Products
Authenticator app replacement
Token2 programmable tokens are a "drop-in" replacement of OTP mobile apps (such as Google Authenticator or similar). They can be used with authentication backends requiring TOTP tokens and are compatible with services generating the seed at the server side (and not allowing to import seeds)
Under your full control
Special apps, tools or scripts available under different platforms can be used to "burn" the secret hash seeds and configure other parameters. Some of the apps require an NFC module to operate.
Blog
04-04-2026
Understanding FIDO User Verification Modes and the always_uv Setting
Token2 R3.3 and later FIDO2 keys enforce user verification by default with always_uv = true, improving security, though some platforms and apps like Windows 10, macOS, and certain legacy clients may fail to handle this override correctly.
05-03-2026
Introducing TOTPVault — self-hosted TOTP management for teams
Most TOTP apps work by distributing copies of the secret to every person who needs access — fine for personal accounts, but for shared service accounts it means MFA secrets scattered across people's phones with no clean way to revoke access when someone leaves.
21-12-2025
Android, NFC, and the Missing Piece of WebAuthn
For years, Android users have faced a frustrating limitation—Android does not support CTAP2 over NFC. This means no PIN verification and no discoverable credentials (passkeys) when using NFC, and therefore limited to simple U2F-style flows without user verification. That said, there finally seems to be a solution.