TOKEN2 Companion app is a tool to leverage the use of TOKEN2 FIDO2 security keys (second-generation only: T2F2-ALU , T2F2-AZ, T2F2-NFC and T2F2-BIO ) beyond classic U2F and standard FIDO2/WebAuthn functionality. The app enables you to set and use TOTP profiles on a computer or on an Android device (NFC or USB/OTG) as well as iOS (with NFC only). For T2F2-Bio models, the app helps to manage fingerprint enrollment as well.
Download and launch the app. It is a zip file with an exe inside to launch – no installation needed, just make sure the files inside the zip file are extracted into the same directory.
To set the HID HOTP seed, launch the companion app, plug the key in and navigate to HOTP menu item on the right.
On the next window, enter or generate the seed and click on Write. Note that you can configure additional options, such as the number of digits in the OTP (6 or 8) and the "Auto Enter" feature, which will send Enter keystroke after the digits when sending via HID.
Adding a TOTP profile
To add a new TOTP profile, navigate to the TOTP section, and click on "+ (Add account)"
On the following window, fill the Issuer, Account, and the Security key fields. The security key field (or seed, or secret) is expected to be in base32 format.
You can extract the base32 secrets from an image containing a QR code. You can scan the QR shown on the screen with the 'QR on screen' button (the app will minimize itself, take a screenshot and then look for a QR code containing the TOTP seed) or decode from an image file using 'QR from file'. Only one QR code should be present at a time on the screen or in the image file being loaded.
When adding TOTP profiles, you can benefit from the additional features implemented on the same dialog window:
- 'Random' : generates a random base32 secret
- 'Require button' - if enabled, the OTP will be shown only if the physical button on the USB key is pressed.
- 'Append to CSV file' - if checked, the seeds added to the security key will be recorded in the csv file (by default seeds.csv , can be modified in token2.ini file)
If non-default TOTP settings are needed, you can configure by clicking on Additional settings link
You can choose the OTP period to be 30 or 60 seconds, the hash algorithm to be sha1 or sha256 and the number of OTP digits to be 6 or 8.
Accessing the TOTP profiles
The OTP values generated by the security key can be accessed using the companion app. Bu double-clicking on the profile box you can copy the OTP to clipboard. If the profile is configured to require the physical button to be pressed, double-clicking on profile will make the physical buttons LED blink; after you press the button the OTP will be displayed on the app.
The companion app also allows resetting your FIDO2 key and setting a PIN code.
Please note that the same operations can be done using the standard Windows control panel with Windows 10 1903 and higher.