Using Token2 hardware tokens for Hetzner accountHetzner Online, with hundreds of thousands of servers in operation, is one of the largest data center operators in Europe. Since its founding in 1997, Hetzner has provided private and business customers with powerful hosting products and reliable IT infrastructure. By combining its strengths in innovative technology, attractive prices, expert support, and flexible customer service, Hetzner has expanded its market both within and outside Germany and Europe. Hetzner, a German company, owns and operates its own high-tech data centers in Nuremberg and Falkenstein (both in Germany) and in Helsinki, Finland, and it recently added new locations in Ashburn, Virginia, and Hillsboro, Oregon (USA).
Hetzner allows the use of Token2 programmable tokens for two-step verification.
In this article, we will show the procedures required to configure 2FA for Hetzner accounts using Token2 programmable TOTP tokens (as a replacement for the Authenticator App).
Requirements:• A Hetzner account
• A Token2 programmable token
• An iPhone or Android device with NFC* - this is needed for the enrollment only, subsequent logins will only require the hardware token
[* Android and Windows versions are available for all models, but this guide will use the iPhone app as an example. iPhone apps are compatible with "-i" models only]
Step 1. Enable an MFA method1) Log into your Hetzner Account and go to Profile/My Account.
2) Go to Settings/Two-factor authentication, then click the "Enable 2FA" button. A window will appear, requesting the profile's password. Enter it and click on the "Enable 2FA" button again.
3) Write out the recovery key and keep it in a safe location. This recovery key will help you if you lose access to your hardware token. Click on the "Setup up Authentication " button to continue.
4) In the "ADD NEW METHOD" section, choose the "Mobile Device" method.
5) This will generate a QR code that you will scan using one of the provisioning tools in the next step.
Step 2. Provision the token
- Launch the NFC burner app on your Android device and hit the "QR" button
- Point the camera to the QR code shown on the account page. Upon a successful QR scan, the camera window should disappear
- Turn on the token and touch it with your phone (make sure it is overlapped by the NFC antenna) and click "Connect" on the app
- Upon successful connection, click the "Burn seed" button. If NFC link is established and the code is correctly scanned, you should see a status window showing "Burning..." and eventually (in a second or two), "burn seed successful.." message in the log window
- Launch the NFC burner app on your iPhone device and hit the "scan QR" button
- Point the camera to the QR code shown on the account page. Upon a successful QR scan, the camera window should disappear and the seed field will be populated with the hex value of the seed
- Touch the Burn button, then turn on the token and touch the top of your iPhone with the token
- Check the results of the process in the Results log field
Please note that the procedures above are shown only as examples and are valid to single profile TOTP tokens only. The procedure for multi-profile and USB-programmable devices are similar but slightly different
Step 3. Verify the OTPAfter the token provisioning is done, turn the token off and back on. Give some description and enter the account password. Then add the OTP generated by the hardware token to the "New generated OTP" value and click "ADD". You will be logged out of your account and redirected to the login page. After entering your login and password, you will be prompted to enter the OTP from your token to login. Enter it and click "Verify".
Now you have successfully enabled the Token2 programmable token to protect your account. You will be prompted to enter the OTP each time you log in to your Hetzner account.
Subscribe to our mailing list
Want to keep up-to-date with the latest Token2 news, projects and events? Join our mailing list!