Using Token2 Hardware tokens for Barclaycard ePDQ (the Back Office ) accounts

In this guide, we explain to you how to use Token2 programmable hardware tokens to secure your ePDQ account, which we sometimes refer to as the Back Office. 

Requirements:

• An ePDQ account (we used a test account for producing this guide, but the steps are the same for production accounts as well)

• A Token2 programmable hardware token. The time drift does not seem to be tolerated, so we recommend using programmable tokens with unrestricted time sync

• For NFC-programmable tokens, a device equipped with NFC and running one of our NFC Burner apps (for USB-programmable tokens, no additional hardware is needed)


Steps

Log in to your ePDQ account and navigate to Configuration → Password

Using Token2 Hardware tokens for Barclaycard ePDQ (the Back Office ) accounts


Choose the One-Time Password configuration tab

Using Token2 Hardware tokens for Barclaycard ePDQ (the Back Office ) accounts


This page will show you a QR code that you should transfer over to a Token2 programmable hardware tokens using an NFC Burner or USB Config app. 

Using Token2 Hardware tokens for Barclaycard ePDQ (the Back Office ) accounts

The procedures for provisioning hardware tokens are shown below.




  • Launch the NFC burner app on your Android device and hit the "QR" button



  • Point the camera to the QR code shown on the account page. Upon a successful QR scan, the camera window should disappear
  • Turn on the token and touch it with your phone (make sure it is overlapped by the NFC antenna) and click "Connect" on the app
  • Upon successful connection, click the "Burn seed" button. If NFC link is established and the code is correctly scanned, you should see a status window showing "Burning..." and eventually (in a second or two), "burn seed successful.." message in the log window




Follow the steps below to perform setting the seed for your token using Windows App.

1. Launch the exe file, then select the NFC device from the drop-down list and click on "Connect". You should see a message box notifying about a successful operation.

Token2 NFC Burner app for Windows


2. Enter or paste the seed in base32 format, or use one of the QR scanning methods to populate this field

3. Place the token onto the NFC module and wait for its serial number to appear

Token2 NFC Burner app for Windows

4. Click on "Burn seed" button. A log entry with the serial number and "Successful operation" text will be logged in the log window.

Token2 NFC Burner app for Windows


  • Launch the NFC burner app on your iPhone device and hit the "scan QR" button



  • Point the camera to the QR code shown on the account page. Upon a successful QR scan, the camera window should disappear and the seed field will be populated with the hex value of the seed
  • Touch the Burn button, then turn on the token and touch the top of your iPhone with the token
  • Check the results of the process in the Results log field




Please note that the procedures above are shown only as examples and are valid to single profile TOTP tokens only. The procedure for multi-profile and USB-programmable devices are similar but slightly different

Once the burning/configuration process has been completed, turn the hardware token off then on again to generate a new OTP. Then, enter the OTP generated by the token in the first field, then your ePDQ password in the second field and click Submit.

Using Token2 Hardware tokens for Barclaycard ePDQ (the Back Office ) accounts

If the password and the OTP are validated, you will see a message like below:

Using Token2 Hardware tokens for Barclaycard ePDQ (the Back Office ) accounts

The success message window will also show a form to disable two-factor authentication. This has to be ignored - do not submit this data if you want to keep your 2FA active: submitting OTP and password on this stage will disable your two-factor authentication!

Important! ePDQ system does not tolerate time drift, so your token's system clock will need to be adjusted using the config apps. We expect this will be needed to be done around once a year.