Mailo two-factor authentication using Token2 programmable tokens

Mailo is a 100% European mail service, which guarantees the users to regain control of their data and accompanies them in an ethical and responsible use of the Web. Mailo offers an optionof using TOTP as its two-factor authentication method. When two-factor authentication is enabled, an authentication code is required every time you connect to Mailo from a new device. You get this code in the application  you have chosen (such as Google Authenticator or FreeOTP) when enabling two-factor authentication. Similar to other services using TOTP, this application can be replaced with Token2 programmable tokens as described below.

Requirements: 

• A Mailo account (free or paid)
• A Token2 programmable token (the guide below shows miniOTP-2 as an example)
• An Android device with NFC - this is needed for the enrollment only, subsequent logins will only require the hardware token. Please note that we show Android app only as an example, the same operations can be done with Windows (if a compatible NFC device is available) and iPhone apps ( for "-i" models only)

Activating 2FA on Mailo

Enabling two-factor authentication can only be done in the Mailo web interface. Log in to Mailo web interface and navigate to Settings, then choose Security.

Then, click on "Configure" button under Two-Factor Authentication section

On the next window, choose "a 2FA app" in the "Choose which app you want to use" drop-down list.

This will show the QR code that you need to scan using your Token2 NFC Burner app in the next step.

Install Token2 NFC Burner app on your Android device if you have not already done so. Make sure the correct app is installed - there is a separate app for each category of the devices. You can use this page to find which app is needed for your device (choose your model and the platform, you will get the app guides or links on the right column). The Android app we will be using for this example, for miniOTP-2 model, is this one. 

Open the Token2 Burner app  on your mobile device and click the button to scan a QR code, or manually enter the authentication key (base32 format is to be used). To scan the code, point your devices camera at the QR code seen in the setting of your Mailo account (see the previous screenshot).

Once the seed field has been filled, touch the "Burn seed" button, then turn the hardware token on and touch the top of the device. The process completion (or any errors) will be shown in the 'Results' area. Turn the token off and on again.

To complete the process, turn the hardware token on and enter the 6 digit code generated into the "Authentication code" field on the Mailo interface. 

Mailo also asks to enter your current password for security purposes. If both the OTP and the password are entered correctly, clicking on Enable will complete the process.