Using Token2 hardware tokens for NordPass account

NordPass password manager remembers complex passwords, auto-fills logins and online forms, and lets you access it all from anywhere.
Multi-Factor Authentication (MFA) is an extra security layer of security to your NordPass encrypted vault.
Please note, that MFA will be enabled on your Nord Account. This means that you will be asked to authenticate yourself with an extra step whenever you try to log in to your Nord Account and access these Nord products: NordPass, NordVPN, and NordLocker. You will not be asked for the MFA code if you are already logged in to your Nord Account on the device. 
It allows using Token2 programmable tokens and Token2 Security keys for two-step verification.
In this article, we will show the procedures required to enroll and use Token2 programmable TOTP tokens for two-factor authentication for a Nord Account (as a replacement for Authenticator App).

Requirements:

• A Nord account
• A Token2 programmable token
• An iPhone or Android device with NFC* - this is needed for the enrollment only, subsequent logins will only require the hardware token
[* Android and Windows versions are available for all models, but this guide will use the iPhone app as an example. iPhone apps are compatible with "-i" models only]

Step 1. Enable an MFA method

1) Log into your Nord Account and choose Account settings.
 


2) In Account settings select Multi-factor authentication (MFA). Click "Manage MFA".
 


3) A window will appear, requesting a verification code. The code will be sent to your registartion email address. Enter it and select Verify.
 


4) You will get redirected back to Account settings. Click "Setup" on Authenticator app.
 


5) That will generate your QR code that you will scan using one of the provisioning tools in the next step.



Step 2. Provision the token




  • Launch the NFC burner app on your Android device and hit the "QR" button



  • Point the camera to the QR code shown on the account page. Upon a successful QR scan, the camera window should disappear
  • Turn on the token and touch it with your phone (make sure it is overlapped by the NFC antenna) and click "Connect" on the app
  • Upon successful connection, click the "Burn seed" button. If NFC link is established and the code is correctly scanned, you should see a status window showing "Burning..." and eventually (in a second or two), "burn seed successful.." message in the log window




Follow the steps below to perform setting the seed for your token using Windows App.

1. Launch the exe file, then select the NFC device from the drop-down list and click on "Connect". You should see a message box notifying about a successful operation.

Token2 NFC Burner app for Windows


2. Enter or paste the seed in base32 format, or use one of the QR scanning methods to populate this field

3. Place the token onto the NFC module and wait for its serial number to appear

Token2 NFC Burner app for Windows

4. Click on "Burn seed" button. A log entry with the serial number and "Successful operation" text will be logged in the log window.

Token2 NFC Burner app for Windows


  • Launch the NFC burner app on your iPhone device and hit the "scan QR" button



  • Point the camera to the QR code shown on the account page. Upon a successful QR scan, the camera window should disappear and the seed field will be populated with the hex value of the seed
  • Touch the Burn button, then turn on the token and touch the top of your iPhone with the token
  • Check the results of the process in the Results log field




Please note that the procedures above are shown only as examples and are valid to single profile TOTP tokens only. The procedure for multi-profile and USB-programmable devices are similar but slightly different

Step 3. Verify the OTP

After the token provisioning is done, turn the token off and back on. Enter the OTP generated by the hardware token.



MFA is enabled on your Nord Account! Make sure to click on "Save backup codes" and save them. You will need to use the backup code if you are not able to access your hardware token.



You will be prompted to log out of all devices to apply the newly installed MFA method.



After entering your password, you must enter the OTP from your token at the next login.