6.2. Hardware and Software Tokens¶
eduMFA supports a wide variety of tokens by different hardware vendors. It also supports token apps on smartphones, which handle software tokens.
Tokens not listed will be probably supported, too, since most tokens use standard algorithms.
If in doubt drop your question on the mailing list.
6.2.1. Hardware Tokens¶
The following hardware tokens are known to work well.
Yubikey. The Yubikey is supported in all modes: AES (Yubikey), HOTP Token and Yubico Cloud. You can initialize the Yubikey yourself, so that the secret key is not known to the vendor. The process is described in Yubikey Enrollment Tools.
eToken Pass. The eToken Pass is a push button token by SafeNet. It can be initialized with a special hardware device. Or you get a seed file, that you need to import to eduMFA. The eToken Pass can run as HOTP Token or TOTP token.
eToken NG OTP. The eToken NG OTP is a push button token by SafeNet. As it has a USB connector, you can initialize the token via the USB connector. Thus the hardware vendor does not know the secret key.
DaPlug. The DaPlug token is similar to the Yubikey and can be initialized via the USB connector. The secret key is not known to the hardware vendor.
Smartdisplayer OTP Card. This is a push button card. It features an eInk display, that can be read very good in all light condition at all angles. The Smartdisplayer OTP card is initialized at the factory and you get a seed file, that you need to import to eduMFA.
Feitian. The C100 and C200 tokens are classical, reasonably priced push button tokens. The C100 is an HOTP Token token and the C200 a TOTP token. These tokens are initialized at the factory and you get a seed file, that you need to import to eduMFA.
Passkeys. Yubikeys are known to work well with eduMFA, but token compatibility depends on the implementation of the surrounding software. On some Android devices, passkey logins with certain hardware tokens can fail. This is outside of eduMFA’s control. We recommend testing tokens before buying them in bulk, e.g. using one of the available testing websites. See WebAuthn for more information on WebAuthN.
6.2.2. Smartphone Apps¶
Aegis Authenticator. An open source TOTP and HOTP Token app for Android.
FreeOTP. eduMFA is known to work well with the FreeOTP app. The FreeOTP app supports only TOTP. So if you scan the QR Code of an HOTP token, the OTP will not validate. It also has a version for iOS.
Google Authenticator. The Google Authenticator is working well in HOTP and TOTP mode.
mOTP. Several mOTP Apps like “Potato”, “Token2” or “DroidOTP” are supported.
privacyIDEA Authenticator (unsupported). privacyIDEA Authenticator is based on the concept of the Google Authenticator and works with the usual QR Code enrollment. But on top it also allows for a two step enrollment process (See Two Step Enrollment). It can be used for HOTP Token, TOTP, eduPUSH Token and Legacy PUSH Token.