OATH
HelloID supports Open Authentication (OATH) classic hardware tokens for 2FA. These tokens are not vendor-specific, so there are a lot of cost-effective options available.
To get started, go to Security > 2FA > Management, enable Hardware Token Authentication, and click Apply. Then, Add an OATH token or Import OATH tokens.
For a list of OATH tokens that have been tested with HelloID, see Supported 2FA hardware.
Time drift
The allowed clock skew for tokens is 15x the entry interval, in both directions. For example, if the interval is 30 seconds, the allowed skew is +/- 450 seconds. Or, if the interval is 60 seconds, the allowed skew is +/- 900 seconds.