Virtual TOTP Token Tool for Windows - GUI version
Overview
The Virtual TOTP Token is a tool designed to emulate Time-Based One-Time Passwords (TOTPs) for testing purposes. It allows users to generate TOTPs without the need to purchase physical tokens. This tool is particularly useful for customers testing procedures involving TOTP tokens with Azure Multi-Factor Authentication (MFA).
Prerequisites
- Operating System: Windows
- System time: Ensure that the system time is correctly set (ideally synced with Internet time servers).
Usage
- Download the tool:
- Download and extract the Virtual TOTP Token tool.
- Prepare/verify CSV File:
- The archive will contain a CSV file named
token2.csvin the same folder as the script. - The CSV file should contain the following columns:
upnserial numbersecret keytimeintervalmanufacturermodel
- Example CSV content (as provided in the example):
upn,serial number,secret key,timeinterval,manufacturer,model [email protected],2300000000000,JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP,30,Token2,miniOTP-1
- The seed (secret key) in the file will be used by the Virtual TOTP Token tool to calculate the OTP. You can use the same file to import this seed to your Azure MFA. Please note that you will have to modify the UPN accordingly (put your user's UPN instead of the default). Please note that only the first entry in the csv will be taken into account.
- If no CSV file is present, the tool will calculate OTP using the default secret key (
JBSWY3DPEHPK3PXPJBSWY3DPEHPK3PXP)
- The archive will contain a CSV file named
- Run the tool:
- Double-click the exe file.
- The script will launch a graphical interface displaying a TOTP and a countdown timer.
- Testing with Azure MFA:
- Using a global tenant admin account, upload the CSV to OATH Tokens blade.
- Use the displayed TOTP in your Azure MFA testing procedure.
- Observe the countdown timer to understand the TOTP's validity period.
Important Notes
- Default Secret Key:
- If the script does not find a
token2.csvfile or the secret key in the CSV file, it uses a default key. Replace this default key with your actual default secret key.
- If the script does not find a
- Status Display:
- The script displays status information at the bottom of the form. This area provides feedback on whether the secret key was found in the CSV file.
DO NOT USE IN PRODUCTION!
This tool is for emulation purposes only and is not a replacement for actual TOTP tokens in a production environment.
This tool is for emulation purposes only and is not a replacement for actual TOTP tokens in a production environment.
Download
Download from here .
Subscribe to our mailing list
Want to keep up-to-date with the latest Token2 news, projects and events? Join our mailing list!