Introduction
A possible alternative to creating your OTP codes with an authentication app, is to generate the required codes using a programmable token (once programmed the token will act as a direct replacement for a Google Authenticator app).
This feature allows companies to provide hardware tokens to employees that don't want to use their personal mobile phones as authentication devices, and this direct replacement can be considered more secure than the phone based solution it replaces - once programmed the tokens are fully self contain authentication dedicated devices (unlike a smartphone that runs other apps and is always connected to the internet).
Obtaining Seed Data
Seed data will normally be sent to users either as a QR code (most common when adding tokens to authentication apps) , or in the form of a text file (more typical when distributing seed details for many tokens).
Before a programmable token can be programmed as a replacement to an authentication app you will additional need to identify the size of the time windows that the token will use (normally 30 or 60 seconds).
Seed Data sent as a QR Code
This is the most common choice for sending seed data to users and will typically be sent via email;
The above example QR code is a graphically coded version of the following example text;
"otpauth://totp/user@host.com?secret=DJG6HHQMFVGHKRAPTCTFIYTSJO2VWYOF"
As can be seen from the above example the seed (or secret component will normally take the form of a large Base32 encoded string, but may not include serial number or time window size details.
Seed Data sent in Text Files
The following is an example of how seed data may be sent as a seed file (in this example I have indicated the seed/secret for the token with serial number "80001002");
Additional Parameters to be set prior to burning the token
When using authenticator apps the time window is almost always set to 30 seconds (so unless you have a reason to need to program the token window size to 60 seconds, then it is best to leave the programming app time settings to the default 30 second window size).
The serial number of the token does not get used in the algorithm that calculates OTP codes.
When the token is programmed the internal clock will be updated with the time setting from with the clock setting on the device you use to program the token with (e.g. PC clock when using the windows app). It is therefore important to ensure that the time on your PC (or smartphone) has as accurate a time and date setting as possible.