This is a pre-sales order page, shipping is planned by the end of September. Please place a separate order and do not mix this with other products when ordering as this will affect delivery for all items.
|TOTP Profiles||up to 10|
|Programmable||via NFC, Windows and Android app|
|NFC Access||Password protected - password can be changed|
|Timestep||30 or 60 seconds|
|OTP Length||6 or 8 digits|
|Maximal seed length||160 HEX (128 base32)|
|Seed hash algorithm||SHA-1 or SHA-256|
A. There is absolutely no way to retrieve the seeds anyhow from the device. However, to fully ensure security, in particular, to prevent replay attack by modifying the system time (which is a highly demanded feature to solve the time drift issues) Molto-1 can be protected by setting an NFC access password. New devices will come with a default NFC access password which can be changed immediately. To prevent brute-force attack, the devices will be reset to factory defaults after around 100 unsuccessful NFC access attempts.
A. No, you can still use it by resetting to factory default. This reset will set NFC access password to default, but the operation will also clear all TOTP profiles (seeds and settings).
A. Battery life depends on usage. Burning/programming operations via NFC consume a lot more power, so we must take that into account as well. As a rough estimation, if a token is used a few times per day (i.e. each profile is used once - so 10 button presses a day) and the NFC operations are not very frequent (i.e. not more than once a month) - the Molto-1 token will last for 4-5 years.
A. Yes, but you will have enough time to prepare. Molto-1 will have a battery indicator on the display (). The indicator will show the status throughout the life of the token () . You should replace your token (and migrate the TOTP tokens by resetting the second factor on each respective service) when the indicator shows the battery level as "empty" () - you will still have a couple of months to do this.
|Google Account||fully compatible|
|Azure On-Prem MFA Server||fully compatible|
|Azure Cloud MFA / Office 365||fully compatible|
|Stripe Dashboard||fully compatible|
|Meraki Dashboard||fully compatible|
|application or system developed by you||fully compatible|
|not listed here||contact us to check the compatibility|