit to get the list generated. You will get a printable list similar to the one shown below for the next few days. By changing the number of future OTPs you can make the list longer or shorter.

Read more
Total votes 4: ↑4 and ↓0 +4
Comments 0

Enrolling and using Token2 USB Security keys with UserLock MFA

Reading time 4 min
Views 1K

UserLock provides two-factor authentication & access management for Windows Active Directory. By adding two-factor authentication, contextual restrictions and real-time insight around logons, UserLock helps administrators to secure, monitor and respond to all users' access, UserLock reduces the risk of external attacks and internal security breaches while helping to address regulatory compliance.

Read more
Total votes 1: ↑1 and ↓0 +1
Comments 0

Molto-2 — a USB programmable multi-profile TOTP hardware token

Reading time 2 min
Views 2.2K

About a year ago, we released Token2 Molto-1, the world's first programmable multi-profile hardware token. While Molto-1 is still the only solution of its kind currently available on the market, we will be soon releasing a new variation of a multi-profile hardware token, in a different form-factor and with a different set of features available.

While Molto-1 has its advantages, there were some shortcomings that we wanted to address, for example, it can only hold up to ten TOTP profiles, which is not enough for many users. Also, using NFC to program the device does not look very convenient for some users. There were also requests to have a backlight for the screen of the token, so it can be used in the dark. With Molto-2 we tried to address this and a few other concerns. So, we hereby present our new device model, Token2 Molto-2 with the following specifications:

TOKEN2 MOLTO-2 multi-profile programmable TOTP hardware token:

▣ RFC 6238 compliant

▣ supports up to 50 accounts/profiles

▣ USB-programmable with a Windows app

▣ RTC battery life: 8 years

▣ LCD screen battery: 3-4 months (rechargeable)

The table below shows the comparison between Molto-1 and Molto-2

Read more
Total votes 1: ↑1 and ↓0 +1
Comments 0

EVVIS-QR1 USB Programmable TOTP hardware token

Reading time 3 min
Views 2K
imageToday, we are presenting a new type of TOTP hardware tokens — USB Programmable token that displays the OTP value as a QR code and also can send the current OTP value over USB as a part of its HID emulation feature.

What is EVVIS-QR1?


EVVIS-QR1 is a hardware device developed primarily for Electronic visit verification (EVV) information systems (hence the name). It is a standards-based TOTP hardware token that can also be programmed over USB. The OTP generated is shown on the display both as regular digits as well as a QR image. Both features (OTP shown as QR code and HID keyboard emulation) are intended to make it possible to minimize typos when entering the OTP.
Read more →
Total votes 4: ↑4 and ↓0 +4
Comments 0

Token2 C301-i, the first iOS-compatible programmable TOTP token

Reading time 2 min
Views 934
TOKEN2 started manufacturing and selling programmable hardware tokens back in 2015 and we have been constantly asked questions about iPhone support. So far, our burner apps were available only for Android and Windows, as Apple did not allow using the NFC protocol on their devices, even though the hardware supporting NFC was physically present.

iOS 13 — coreNFC


The situation has improved a little bit with the release of iOS v13 when access to more features of coreNFC Developer API was introduced. Unfortunately, we discovered that it is not fully compatible with the NFC chips we are using. As there are little chances that Apple will make an effort to change this to adapt to our NFC chips, we had to do the opposite and develop a new, iOS13 compatible, NFC chip instead.

Token2 C301-i, the first iOS-compatible programmable TOTP token


Our first iOS-compatible token (model reference: “C301-i”) is currently being beta-tested and will start selling in a couple of months. Pre-orders are available here.
Read more →
Total votes 1: ↑1 and ↓0 +1
Comments 0

TOKEN2 Molto-1, world's first multi-profile TOTP hardware token

Reading time 3 min
Views 1.5K
[Update 15/09/2020: Molto2 is coming]

imageOur new product currently being finalized, the Token2 Molto-1, will expand on our technology by now supporting up to 10 Time based One-Time Password (TOTP) profiles. Earlier this year, with the miniOTP-2, miniOTP-3, and C301 we introduced the world’s first programmable TOTP tokens with time sync. The aim of these products was to provide a solution to the time drift that affects hardware tokens. We didn’t want to stop there, though! We also recognize the desire for multiple profiles which is why our latest product is a programmable multi-profile hardware token, called Token2 Molto-1. The clue is in the name, at least for anyone who understands Italian — “molto” is “many” in Italian. Having a multi-profile programmable hardware token means you can have only one device for up to 10 of your accounts.
Read more →
Total votes 4: ↑3 and ↓1 +2
Comments 6

Google informs users about a vulnerability with their Titan Security keys

Reading time 1 min
Views 1.8K

Titan Security Keys are marketed as phishing-resistant two-factor authentication (2FA) devices that help protect high-value users such as IT admins. They have been around for quite some time and have been largely promoted as the most secure second-factor device ever, both by Google itself and media.
Read more →
Total votes 11: ↑9 and ↓2 +7
Comments 4

Yet another review of OATH hardware tokens feature in Azure Cloud MFA

Reading time 2 min
Views 1.8K
About three months ago Microsoft has announced the availability of OATH TOTP hardware tokens in Azure MFA. The feature is still in “public preview”, but we see many of our customers using the feature in production already now. As we are testing this for the last couple of months in our lab environment and, in many cases, we are also assisting our customers with the activation of the feature, we have some observations that we believe are worth sharing.

image
Read more →
Total votes 18: ↑17 and ↓1 +16
Comments 0

Programmable TOTP tokens in a key fob form-factor

Reading time 1 min
Views 4.2K
TOTP tokens are small, easy-to-use devices that generate one-time passcodes. These tamper-evident devices can be used wherever strong authentication is required.

TOKEN2 is selling programmable hardware tokens in credit card format for already a few years now. Token2 miniOTP cards are marketed as a hardware alternative to Google Authenticator or other OATH-compliant software tokens. Having the same functionality extended to tokens in classic keyfob/dongle format was one of the features our customers asked for.

We are hereby announcing our new product, TOKEN2 C300 TOTP hardware token, which is possible to be reseeded for an unlimited number of times via NFC using a special «burner» app.
Читать дальше →
Total votes 22: ↑20 and ↓2 +18
Comments 16