We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page
Protectimus Crystal hardware tokens for two-factor authentication operate in accordance with OATH standards. Protectimus Crystal OTP tokens support TOTP algorithms (RFC 6238) and SHA-1. One-time passwords have a 60-second lifetime.
You can buy Protectimus Crystal tokens in orders of as few as 1 unit. For orders of 1000 units or more, OTP tokens supporting SHA-256 and 30-second one-time password lifetimes are also available.
Hardware OTP tokens are the most reliable one-time password generators. One-time passwords are automatically generated without an internet or cellular network connection. This eliminates even the smallest chance of a one-time password being intercepted, or of the device being compromised by malware.
Protectimus Crystal OTP tokens are protected from dust and moisture, as well as from cyberattacks. The battery lasts for about 5 years — a significant advantage over competing TOTP tokens that shut off automatically after 2 years, requiring customers to buy new tokens regularly.
The Protectimus Crystal TOTP token looks like a small key fob. The convenient design and rugged body let you carry the token right on your key chain. The best feature of this token, however, is the 6-digit display with large digits. The digits on the Protectimus Crystal’s display are significantly larger than those on the Protectimus Two.
| Image | Token Model | Price, pcs 110050010005000 | Brief Description | Description | |
|---|---|---|---|---|---|
 | PROTECTIMUS TWO | $11.99$11.49$10.99$9.99$8.99 $3 when paying service in advance for a year | Bulletproof OTP token: reliable, waterproof, stylish | Bulletproof TOTP token: reliable, waterproof, stylish $3 when paying service in advance for a year | |
 | PROTECTIMUS FLEX | $19.99$18.99$16.99$15.99$13.99 | The reprogrammable and stylish hardware TOTP token | The reprogrammable hardware TOTP token | |
 | PROTECTIMUS SHARK | $14.99$14.49$13.99$12.99$11.99 | This hardware token offers exceptional security features by supporting TOTP (RFC 6238) and SHA-256 algorithm | We recommend using this token | |
 | PROTECTIMUS SLIM MINI | $29.99$28.99$26.99$24.99$21.99 | Reprogrammable NFC token, that fits any two-factor authentication system | Reprogrammable NFC token | |
 | PROTECTIMUS SMART | free | Available for all key Android and iPhone platforms | Software token for Android and iPhones | |
 | PROTECTIMUS PUSH | free | Push via Android and iPhone applications | Сonvenient and reliable | |
 | PROTECTIMUS BOT | free | OTP delivery via messenger — easy, secure, convenient. The service is available on Telegram, Viber and Facebook Messenger. | The service is available on Telegram, Viber and Facebook Messenger | |
 | PROTECTIMUS SMS | $2 per user/month | Minimum hassle | Minimum hassle | |
 | PROTECTIMUS MAIL | free | Minimum costs | Minimum costs |
The Protectimus Crystal hardware OTP token is a freestanding device, so it doesn’t require a network connection. One-time passwords are generated using the TOTP algorithm with two parameters: a secret key hard-coded into the token, and a variable (the current time value). The secret key and time are known to the authentication server. The two-factor authentication server verifies the one-time password generated by the token against the OTP generated by the server using the same data. If the one-time passwords match, authentication is successful.
Apart from hardware OTP tokens, SMS, email, iOS and Android apps, and messaging services are commonly used for delivering and generating one-time passwords. But all these MFA approaches have vulnerabilities: one-time passwords can be intercepted during delivery, such as by compromising a cellular network or using a virus installed on a mobile device. Hardware one-time password generators are isolated, excluding both of these threats. Tokens cannot be infected by viruses, and one-time passwords aren’t delivered — the OTP token itself generates them.
TOTP tokens generate one-time passwords based on a secret key and the current time. The TOTP password generation algorithm replaces HOTP and is more secure. Under the HOTP algorithm, one-time passwords are generated based on a secret key and an event counter whose value increases in increments of one. In this manner, an attacker can generate and write down several OTPs in advance. OTPs generated by a TOTP token are valid for only 60 seconds. These one-time passwords cannot be generated in advance.
Protectimus Crystal OTP authentication tokens meet OATH standards. The Protectimus Crystal is a reliable hardware TOTP token that is resistant to moisture and dust, and immune to cyberattacks. These authentication tokens work for about 5 years. One-time passwords are generated without a network connection, so Protectimus Crystal authentication tokens cannot be infected by viruses and one-time passwords cannot be intercepted. Even if an attacker presses the button on the OTP token and receives a one-time password while nobody is looking, the one-time password will be valid for only 30 or 60 seconds. It is impossible to generate several OTPs in advance.
You can buy the Protectimus Crystal to use it with the Protectimus two-factor authentication system, or with any other multifactor authentication server that works according to OATH standards. The Protectimus Crystal TOTP authentication token comes with a hard-coded secret key that cannot be changed. The Protectimus Crystal security token features a compact form factor (it’s the smallest key fob OTP token), but it’s equipped with a large, convenient LCD display that makes it easy for even those with poor eyesight to read one-time passwords.
