ESET Secure Authentication – Table of Contents

Hard Tokens

A hard token (also known as a hardware token) is a device that generates an OTP and can be used in conjunction with a password as an electronic key to access something. Hard tokens come in many different device types, such as a key fob which can be clipped onto a keyring or in a credit card form which can be stored in a wallet.

HOTP stands for "HMAC-based One-time Password", which is an event-based OTP

TOTP stands for "Time-based One-time Password"

HOTP and TOTP can be generated by hardware (hard tokens) or software (for example, the ESA Mobile App).

ESA supports all OATH-compliant hard tokens, but ESET does not supply them. The hard token HOTPs can be used the same way as the HOTPs generated by the mobile app or sent to the user via SMS. Scenarios where this may be useful is to support legacy token migration, for compliance or if it fits with the company policy.

The token data can be imported into ESET Secure Authentication using an XML file in the PSKC format. Most hard token vendors supply you with a PSKC file when you purchase your hard tokens.

We recommend verifying with the vendor that the hard token you will use is OATH-compliant.

Enable and Import Hard Tokens

1.In the ESA Web Console, click Hard Tokens.

2.Select a company if applicable.

3.Click the Import Hard Tokens button.

4.Select the file to import. This should be an XML file in the PSKC format. Contact the vendor if such a file was not received from the hard token vendor. If the XML file is password protected or protected by an encryption key, type the password or encryption key (HEX or base64 format) in the Password field in the Import Hard Tokens window.

5.Click Import.

6.A result notification will pop up indicating how many hard tokens were imported and the imported hard tokens will be displayed.

List of imported hard tokens

Assign Hard Token to a user

1.In the ESAWeb Console, click Users.

2.Click the name of the appropriate user.

3.Click the toggle next to Hard Token and select a hard token from the list.

4.Click Save.

List of imported hard tokens

Revoke Hard Tokens

Revoking a hard token for a user will also disable that user for hard token authentication.

1.In the ESA Web Console, click Hard Tokens.

2.Select the appropriate tokens and click Revoke.

Resynchronize a Hard Token

A hard token may become out of sync with the system. This can happen if:

a user generates many new OTPs for an event-based hard token without using them

the internal time of a time-based hard token is out of sync

In these scenarios, a resynchronization will be required.

A token can be resynchronized as follows:

1.In the ESA Web Console, click Hard Tokens.

2.In the appropriate row, click Three dots menu, and select Resynchronize Hard Token.

Hard token assigned to the user

3.Generate and enter two consecutive OTPs using the selected hard token.

Entering two generated OTPs in the synchronization process

4.Click the Resynchronize button.

5.A successful message will display.

Delete Hard Tokens

1.In the ESA Web Console, click Hard Tokens.

2.Select the appropriate tokens and click Delete.