FAQ: Hardware tokens and purchases

FAQ about our burner apps

  • How is my credit card data stored and processed on your website?

    We do not store or process any payment information on our website. After you fill your order data, an order ID is created and passed to one of our payment processors (Stripe or PayPal). You only enter the credit card information on the payment page hosted by the payment gateway.

  • Can I get a free sample?

    We normally do not provide free samples. If you want to test the functionality, feel free to use our virtual TOTP toolset. It fully emulates our hardware tokens.

  • Can I use the programmable tokens with AWS or Fortnite 2FA?

    Yes, our second-generation tokens support longer seeds generated by AlibabaCloudAWS, or Fortnite. Make sure you have the latest version (at least NFC Burner 2.1 for Android or NFC Burner 0.1 Advanced for Windows). Previous versions of the app do not support longer seeds.

  • Which of your tokens support Azure Cloud MFA?

    All our token models support Azure Cloud MFA as long as your Azure AD license is P1 or P2. If you do not have any Azure AD license, you can still benefit from our tokens, but only the programmable ones. They act as a drop-in replacement of mobile authenticator apps (i.e. Microsoft Authenticator or Google Authenticator). This flowchart decision tree will help you to choose the right token model for your case.

  • Can I use hardware tokens to implement Active Directory login with two-factor authentication?

    Microsoft does not natively support TOTP authentication for the Active Directory. Azure Active Directory supports logging in with FIDO2 Security keys, but this is not really a multi-factor authentication. If you need to implement TOTP as a second factor for on-premise Azure Directory user authentication, we recommend the UserLock product from our partner, ISDecicions

  • Can I get a discount?

    Discounts are possible with orders starting from 50 units. To request a discounted quote, add the products to the basket, proceed with the checkout and at the final phase, click on the « Request quote »  button.

  • Can the token be used with multiple services at once or is it one token per one service?

    This depends on the authentication system itself. If the system supports importing the seeds, then yes. If out of 2 systems, one supports importing the seeds and the second is hardcoded to QR code-based provisioning, then the same token can be used for 2 systems. For other cases, you can use our multi-profile TOTP token that can hold up to 10 TOTP profiles.

  • Can your tokens be used with DUO?

    DUO supports TOTP hardware tokens, but they have not fully implemented the time drift adjustment as per RFC6238. So, after some time, the tokens' hardware clock will become out of sync and the OTP codes will not be accepted by DUO authentication servers because of the system clock not matching. The time of the token then needs to be adjusted keeping the current seed intact. This is only possible with Token2 programmable tokens with unrestricted time sync: miniOTP-2OTPC-P1, C302and Molto-1. Read more about using Token2 hardware tokens with DUO here.

  • How do I receive the seeds (secret shared keys) for the purchased tokens?

    Once the products are delivered, customers should request the secret keys by filling the form here. Please note that this is a manual process and will need to be reviewed by our team. The serial numbers of the tokens are required to be entered in the key request form. For tokens where the serial numbers are presented in barcode or QR code format, you can use the inventory apps to avoid entering the serial numbers manually. Please note that the seeds can only be sent to the emails specified when the order is placed. Keys requested in standard formats (Hex, Base32 or CSV for Azure MFA) are normally sent within one business day (CET timezone). After the secret keys are received, you should import them to your authentication system. See below the integration guides for some of the systems. Please note that you do not need to request secret keys for programmable tokens - you can set the keys yourselves using one of our burner apps

  • I have chosen Regular Post and my order is still not delivered.

    If the shipping option chosen for your order is "Regular post" (priority or with tracking) usually delivered within a week in Europe, US & Canada, 2 weeks to MENA region and 6-8 weeks to Australia and New Zealand, and the post says it may take up to 4, 6 and 10 weeks respectively. However, please note that this is approximation without warranty and the service is of a "best-effort" type. We have absolutely no visibility (except the tracking code, which is communicated to customers when the order is shipped) nor any further control.

Large Volume Orders
For large orders, Token2 offers volume discounts.If you are interested in larger volume orders, please contact us and we will get back with a quote immediately
Burner apps

We are using cookies. By using our site you agree with ToS  ok