One-time passwords are generated by a special algorithm (TOTP, HOTP, OCRA) using a secret key. Conventional OTP tokens’ secrets are configured during production, and cannot be changed. For example, in 2FA solutions based on Google Authenticator, secret keys are generated by the server, and connecting a hardware token with a preinstalled secret key is impossible. But reprogrammable NFC tokens can be set up uniquely to each 2FA system as such OTP token can be set up to use a secret key generated by the authentication system, and reflashed every time it is reassigned to another person.
Protectimus SLIM mini NFC tokens can be used by anyone who wants to protect their account in Google, Facebook, Vkontakte, Dropbox, GitHub, Kickstarter, KeePass, Microsoft, Teamviewer, etc. The 2FA systems of these and other popular platforms are built on the basis of Google Auth, and require users to install the app from Google or receive one-time passwords by SMS. But hardware OTP tokens are more reliable. They nullify the risk of interception of the one-time password.
SMS messages are one of the most convenient and widely used ways to deliver one-time passwords. But they are not the safest. During transmission, SMS messages can be intercepted by means of a “man in the middle” attack or a virus on the user’s smartphone. In addition, SMS-center employees may have access to these messages. Hardware OTP tokens operate completely autonomously without requiring a connection to a network, which means they are protected against such threats. Thus reflash tokens are a safer alternative to SMS-authentication.
Software tokens were invented with the advent of smartphones as a convenient alternative to hardware OTP tokens. Functionally identical to hardware tokens, and sometimes even more convenient, because a single application lets you create multiple OTP tokens for different resources. But from the point of view of security it is better to buy a TOTP hardware token, since with the increasing popularity of smartphones, the number of viruses designed specifically to compromise the software OTP generators or intercept SMS-messages with one-time passwords has increased as well. With the hardware tokens there is no such risk.
A miniature, reprogrammable NFC token smart-card as small as 64 x 38 x 1 mm is a new innovation in two-factor authentication. This OTP token looks stylish, takes up little space in your wallet, and is waterproof and robust. Protectimus Slim mini tokens are built to last up to 3-5 years, with a warranty of 12 months. The world has long been waiting for such a solution to strengthen two-factor authentication systems built on the basis of Google Authenticator. And finally with the advent of NFC technology it has become possible.
To transfer NFC security tokens to your 2-factor authentication system, the tokens must be pre-programmed. To do this, we provide a special application for smartphones based on the Android operating system. Please note that your phone must support NFC technology. Detailed instructions on the use of this application is available on our website.