Ukraine flag

We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page

The most convenient, stylish OTP token

Protectimus Crystal
Protectimus Crystal hardware OTP tokens support the TOTP one-time password generation algorithm. They come with hard-coded secret keys.
Despite their small form factor, Protectimus Crystal one-time password generators are equipped with easy-to-read displays, featuring the largest, clearest digits of any Protectimus OTP token.

Protectimus Crystal hardware tokens for two-factor authentication operate in accordance with OATH standards. Protectimus Crystal OTP tokens support TOTP algorithms (RFC 6238) and SHA-1. One-time passwords have a 60-second lifetime.
You can buy Protectimus Crystal tokens in orders of as few as 1 unit. For orders of 1000 units or more, OTP tokens supporting SHA-256 and 30-second one-time password lifetimes are also available.

Secure authentication

Hardware OTP tokens are the most reliable one-time password generators. One-time passwords are automatically generated without an internet or cellular network connection. This eliminates even the smallest chance of a one-time password being intercepted, or of the device being compromised by malware.

Long service life

Protectimus Crystal OTP tokens are protected from dust and moisture, as well as from cyberattacks. The battery lasts for about 5 years — a significant advantage over competing TOTP tokens that shut off automatically after 2 years, requiring customers to buy new tokens regularly.

Convenient, stylish design

The Protectimus Crystal TOTP token looks like a small key fob. The convenient design and rugged body let you carry the token right on your key chain. The best feature of this token, however, is the 6-digit display with large digits. The digits on the Protectimus Crystal’s display are significantly larger than those on the Protectimus Two.

Technical specifications

  • Algorithm support: TOTP (RFC 6238); SHA-1, SHA-256 (optional, for orders of 1000+)
  • Full compliance with OATH standards.
  • Moisture and dust protection.
  • One-time password lifetime: 60 seconds, 30 seconds (optional, for orders of 1000+)
  • Display: LCD, 6 digits.
  • Size: 44.3 x 19.9 x 7.4 mm.
  • Battery life: 5 years.
  • Custom branding available for orders of 1000+.


How to buy?

You can easily become a happy owner of this device. Depending on your preference, we can place your company’s logo and other visual features on the device; you can also choose the color of your token. Producing customized tokens based on your specific requirements takes additional 3-4 weeks.

The price of tokens does not include shipping and delivery costs and other additional charges, such as taxes and customs duties.

Delivery times depend on several factors, in particular: lot/consignment size, token availability at our warehouse, and postal service. Besides, the delivery time will depend on whether additional visual features need to be placed on the products. Typically, if there is a sufficient quantity of products at the warehouse, orders are delivered within 2 to 6 weeks.

To place an order, please fill out the form, and our specialist will promptly contact you.

See Also

ImageToken ModelPrice, pcs
Brief DescriptionDescription
PROTECTIMUS TWOPROTECTIMUS TWO$11.99$11.49$10.99$9.99$8.99

$3 when paying service in advance for a year
Bulletproof OTP token: reliable, waterproof, stylishBulletproof TOTP token: reliable, waterproof, stylish

$3 when paying service in advance for a year
PROTECTIMUS FLEXPROTECTIMUS FLEX$19.99$18.99$16.99$15.99$13.99The reprogrammable and stylish hardware TOTP tokenThe reprogrammable hardware TOTP token
PROTECTIMUS SHARKPROTECTIMUS SHARK$14.99$14.49$13.99$12.99$11.99This hardware token offers exceptional security features by supporting TOTP (RFC 6238) and SHA-256 algorithmWe recommend using this token
PROTECTIMUS SLIM MINIPROTECTIMUS SLIM MINI$29.99$28.99$26.99$24.99$21.99Reprogrammable NFC token, that fits any two-factor authentication systemReprogrammable NFC token
PROTECTIMUS SMARTPROTECTIMUS SMARTfreeAvailable for all key Android and iPhone platformsSoftware token for Android and iPhones
PROTECTIMUS SMARTPROTECTIMUS PUSHfreePush via Android and iPhone applicationsСonvenient and reliable
PROTECTIMUS BOTPROTECTIMUS BOTfreeOTP delivery via messenger — easy, secure, convenient. The service is available on Telegram, Viber and Facebook Messenger.The service is available on Telegram, Viber and Facebook Messenger
PROTECTIMUS SMSPROTECTIMUS SMS$2 per user/monthMinimum hassleMinimum hassle

Knowledge base

The Protectimus Crystal hardware OTP token is a freestanding device, so it doesn’t require a network connection. One-time passwords are generated using the TOTP algorithm with two parameters: a secret key hard-coded into the token, and a variable (the current time value). The secret key and time are known to the authentication server. The two-factor authentication server verifies the one-time password generated by the token against the OTP generated by the server using the same data. If the one-time passwords match, authentication is successful.

Apart from hardware OTP tokens, SMS, email, iOS and Android apps, and messaging services are commonly used for delivering and generating one-time passwords. But all these MFA approaches have vulnerabilities: one-time passwords can be intercepted during delivery, such as by compromising a cellular network or using a virus installed on a mobile device. Hardware one-time password generators are isolated, excluding both of these threats. Tokens cannot be infected by viruses, and one-time passwords aren’t delivered — the OTP token itself generates them.

TOTP tokens generate one-time passwords based on a secret key and the current time. The TOTP password generation algorithm replaces HOTP and is more secure. Under the HOTP algorithm, one-time passwords are generated based on a secret key and an event counter whose value increases in increments of one. In this manner, an attacker can generate and write down several OTPs in advance. OTPs generated by a TOTP token are valid for only 60 seconds. These one-time passwords cannot be generated in advance.

Protectimus Crystal OTP authentication tokens meet OATH standards. The Protectimus Crystal is a reliable hardware TOTP token that is resistant to moisture and dust, and immune to cyberattacks. These authentication tokens work for about 5 years. One-time passwords are generated without a network connection, so Protectimus Crystal authentication tokens cannot be infected by viruses and one-time passwords cannot be intercepted. Even if an attacker presses the button on the OTP token and receives a one-time password while nobody is looking, the one-time password will be valid for only 30 or 60 seconds. It is impossible to generate several OTPs in advance.

You can buy the Protectimus Crystal to use it with the Protectimus two-factor authentication system, or with any other multifactor authentication server that works according to OATH standards. The Protectimus Crystal TOTP authentication token comes with a hard-coded secret key that cannot be changed. The Protectimus Crystal security token features a compact form factor (it’s the smallest key fob OTP token), but it’s equipped with a large, convenient LCD display that makes it easy for even those with poor eyesight to read one-time passwords.