Frequently Asked Questions
How do I set a good TokenOne PIN?
A TokenOne PIN can be 4, 5 or 6 digits. Your Administrator will tell you what PIN length is required for your service.
To set a good TokenOne PIN it must be 4 to 6 random numbers, do not repeat any digits. The system will not accept a PIN that has repeating numbers and will stop you from registering your account successfully.
Do not try to use your birthdate or easy to guess number sequences such as 2 4 6 8, 1 2 3 4 or 0 0 0 0.
What do I do if I have forgotten my Administration Password (recovery password)?
If you have forgotten your Administration Password (also known as your recovery password) then you will not be able to re-register to change your PIN or register a new device (if your phone/tablet has been replaced, lost or stolen).
To continue using TokenOne Authentication you will need to call your local Help Desk support for a password reset.
Once this reset have been completed by your Help Desk you can then register again to set a new PIN or register your new device
Why do I need strong two-factor authentication?
How can it be more secure if it’s only a 4-6 digit PIN?
TokenOne Authentication is secure with only a 4-6 digit PIN because it provides a genuine strong two-factor authentication service.
With TokenOne you never reveal your secret PIN - so the 'knowledge factor' remains strong. Your PIN is never entered, stored or transmitted. Unlike other solutions that rely on the user entering a 'secret' (usually a password) to prove they know it. TokenOne changes the knowledge factor paradigm by enabling proof of the knowledge factor without ever revealing it. This make the TokenOne PIN a 'zero knowledge password proof' and sets a new standard for authentication.
The second factor, the possession factor, is your smart device. This has been profiled and must also be present to prove you are an authorised user.
TokenOne Authentication provides genuine strong two-factor authentication as both factors are strong.
Is TokenOne Authentication simple to use?
Yes. The security principles behind TokenOne Authentication are sophisticated but the security model follows one we are all familiar with, the ATM card and PIN model.
Once registered, your phone/device becomes your card – a unique identity credential that cannot be copied and must be present for every authentication.
The TokenOne app on your phone/device and your TokenOne PIN means you can instantly create a one-time code that is different every time you need to log in.
So if you can remember a 4-6 digit PIN and have your phone/device you can securely and confidently access all your linked accounts and services.
What mobile device platforms are supported for the TokenOne app?
We support the major operating systems of iOS and Android for latest release to two years previously.
Here are the supported device platforms:
KitKat (4.4–4.4.4, 4.4W–4.4W.2)
Marshmallow (6.0 +)
What is TokenOne's support and maintenance policy?
TokenOne's Software Support and Maintenance Policy includes the following:
How do I register for TokenOne Authentication?
There are two ways to register for TokenOne Authentication:
1. A site or service you access may decide to provide TokenOne Authentication as a service and arrange for all their Users to get a registration email.
2. When you access a regular site or service they may offer TokenOne Authentication and provide a link to click to add it to your account.
What if I don’t want to use two-factor authentication?
If a site or service you use has added TokenOne Authentication it’s because they want to provide an easy to use and more secure way of accessing your account.
The company site you are logging into has determined that the level of risk and sensitivity of the information you are accessing requires two-factor authentication. If a company requires two-factor authentication this is due to the risk they have identified. It must be used to protect your privacy and secure your information.
I clicked the button to register for TokenOne Authentication on the website and didn’t get a Registration email?
I got a TokenOne Registration Email but I haven’t signed up for any new services?
If I lose my smartphone or it’s stolen, how quickly can it device be deactivated? Can they steal and use my KeyMaps?
Our system allows for you to simply remove (unlink) a device by re-registering a new device or register the old device as lost/stolen. The previous phone is then unable to be used to authenticate with TokenOne Authentication.
Even if a hacker stole your set of KeyMaps from your phone they are useless without the matching TokenOne PIN
Can my TokenOne PIN be revealed or compromised by hackers?
Our solution is designed so that no one, not even your service providers know your secret PIN.
TokenOne Authentication does not attempt to protect against ‘gun to the head’ attacks or similar targeted attacks. However, TokenOne Authentication does provide a high level of protection against remote online attacks, both targeted individual threats and mass attacks, in a way that is comparatively easy to deploy to users (app store) and very user friendly and convenient.
I am using your three-factor authentication service, how long should a speech sample be for reliable verification?
What if I have a cold when I need to record my voice sample?
What personal details of mine do you keep when I use this service?
I got this error message ‘Network Error’ – what do I do now?
If you get this message it means you do not have Internet connectivity. You can tap the Retry button if you think it has dropped out for a moment, but if it continues you will need to establish a stable connection to use the TokenOne application.
If you lose internet connectivity during the registration process and then get this error you will need to start the registration process again from the beginning.
I got this error message ‘Incomplete Registration’ – what do I do now?
I got this error message ‘Failed DB’ – what do I do now?
If you get this message it means that the set-up for this service does not allow one smart device to have two or more registered TokenOne Users. You will need to discuss your needs with your business as this is as result of a business rule they have implemented for the system.
I got this error message ‘Invalid Credentials’ – what do I do now?
How do I upgrade my TokenOne app to make sure I have the latest one?
Your app store will let you know when a new version of the TokenOne application is available to download. Just tap on the app store icon on your device and follow the prompts to update the TokenOne app.
If you have automatic updates enabled on your device the new version of our app will update as soon as it is released to your app store.
Can I have the TokenOne app on my phone and tablet to access the same service/site?
Yes you can. Two devices can be registered to use the same TokenOne Authentication account.
Note: This feature does depend on the configuration of TokenOne Authentication by your company.
How long will the KeyMaps on my phone last?
Even with heavy use the number of KeyMaps you have should last longer than the life of your smart phone or tablet. If you do manage to use a majority of your KeyMaps the system will give you a warning message.
To get more KeyMaps you have two choices:
1. Delete the TokenOne app from your device and re-register it
2. Get a new smart device and register it
Both options will give you a new set of 10 000 KeyMaps.
I have forgotten/lost/compromised my PIN – how do I change it?
There is no need to worry if you have lost or forgotten your PIN. You cannot change a PIN though, as TokenOne Authentication does not store it. To continue using the service you will need to download the application again and reregister your smart device with a new PIN.
I’ve been hacked! Has my TokenOne Account been compromised too?
I need to change my email address – how does this affect my TokenOne Account?
If I change companies, can I still use my existing login to authenticate?
What if I need to change my e‐mail address that I used to register with TokenOne Authentication?
If your email address is changing because you are changing companies, then you need to reregister with the new company email and associated account information.
If you are not changing companies, then change your email address from your TokenOne Profile.
If your company is changing their domain name, then contact your TokenOne Partner Manager to coordinate this activity for all impacted users.
I can’t find my question in this list – who do I contact?
How can I delete myself from the TokenOne Authentication system?
Why is the TokenOne’s Authentication solution better than a one-time password solution?
TokenOne’s Authentication is based on the use of One Time Pads. One Time Pads are the only recognised uncrackable form of encryption. They are not based on an algorithm that can be cracked by hackers.
Although One Time Passwords are better than regular passwords but they are still not as strong TokenOne’s use of One Time Pads. One Time Passwords are based on complex mathematical algorithms to generate the One Time Password that you enter instead of a regular password. However, the algorithm supporting RSA tokens has been publicly cracked at least three times rendering not only all issued tokens vulnerable but, also all of the relying systems that are dependent on the tokens.
Instead, with TokenOne’s use of One Time Pads, we call KeyMaps, you generate a new and different alpha version of your TokenOne PIN (by looking at the KeyMap in your TokenOne app and converting each digit of your PIN to letters) each time you need to authenticate. There is no algorithm to be cracked.
Because you have to convert your PIN each time you authenticate you are also proving it is you trying to gain access and not just someone using your phone (or token).
If I have multiple devices registered how does the TokenOne Authentication know which one I am using?
When you turn on your device and tap to open the TokenOne App it goes into standby mode. This mode tells the TokenOne server it is waiting to authenticate. So when you the log into a participating site or service the TokenOne server knows to talk to that device.
If you have multiple devices (a tablet and a phone turn on) the first one where you open the TokenOne app will talk to the TokenOne server and display the KeyMap you need to authenticate.
If you were using device for TokenOne Authentication and then turn on another device to use there is a session timeout (configured for 3 minutes) that will allow you to use your second device to authenticate.
Note: This feature depends on the configuration of TokenOne Authentication by your company.
I have registered for TokenOne Authentication but I can't authenticates as the app still says Set Up Your Account.
If you have gone through the registration process for TokenOne Authentication but can't authenticate as the app is showing the Set Up Your Account screen still then you have skipped a step in the registration process.
When registering successfully for TokenOne both the site/service and the smart device app will display a Success! screen to mark that you have completed the registration process. If you turn off the phone app before this step then registration is not complete and you won't be able to authenticate.
This is because after you have set your secret TokenOne PIN the app then needs to download and save your 10 000 KeyMaps to your device. Without these KeyMaps you will not be able to authenticate.
If this happens you will need to start the registration process from the beginning and wait till both the site/service and the app say Success! Only then can your authenticate using the TokenOne or turn off the device app.
I get a message saying my PIN is incorrect, but its not?
If you get a message saying that your PIN is incorrect and you are sure you entered the right letters from the KeyMap then your auto-fill setting may be changing the letters for you. This setting means your computer will automatically try to 'fix' the spelling to the nearest 4 to 6 letter word.
To avoid this problem turn on caps lock before you enter your PIN, this way the letters won't be changed.
How to ensure your letter code is not auto-corrected by your browser
When you encode your TokenOne PIN using your KeyMap you must enter the resulting letter code into your browser. For example you might enter the letters l a p b.
Often when you do this your browser settings try to auto-correct the entry to make a sensible word (such as l a m b for l a p b). This means you inadvertantly enter your encoded PIN incorrectly and cannot register or authenticate.
To prevent this from happening, without turning off the auto-fill feature, you can simply turn on caps lock before you enter your PIN. This way the browser will not try to correct your encoded PIN. (L A P B will not be corrected to L A M B)