05-05-2023
Molto2 Receives "Certified Product" Badge from Independent Third-Party Assessment by SySS GmbH
 At our company, we believe in delivering safe and secure products to our customers. That's why we engaged SySS GmbH, an independent third-party security company, to conduct a thorough security assessment of our product, Molto2. We are proud to announce that Molto2 has passed this assessment with flying colors and has received a "Certified Product" badge from SySS GmbH.
At our company, we believe in delivering safe and secure products to our customers. That's why we engaged SySS GmbH, an independent third-party security company, to conduct a thorough security assessment of our product, Molto2. We are proud to announce that Molto2 has passed this assessment with flying colors and has received a "Certified Product" badge from SySS GmbH.
product updates
21-04-2023
Introducing Token2 FIDO2 PIN+: The Security Key That Enforces Strong PIN Complexity
 We are excited to announce the upcoming launch of our latest product variation, the Token2 FIDO2 PIN+. The PIN+ series is a new variation of our existing security keys that deviates from the FIDO2 standards to provide stronger PIN complexity enforcement.
We are excited to announce the upcoming launch of our latest product variation, the Token2 FIDO2 PIN+. The PIN+ series is a new variation of our existing security keys that deviates from the FIDO2 standards to provide stronger PIN complexity enforcement.
product updates
07-04-2023
Enhancing Security with the Token2 Molto-2 Lock Screen Feature
 The Token2 Molto-2 is a popular multiprofile hardware token used for two-factor authentication, providing an additional layer of security for various online services and systems. With the latest version of the device, a new feature has been added that allows users to lock the device screen for added security.
The Token2 Molto-2 is a popular multiprofile hardware token used for two-factor authentication, providing an additional layer of security for various online services and systems. With the latest version of the device, a new feature has been added that allows users to lock the device screen for added security.
product updates
22-03-2023
iOS Mail or Outlook App for Office 365 Users with Passwordless Authentication
 As more and more organizations adopt a passwordless method of authentication, users are faced with the challenge of configuring their email accounts on their mobile devices.
As more and more organizations adopt a passwordless method of authentication, users are faced with the challenge of configuring their email accounts on their mobile devices. 
guides
20-03-2023
Unlocking the Benefits of Azure Passwordless with FIDO2 Keys
 We understand that some of our customers have questions and concerns about migrating to Azure Passwordless with FIDO2 keys. With this blog post, we aim to address and clarify some of the common queries that may arise regarding the technology.
We understand that some of our customers have questions and concerns about migrating to Azure Passwordless with FIDO2 keys. With this blog post, we aim to address and clarify some of the common queries that may arise regarding the technology. 
review
30-01-2023
Top myths about FIDO2 security keys and Passwordless access
 We have been getting quite a lot of questions about the security level of FIDO keys, in the light of some recent news and research papers covering potential vulnerabilities of both the protocol stack itself and the hardware of certain implementations.
We have been getting quite a lot of questions about the security level of FIDO keys, in the light of some recent news and research papers covering potential vulnerabilities of both the protocol stack itself and the hardware of certain implementations. 
review
03-01-2023
molto2.py - Molto2 USB Config tool
 molto2.py is a solution developed by Token2 to program and configure the Molto2v2 TOTP hardware tokens using pyscard python library. It is fully cross-platform and  works under Linux, macOS and Windows operating systems.
molto2.py is a solution developed by Token2 to program and configure the Molto2v2 TOTP hardware tokens using pyscard python library. It is fully cross-platform and  works under Linux, macOS and Windows operating systems.
product updates
15-12-2022
Introducing Passwordless Login for Our Website!
 At Token2, we are always looking for ways to improve the user experience and make it as convenient and secure as possible. That's why we are excited to announce the addition of a passwordless login option for our website.
At Token2, we are always looking for ways to improve the user experience and make it as convenient and secure as possible. That's why we are excited to announce the addition of a passwordless login option for our website.
website updates
05-12-2022
Provisioning Token2 TOTP programmable tokens - a universal guide
 We have a lot of integration guides describing the process of enrolling our programmable tokens with different systems, such as Google, Microsoft, Facebook and many others.
We have a lot of integration guides describing the process of enrolling our programmable tokens with different systems, such as Google, Microsoft, Facebook and many others. 
integration guides
17-08-2022
Using programmable hardware tokens with Azure AD B2C
 On August 16th, 2022, Microsoft announced TOTP-based MFA for Azure AD B2C as generally available. The name used for this authentication method is "OATH software tokens", which is another name for TOTP authentication apps like Google Authenticator or Microsoft Authenticator.
 On August 16th, 2022, Microsoft announced TOTP-based MFA for Azure AD B2C as generally available. The name used for this authentication method is "OATH software tokens", which is another name for TOTP authentication apps like Google Authenticator or Microsoft Authenticator.
integration guides
09-06-2022
Python version of the NFC Burner app - token2_config.py
 We have been getting many requests from the customers asking to make the NFC Burner tools available under macOS and Linux.
We have been getting many requests from the customers asking to make the NFC Burner tools available under macOS and Linux. 
product updates
27-01-2022
PolKit vulnerability (CVE-2021-4034)
 A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by local unprivileged users to gain full root privileges.
A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by local unprivileged users to gain full root privileges.
product updates
23-12-2021
Using classic tokens for Native OTP Authentication with NetScaler
 Citrix ADC(NetScaler) supports one-time passwords (OTPs) without having to use a third-party server. One-time password is a highly secure option for authenticating to secure servers, as the number or passcode generated is random.
Citrix ADC(NetScaler) supports one-time passwords (OTPs) without having to use a third-party server. One-time password is a highly secure option for authenticating to secure servers, as the number or passcode generated is random. 
integration guides
15-12-2021
Log4Shell (CVE-2021-44228)
 Token2 is aware of the RCE vulnerability in the Apache Log4j , classified by the Apache security team as a critical severity issue (CVE-2021-44228).
Token2 is aware of the RCE vulnerability in the Apache Log4j , classified by the Apache security team as a critical severity issue (CVE-2021-44228).
product informaion
07-12-2021
Delegation of rights in Azure MFA
 Azure administrators   need to have Global Administrator role to work with MFA, particularly to import and activate OATH tokens. Sometimes they want to delegate this task to service desk   team, but to achieve this they need to delegate GA  rights too. In this article, we would like to talk about a couple of solutions  that would be usefull  for administrators in managing MFA.
Azure administrators   need to have Global Administrator role to work with MFA, particularly to import and activate OATH tokens. Sometimes they want to delegate this task to service desk   team, but to achieve this they need to delegate GA  rights too. In this article, we would like to talk about a couple of solutions  that would be usefull  for administrators in managing MFA.
integration guides
16-11-2021
TOTPRadius : Azure AD Proxy mode
 The LDAP proxy mode of TOTPRadius was introduced as a workaround for implementing 2FA access for systems without native support for multiple authentication sources. This works perfectly fine for organizations with full on-premises or hybrid Active Directory implementations where domain controllers can be accessed over the local network directly using LDAP protocol. But we are discovering more and more organizations moving to full cloud Azure AD implementation while keeping some services, such as VPN, on-premises. As the LDAP interface of Azure AD is not accessible directly, it was not possible to configure TOTPRadius to use Azure AD as its authentication source.
The LDAP proxy mode of TOTPRadius was introduced as a workaround for implementing 2FA access for systems without native support for multiple authentication sources. This works perfectly fine for organizations with full on-premises or hybrid Active Directory implementations where domain controllers can be accessed over the local network directly using LDAP protocol. But we are discovering more and more organizations moving to full cloud Azure AD implementation while keeping some services, such as VPN, on-premises. As the LDAP interface of Azure AD is not accessible directly, it was not possible to configure TOTPRadius to use Azure AD as its authentication source. 
product updates
16-11-2021
The Network Policy Server (NPS) extension for Azure. Verification methods.
 The Network Policy Server (NPS) extension for Azure Multi-Factor-Authentication (Azure MFA) provides a simple way to add cloud-based MFA capabilities to your authentication infrastructure using your existing NPS servers.
The Network Policy Server (NPS) extension for Azure Multi-Factor-Authentication (Azure MFA) provides a simple way to add cloud-based MFA capabilities to your authentication infrastructure using your existing NPS servers.
integration guides
20-10-2021
Securing Salesforce with Token2 Security keys or TOTP Tokens
 To protect your Salesforce account and data from unauthorized access, your org can require an extra layer of security when you log in.
To protect your Salesforce account and data from unauthorized access, your org can require an extra layer of security when you log in.
integration guides
16-09-2021
How to transfer TOTP profiles from Authy to a Token2 hardware token
 Authy remains one of the most popular TOTP application used for 2FA due to its user-friendly features, such as centralized backup. As this feature is based on phone numbers (Authy uses your mobile phone number to identify or reset your account), which may be vulnerable to sim-swap attacks, some users may want to migrate from Authy to hardware tokens. Or, alternatively, users may need to clone/backup their existing TOTP profiles to hardware tokens.
Authy remains one of the most popular TOTP application used for 2FA due to its user-friendly features, such as centralized backup. As this feature is based on phone numbers (Authy uses your mobile phone number to identify or reset your account), which may be vulnerable to sim-swap attacks, some users may want to migrate from Authy to hardware tokens. Or, alternatively, users may need to clone/backup their existing TOTP profiles to hardware tokens.
tools
16-09-2021
Hardware tokens for PPTP VPN on Windows Server using TOTPRadius
 TOTPRadius can be used if you need to have hardware tokens as the second factor for two-factor authentication with Windows Server based PPTP VPN. You can enroll the same tokens as with Azure MFA, so your users can use the same hardware token for both Office 365 and VPN Access. The guide below explains how you can integrate TOTPRadius with Windows Server  to achieve this.
TOTPRadius can be used if you need to have hardware tokens as the second factor for two-factor authentication with Windows Server based PPTP VPN. You can enroll the same tokens as with Azure MFA, so your users can use the same hardware token for both Office 365 and VPN Access. The guide below explains how you can integrate TOTPRadius with Windows Server  to achieve this.
integration guides
Subscribe to our mailing list
Want to keep up-to-date with the latest Token2 news, projects and events? Join our mailing list!
