Hardware tokens for Airlock 2FA

Airlock 2FA supports hardware tokens for authentication and transaction approval.

They are typically used as an alternative to the Airlock 2FA app (or a custom smartphone app) for the following reasons:

• Selected end-users are not willing to use an app or have no smartphone.
• Selected end-users are not allowed to use the app.
• Hardware tokens can be shared between accounts. This can be a reason to use hardware tokens for e.g. corporate accounts.

QR code tokens are based on scanning a QR code and typing in an OTP code displayed on the device. The tokens do not communicate over any other channel (internet, mobile network, USB, or alike).

QR code tokens support both authentication and transaction approval.

Airlock IAM currently supports the Thales (Gemalto) QR Code token as shown in the following picture. Supported and available models may change in the future.

OTP tokens display an OTP code changing over time. The code is entered by the user in order to log in. The tokens do not communicate over any other channel (internet, mobile network, USB, or alike).

OTP tokens can only be used for authentication and do not support transaction approval.

Airlock IAM currently supports the Thales (Gemalto) EZIO Lava token as shown in the following picture. Supported and available models may change in the future.

OTP tokens are supported as of IAM 7.7 with the following limitations:

• The resync operation only supported in the Adminapp and not as self-service. If tokens are out-of-sync, they need to be re-synchronized by the help desk or user administrator.

Hardware tokens must be ordered separately. Please contact order@airlock.com.

Hardware tokens are handled in the following way:

1. Airlock customer (e.g. a bank) orders tokens.
2. Futurae imports the token secrets into the Futurae cloud.
3. Futurae assigns the tokens to the Airlock customer's organization in the Futurae cloud.
4. The tokens are shipped to the customer.
5. The customer's administrator or helpdesk assigns tokens to users.
6. The users receive tokens either directly (onsite registration) or via a postal service.

The last two steps are described on: Hardware token management for Airlock 2FA.

Hardware tokens are subject to delivery time constraints as they may have to be ordered from the manufacturer. Delivery times are influenced by available stock, order size, and token configuration (e.g. activation code, languages).

• Offline QR code authentication
• Passcode authentication
• Hardware token management for Airlock 2FA
• Basic configuration settings