iOS NFC Burners for single profile Token2 programmable tokens



This page describes apps that can be used to program and configure our single profile hardware tokens using Apple iPhone devices. Kindly note that only iOS compatible tokens can be used with these apps. iOS compatible token models will have "-i" appended to their part number. 

Compatibility

All iPhones starting from iPhone 7 support NFC (iPhone 6 and 6S have the required hardware but Apple somehow limited access to these chips, so it’s not usable to third parties). None of the iPad models has the chip, nor do iPod touch devices. While our burner apps will most probably work on all devices mentioned above, we were only able to test on the following models so far: iPhone 8, iPhone SE2nd, iPhone X, iPhone 11.
Please note that some customers have reported intermittent NFC issues with iPhone 7, newer models are all fine.

Burner apps

We have released two different apps with a different set of features: TOKEN2 NFC Burner and TOKEN2 TOTP+. The apps are reviewed below.

TOKEN2 NFC Burner

This is a simple NFC burner and is very similar to our Android app. In addition to burning the seeds, the app will also allow configuring advanced settings, such as the hash algorithm (sha-1 or sha-2), the time offset (30 seconds or 60 seconds), the display power-off time out (from 15 seconds to 120 seconds) and time synchronization.

Burning a seed

The main window of the app is allowing to burn a seed to a programmable token by scanning the seed QR code or typing it in manually. This is the only screen you will be using in 99% of the cases.

  • To burn a seed, launch the app, then touch the 'Scan QR' button to scan a TOTP QR code using your camera. If the provisioning needs to be done by typing in or pasting a seed in text format, you can enter the seed in the 'Seed (in hex)' field if the secret is in hex format, or touch 'enter in base32' button if the seed needs to be entered in base32.

iOS NFC Burners for single profile Token2 programmable tokens

  • Once the seed field has been filled, touch the "Burn seed" button, then turn the hardware token on and touch the top of the device.

    iOS NFC Burners for single profile Token2 programmable tokens

    the process completion (or any errors) will be shown in the 'Results' area


Configuration window

When you click on the "Gears" icon in the seed burning window, you can access the configuration modification tool. This tool allows you to change the settings of the device. Please keep in mind that, in most cases, it's best to leave the configuration at its default settings.

iOS NFC Burners for single profile Token2 programmable tokens

It's important to note that the values displayed on the form above do not reflect the current configuration of the device; they are simply the default settings. This is because it's not possible to read the configuration or seed from the token; we can only write to it.

Additionally, exercise caution when making changes to the configuration. In some instances, altering the configuration may cause the token to stop working. For example, if you modify the time on a device with restricted time synchronization, the seed may be cleared for security reasons. Similarly, changing the algorithm setting, such as switching from SHA1 to SHA256, can break the configuration.

Important: Please note that the time on the device is displayed and should be set in the UTC timezone.

Seed display security mode

In the "secure" mode that can be selected on top of the app, the seed value will not be shown in the text field and will be automatically removed on every successful burn operation.

iOS NFC Burners for single profile Token2 programmable tokens



TOKEN2 TOTP+

Token2 TOTP+ is an app that combines a regular TOTP mobile authenticator app with an NFC burner app allowing to enroll TOTP profiles and copy them over to Token2 programmable hardware tokens. Any TOTP profile that was added to TOTP+ app can be instantly transferred over to a programmable token by touching the "burn" icon of the profile.

iOS NFC Burners for single profile Token2 programmable tokens


TOTP+ will store the TOTP profiles in iCloud Keychain, so when you move your iCloud account to another device, you the profiles will be restored on the new device automatically. This is why we recommend using the app only if your iCloud account is protected with two-factor authentication

Important! Do not use this app as a production TOTP mobile authenticator as the seeds are possible to be cloned, which may theoretically introduce a risk (although a minor one). The main use case is to test and compare the OTP with the hardware token generated OTPs.