Token2 is a cybersecurity company specialized in the area of multifactor authentication. Founded by a team of researchers and graduates from the University of Geneva with years of experience in the field of strong security and multifactor authentication, Token2 has invented, designed and developed various hardware and software solutions for user-friendly and secure authentication. Token2 is headquartered in Geneva, Switzerland
Token2 used to be a part of a multifactor authentication research project at the University of Geneva, which has led to a spin-off startup company back in 2013
Token2 is a member of FIDO Alliance, and we implement the FIDO protocols (UAF, U2F, WebAuthN and CTAP) on our hardware security keys as well as our TOTPRadius appliance.
Token2 is a member of swiss made software label. The swiss made software label is dedicated to promoting the Swiss software industry, both at home and abroad. It combines Swiss values such as quality, reliability and precision – especially in software development.
TOKEN2 is a registered trademark of the TOKEN2 Multifactor authentication company (registered by Geneva Cantonal Trade Register as CHE-218.895.438 ) at the Swiss Federal Institute of Intellectual Property. Registration number № 743850.
TOKEN2 is focusing on the following main products and services:
FIDO2 and U2F Security KeysFIDO2 security keys are an unphishable standards-based passwordless authentication method that can come in any form factor. Token2 FIDO2 Security keys enable organizations and users to use a USB key to sign in without the need of entering a password (i.e. with Azure Passwordless) or can be used as a second factor (i.e. Google Accounts). Our USB keys also support U2F protocol for backward compatibility. Token2 is listed by Microsoft as a compatible FIDO2 security key provider for Azure AD (Microsoft Entra ID) Passwordless.
Token2 security keys are certified by the FIDO® Alliance (Level1 certification)
Classic hardware tokensWe have designed and prototyped several models of OATH compliant hardware tokens. We currently have agreements with a number of different factories that produce the equipment based on our design and algorithms. Our classic hardware tokens can be used in many systems supporting standard TOTP protocol, including WordPress, Azure MFA Server, WebUntis and many others.
Token2 is listed by Microsoft as a recommended TOTP hardware token supplier for Azure MFA.
Independent Compliance Check
RFC6238 compliance confirmed by CertX, the first swiss accredited certification body for product certification in the scope of industrial cybersecurity and functional safety.
Programmable hardware tokensToken2 programmable card or keyfob tokens are "drop-in" replacement of OTP mobile apps (such as Google Authenticator or similar). They support authentication backends requiring TOTP tokens without the possibility of specifying the shared secret keys (i.e. keys are generated on server-side only) and are compatible with services such as Google, Facebook, Microsoft, Amazon, etc.
TOTPRadius virtual applianceTOTPRadius is a 2FA authentication server deployed as a virtual appliance and designed to run on Hyper-V or VMWare hypervisors. This complements the variety of products offered by Token2, any hardware token sold by Token2 can be backed by TOTPRadius as the authentication service. Newer versions of TOTPRadius allow organizing access to corporate VPN using FIDO Security keys (legacy U2F or FIDO2) both via 2FA and Passwordless method. TOTPRadius is free for 5 users and more licenses can be purchased online if needed.
Token2 TOTPRadius provides the RADIUS RFC-2865 for TOTP RFC-6238 based authentication. With TOTPRadius you can integrate a large variety of third-party products and systems with multi-factor authentication. A number of enterprise products and services like VPNs (including Meraki CVPN and Fortinet VPN), Citrix XenApp/XenDesktop, VMWare View, and many others provide support for RADIUS servers to validate the second factor of user authentications.
TOTPRadius features many innovative approaches to multifactor authentication, such as self-service enrollment and FIDO security keys-based L2TP VPN access using VPN Portal. To ensure the security of the VPN Portal is at the highest level, we have contracted an independent security company, SySS GmbH , which has conducted the penetration testing and produced a security certificate available below. The TOTPRadius VPN Portal component is currently labeled as "Certified Website - Approved Security" by SySS Gmbh.
Token2 Online Shops
TOKEN2 operates its own online shop to sell the whole range of TOKEN2 products globally. The system will automatically select the warehouse and/or reseller or distributor to ship the products from (shipping cost, customs clearance, taxes and stock availability will be taken into account). For clients located in the member states of the European Union, we recommend placing orders via one of our partner companies in France.
Lifecycle of orders
Our order workflow is described in full details here
Origin of products
For some of our products, we are considered a systems integrator rather than a manufacturer, as our products may contain different components, such as batteries, NFC chips or plastic/metallic cases, from various countries. According to Article 60(2) UCC, when two or more countries are involved in the manufacture of the product, it shall be deemed to originate in the country or territory where they underwent their last, substantial, economically justified processing or working. In this context, we declare the country of the origin as Switzerland where allowed (i.e. in customs declaration). This is not, however, enough to declare the product as Swiss-made yet as Switzerland has a stricter rule on this: at least 60% of the components must be produced in Switzerland. Currently, having more than 60% of the components produced in Switzerland would make the final price of the product several times higher. We are still working on moving the production to Switzerland while keeping the costs at an affordable level. Nevertheless, be assured that all the production phases are under the thorough control of our specialists, and the components supplied by our partners undergo regular quality checks. The software, firmware, and sensitive data (such as seeds) handling operations are done in Switzerland. Furthermore, our business model is based not just on selling or reselling (in some cases) hardware, but more on providing full high quality technical support at all stages, starting from choosing the most suitable and cost-effective device model to its activation and configuration with any compatible authentication system used by the client.
Security of the TOTP hardware token secret keys
Detailed information about the security surrounding the shared secret key hashes (seeds) of our hardware tokens and about how this data is stored and operated is available here
In addition to generic standards-based devices such as classic TOTP tokens and FIDO security keys that are not unique, of course, many devices we produce are unique and innovative and never existed before. Devices such as tokens for EVV systems, TOTP tokens with time sync and multiprofile TOTP hardware tokens are unique and fully based on our inventions and research papers - there are proofs and evidences showing that they appeared first in our publications. Due to the limitations of the Swiss legislation, these inventions are not patentable (Article 1 of the Swiss Patent Act), therefore we do not have any mechanism of protecting from replicas of our inventions, nor we have resources or willingness to do so. However, it is clear that the suppliers of such replicas are obviously not in a position to provide the same level of support for these devices.
Subscribe to our mailing list
Want to keep up-to-date with the latest Token2 news, projects and events? Join our mailing list!