How to program OATH OTP tokens on Windows
Programmable OATH tokens can be programmed, or "flashed", with new seeds (secret keys) on Windows using the dedicated OTP Programming Tool from Microcosm.
Steps
-
Download the OTP Programming Tool: Download
-
Run OTPTool.exe and you will see the Token Selection screen:
Click on the type of token you want to program.
-
You will now see the main screen:
-
Ensure you have a contactless (NFC) card reader/writer attached to your computer.
We recommend the R502-CL contactless card reader but the software should work with any Windows-compatible PCSC contactless card reader/writer.
When you have connected a card reader it should be automatically selected in the Card Reader dropdown.
-
By default the software will have the Automatically generate seeds option selected. In this mode the software will generate a new random seed for each token you program and will automatically write a seeds file, adding to it each time you program a new token.
To use this default mode you must choose a file to write the seeds to and an encoding for the seeds. Hexadecimal is the default but systems differ in what encoding they require the seeds to be in when you import the seeds file later. Please check the documentation for your MFA platform to check this.
Alternatively you can choose the Specify a seed value option if you want to program the token with a particular seed. The software will work out the encoding based on the length of the seed you enter. Please see the Help section of the software for details of required seed lengths.
You can also click the QR code button if you want the software to extract the seed from an on-screen QR code such as those displayed during MFA enrolment.
-
Select a timestep and a hash function. If the Hash Function section is disabled then it means that this type of token does not allow the hash function to be changed.
-
Press the button on the OTP token to turn the screen on and place the token on the card reader/writer.
-
Click the Program Token button.
The token will be programmed with the new settings and a success message will be displayed in the Log panel:
-
That's it!
You can now program your next token or close the software and move on to import the resulting seeds file into your 2FA/MFA software.