Token2 Companion Mobile Apps User Guide

The Token2 Companion App is a mobile application designed to streamline the setup, configuration, and management of Token2  FIDO2 security keys. This guide provides step-by-step instructions for both the Android and iOS versions of the app. While the core functionality remains consistent across platforms, there may be minor differences in the user interface or certain features due to platform-specific requirements. Use this guide to learn how to connect your Token2 device, generate OTPs, manage FIDO2 passkeys, and configure device settings directly from your smartphone. Additionally, the FIDO2 functionality and passkey management of FIDO2.1 keys from other brands are also possible, but only via NFC.

1. Installation and Setup

• Download the App: The Token2 Companion App is available on both Android (Google Play Store) and iOS (App Store). Alternatively, you can download the APK file directly.
• Install the App: Follow the installation prompts specific to your device.

2. Initial Configuration

• Open the App: Launch the app from your device. Note: while landscape orientation may be available on some devices, please note that the app is designed for and best experienced in portrait mode.
• Connect a Token2 Device: The app uses NFC or USB (for compatible models) to connect with Token2 devices.
  • NFC: Ensure NFC is enabled on your phone. Tap your Token2 device to your phone to establish a connection. For iOS app, you may need to choose "Scan for devices" option from the central menu.
    
    
  • USB: For OTG-enabled Android phones and iOS devices (with Release3 USB keys), connect your Token2 device via an OTG adapter or USB-C port.

3. Generating OTPs

• Automatic OTP Generation: Once the Token2 device is connected, the app will automatically detect it and display an OTP (One-Time Password).
• Copy and Use OTP: Tap on the OTP to copy it to your clipboard, then paste it into the desired application for authentication.
  
  

• Adding a new OTP profile:
  • Adding a new OTP account can be done by scanning a TOTP QR code or by entering the details manually.
    
    The QR code expected by the app should be in the TOTP enrollment format as described here.
    You can also add a TOTP profile manually: the form expects you to type in the Issuer and account names, specify secret hash and the TOTP parameters, such as hash algorithm and offset.
    
    


Managing OTP profiles: You can also make an OTP profile a favorite by swiping to the right (for iOS, you need to touch the star icon to confirm the operation). Marking an OTP profile as a favorite will cause it to appear at the top of your list for easier access.

Please note that this information is saved locally on the device only and is not stored on the FIDO2 key. Therefore, if you change your phone or app, you will need to reassign your favorites.

To delete an OTP profile, swipe to the left (for iOS, you will also need to touch the delete button).

5. FIDO2 Passkey Management

Starting from version 2, the Token2 Companion App allows users to view and delete passkeys, as well as manage certain FIDO settings. When performing these actions, the app will prompt for a PIN, which may be requested more than once for added security. If no PIN is currently set, the app will guide you through the process of creating one. Please note that for PIN+ series devices, the PIN must adhere to specific complexity rules.

• Passkeys: For compatible devices, select the Passkeys tab in the app to list stored passkeys.
  
  
• Passkey Management: You can view the list of stored passkeys. To delete a passkey, touch it, and on the next window, click on Delete button. 
  
  Be careful - you cannot undo this operation!

6. Fingerprint Management (Bio3 and Later Keys)

The Token2 Companion App on Android and iOS allows you to manage fingerprints stored on Bio3 and newer biometric FIDO2 keys. You can enroll, rename, and delete fingerprints directly from your mobile device.

Requirements

• Bio3 or later FIDO2 key with fingerprint sensor
• Token2 Companion App (latest version from Play Store or App Store)
• Smartphone USB-C port or compatible adapter
• PIN of the FIDO2 key

Enroll a New Fingerprint

• Select "Fingerprint" tab, then plug in the key
• Tap the central logo button, then select Enroll.
  
  
  
  
• Enter the PIN when prompted.
• Follow the on-screen instructions to repeatedly tap your finger on the sensor. Four samples are required for each fingerprint, and the wizard will guide you through steps 1 to 4.
  
  
  
  

Tip: You can normally store up to 29 fingerprints on each key.

Rename a Fingerprint

An automatically generated name is assigned to fingerprint records when created. You can rename if needed.

• Select the fingerprint from the list.
• Tap on the “Rename” icon, enter a new label, PIN code and save.
  
  
  
  

Delete a Fingerprint

• Select the fingerprint you want to remove.
• Swipe towards left, then tap “Delete” icon and confirm when asked.
  
  
  
  
• You may need to re-enter the PIN.

Note: Removing all fingerprints does not erase PINs or reset the device. Use the “Factory Reset” option for a full reset if needed.

7. Device settings

The Settings page allows you to configure various parameters of the key.

• Keyboard Emulation (HID): Enables or disables presenting the key as a keyboard (via USB). This feature is necessary for sending HOTP codes via keyboard emulation.
• Enforce Verification: This feature applies to FIDO2.1.Final keys and ensures that a PIN is requested even if the relying party has set it as discouraged or optional. Please note that the app cannot check the status of this setting on a given key, so you must select whether to enable or disable it and apply your choice.
• Reset OTP: Removes all stored OTP profiles. Warning: This action is not undoable.
• Reset FIDO: Removes all passkeys and deletes the PIN. Warning: This action is not undoable.
  
  
  
  
• Enforce numeric keyboard: the app offers the option to enforce a numeric keyboard when entering PINs, making it easier when only numeric PINs are required.
• Clearing lists: Users can choose between automatic and manual cleanup of their OTP and passkey lists. Automatic cleanup can be configured to clear entries after a specified timeout (5 minutes by default), while manual cleanup allows users to remove items as needed.
  
  
  
• Appearance: the app supports dark mode, enhancing usability in low-light environments. Users can choose to align with their system appearance settings or override them for a personalized experience.
  
  
  
• NFC Notification Control (Android Only): Users can disable NFC notifications if they do not use or have NFC, preventing unnecessary alerts.
  
  
  
• Fingerprint verification: Enabling fingerprint in settings allows you to access the Passkeys section using your fingerprint. To switch back to PIN or use the app with non-biometric keys, you'll need to disable this option.
  
  
  
  

8. General Troubleshooting Tips

• Device Not Connecting: Ensure NFC or USB is properly connected, restart the app, and try reconnecting the device.
• Compatibility: Ensure your device is compatible with the Token2 Companion App, as some older models may have limited support.

NFC Troubleshooting Tips

• Antenna Overlap: Ensure that the NFC antenna of your device and the Token2 device are properly aligned. If they are not, it can lead to connection failures. Moving the devices closer together or adjusting their positioning may help establish a successful connection.
• Clear Obstructions: Remove any cases or protective covers from your smartphone that may interfere with NFC communication. Sometimes, materials such as thick plastic or metal can block the NFC signal.
• Check NFC Settings: Make sure NFC is enabled on your phone. You can typically find this in the settings under "Connections" or "Wireless & Networks." If it's disabled, turn it on and try again.
• Restart Devices: If you're experiencing issues, try restarting your smartphone. This can resolve temporary glitches and refresh the NFC connection.
• Distance Matters: Keep the distance between the devices minimal while attempting to connect. NFC typically works within a few centimeters, so avoid moving them too far apart during the process.
  
  
  

9. Frequently Asked Questions (FAQ)

a. Can I use the app to manage keys from other manufacturers?

Yes, the app supports certain functionalities such as passkey management and FIDO reset for keys from other manufacturers, but only via NFC. Please note that fingerprint-based actions are only supported with Token2 Bio3 (or newer biometric) keys. To ensure compatibility, disable the fingerprint option in settings.

b. My fingerprint is not accepted. How can I make the app fall back to using a PIN?

If you're having trouble with fingerprint recognition, go to the app settings and disable the fingerprint option. This will allow the app to fall back to PIN-based authentication.

c. Can I protect TOTP with a PIN?

Adding a PIN to TOTP is generally unnecessary and considered overkill. TOTP is typically used alongside a password, and adding a PIN would turn it into a three-step authentication process—more cumbersome than FIDO2, but not more secure. TOTP is not phishing-resistant, so relying on it with extra layers does not address its core limitations. Whenever possible, avoid OTP and use phishing-resistant methods like FIDO2.

d. Why doesn't the onscreen keyboard appear when I plug in the key, and I can't enter the PIN?

This issue is likely caused by the FIDO2 key operating in HID (Human Interface Device) emulation mode. When HID mode is enabled, the system may treat the key as a physical keyboard, preventing the onscreen keyboard from appearing.

To resolve this, disable HID emulation in Settings screen.

10. Contact Support

If you encounter any issues not covered in this guide, please contact us by email (support [at] token2.com ). Our support team is available to help you with any questions or concerns regarding the Token2 Companion App.