Secure your Gmail account with a Token2 programmable hardware token

This guide describes using TOTP Hardware tokens for Google Account. You can also use a FIDO Security key for multi-factor authentication with Google:
 Using Your T2F2 Security Key with Google

Token2 programmable tokens are "drop-in" replacements of mobile applications such as Google Authenticator or Token2 Mobile OTP.  If you would like to enable hardware token two-factor authentication for your Google Account, you can use the programmable tokens as an alternative to mobile application method by following the instructions below. The only prerequisite is an NFC-enabled portable device running Android (v3.x and higher).

Install a burner app and make sure your token is accessible via NFC. 

You can test NFC access by "get OTP" or "get Info"  button of the app: push the button on the device and hold it close to the NFC antenna of your Android device (usually below the camera on the back). Then on the Burner App, touch "get OTP" or "get Info"  button. The serial number shown on the app should match the one written on the token.


Note! You need an NFC-enabled device for the enrollment process only. Subsequent logins will utilize only the token itself.


Find the 2-Step Verification settings for your account

Log in to your Gmail account, go to My Account.

 

Choose “Sign-in & Security” tab.

 

Click “Signing in to Google”.

 

Select “2-Step Verification”.

Set up your phone

Get started!

 

Enter your phone number and select a method to get codes > click “Next”.

 

You receive an SMS on your phone with a code. This is a requirement of Google, the phone number will be used to restore access in case access to the authenticator app (or in our case the miniOTP token) is lost or the profile is corrupted.

Enter the verification code to confirm that it worked – click “Next”.

 

Now, turn on 2-Step verification.

Generate and display the QR Code

For the best user experience, Google recommends to set up the Authenticator App. We will have to select this option as our burner app is using the same QR code shown for Google Authenticator to set the seed of the miniOTP token.

 

Select iPhone as your kind of phone and click “Next” (selecting Android phone may change the process of enrolling, especially if you are using the same Google account on your Android devices)

 

On the next step, the QR code should appear on the screen.

 

Now, launch Token2 Burner App on your device. Click on Scan QR button and scan the QR code shown on the configuration page as described in the previous step (or enter the secret key shown, especially if you are using the Windows version of the app). Then, push the button on the token device and hold it close to the NFC antenna of your NFC device (on the phones it is usually below the camera on the back). Click on "burn seed" button. The app should show "burn seed process succeeded" message if the process is successfully completed.

 

After the process is completed, your token is now generating OTP codes for your Gmail account.


Complete Enrollment

Click “Next” under QR code.

 

Enter the 6 digit code generated on your token device to the  Google Verification Code field and click “Verify”.

 

Click “Done”.

 


FAQ

Q. Can the programmable token be reused for another user (i.e. if the previous owner no longer needs it)?
A. Yes. the tokens are reprogrammable for an unlimited number of times. So the steps described above can be repeated for any user using any Token2 device (even previously owned).

Q. I do not see the option of Google Authenticator, why?

A. TOTP (Google Authenticator or our programmable tokens) is not accepted as the only second factor by Google, you have to have a phone number or a security key enrolled



hardware token for google authenticator setup