Sales of Protectimus Flex (https://www.protectimus.com/flex/) programmable, key fob-style TOTP tokens have already started. The tokens were developed specifically to replace Google Authenticator and other two-factor authentication apps for services without native support for hardware tokens: these include Office 365, Azure MFA, Google, PayPal, GitHub, Bitfinex, Coinbase, Facebook, Twitter, and many others.
An Android smartphone with NFC support and the Protectimus TOTP Burner application app are required to set up the token. Users begin setting up two-factor authentication for the account they wish to protect by choosing to use a 2FA app for authentication. However, when prompted to scan the QR code containing the secret key, they use Protectimus TOTP Burner instead of an app like Google Authenticator. Protectimus TOTP Burner reads the secret key out of the QR code and programs it into the Protectimus Flex hardware token over NFC when the token is held near the phone.
Protectimus Flex reprogrammable TOTP tokens offer a time synchronization feature. Each time the token is programmed, the internal clock is set to the exact current time. This precludes the possibility of time drift between the authentication server and the TOTP token.
The token comes in a convenient key fob form factor. Users should always have their OTP tokens to hand, and they can easily carry the key fob on their key rings. This way, users won’t forget their tokens at home or leave them at the office.
The battery level indicator is yet another convenient, innovative feature. Previously, users were unable to know when their hardware tokens would fail. This could result in a sudden loss of account access before the token could be replaced. The battery level indicator shows exactly when it’s time to order a new token.
Technical specifications of the Protectimus Flex programmable token:
– algorithm support: TOTP (RFC 6238), SHA-1;
– support for secret keys with a maximum length of 32 Base32 characters;
– a single Protectimus Flex token can be programmed with one secret key;
– six-figure display with one-time password time-to-live indicator and battery level indicator;
– one-time password lifetime can be set to 30 or 60 seconds during programming;
– time synchronization feature activated when programming a secret key into the token;
– Protectimus Flex tokens can also be used as traditional OATH tokens, they come with preprogrammed secret keys.