Securing Salesforce account with Token2 classic TOTP tokens

Different from programmable tokens and security keys, enrolling the classic tokens with Salesforce is not possible via the regular user interface. This operation requires executing a command via Salesforce developer API
The API object storing the classic hardware tokens' secret for a user is TwoFactorInfo. This object stores a user’s secret for multi-factor operations. Use this object when customizing multi-factor authentication in your organization. This object is available in API version 32.0 and later.

You need the Manage Multi-Factor Authentication in API permission to create or update this object.

The syntax for creating this object is expecting the SharedKey parameter to contain the base32 secret of the hardware token. You can request the seeds in base32 format and other formats using the seed request form as described here.

Supported Calls: create(), delete(), describeSObjects(), query(), retrieve(), update(), upsert()

See full description of this API object here.