Physical Security

MFA that works without mobile phones.

Physical, dedicated devices for high-security and air-gapped environments. One-time passwords with no apps to install, no batteries to charge, and no network connection required.

Options

Two ways to get started.

YubiKey

Already have YubiKeys? They work with Mideye Server immediately. Touch the YubiKey to generate and type the OTP automatically, no manual code entry needed.

  • Buy from Yubico or any reseller
  • Touch to generate OTP
  • USB-A, USB-C, and NFC models

HID Tokens from Mideye

Order enterprise-grade HID tokens directly from us. We handle procurement, seed management, and worldwide shipping to your end-users.

  • Token cards or key fobs
  • 8-digit OTP codes
  • Long battery life

Use cases

When should you use hardware tokens?

No Mobile Phone Policy

Secure facilities, manufacturing floors, or contractors who aren't allowed to bring personal devices. A hardware token provides MFA without phone requirements.

Air-Gapped Networks

Networks with no internet connection can't use push notifications or SMS. Hardware tokens work completely offline in isolated environments.

Temporary Staff

External consultants who shouldn't install apps on personal phones. Issue a token for the project duration, and revoke it when the contract ends.

Fallback for Mideye+ Users

Users who primarily authenticate with Mideye+ push notifications can also have a hardware token assigned. If push delivery fails, they can enter the OTP from their token instead. This is configured per user as a fallback option.

How it works

From procurement to login.

1

Get Token

Purchase a YubiKey or order a fully managed HID token directly from Mideye.

2

Assign to User

Assign the token to the user via the self-service portal or the admin interface.

3

Authenticate

The user enters the OTP generated by the token at login for secure access.

Technical details

Specifications and security features.

SpecificationDetails
Token TypesTOTP (time-based), HOTP (event-based)
Code Length6 digits (YubiKey) or 8 digits (HID)
Time Period30 seconds
Clock Drift Tolerance±2 intervals (±60 seconds)
Replay ProtectionEach OTP can only be used once
AdministrationWebAdmin UI or Self-Service Portal
  • No OTP reuse: Each code can only be used once, even within the validity window.
  • Revocation states: Record whether a disabled token was lost, broken, or revoked for another reason.
  • Authentication logging: Every authentication attempt is logged with timestamp, result, and user details.
  • Self-service enrollment: Users can register their own hardware token via the self-service portal.

Advanced: Import tokens from other vendors

If you have existing OATH-compliant tokens from vendors like Feitian or SafeNet, you can import them via PSKC (Portable Symmetric Key Container) files.

Read the technical documentation →

Need Hardware Tokens?

Hardware token support is included with Mideye Server 6.x. Contact us to order HID tokens or discuss your requirements.