Two-factor authentication (2FA) easier than ever!

Automate dual authentication (2FA)

Unique solution on the market that allows the automatic recovery of the OTP (One Time Password) on all your tokens, even those of the Luxtrust brand. Q-BOT connects with one click to automate dual authentication for all test cases.

It is a unique solution in the software testing market. Q-Bot was created by testers, for testers. Q-Bot simplifies the life of testers and the automation of their test cases.

Robot Q-Bot pour automatiser la double authentification
Automate dual authentication via Token

Recover the value of Luxtrust tokens

Finally, with Q-Bot it is now possible to automate double authentication (2FA) and the most sensitive operations that require the use of a token such as those of the Luxtrust brand.

Token Luxtrust - OTP

Why Q-Bot is the ideal ally for software testers?

Automate dual authentication
in 100% of the test cases

Plug & Play

No installation required, just a network connection


Get the value of the OTP in less than 10 seconds


Recognition rate
of the OTP to 100%


Accessible via
a web interface
or an API

Q-Bot requires no installation or configuration.
Connect it to your network and start using it immediately!

caractéristiques techniques - caméra 4K intégrée au robot
Automate operations protected by 2FA

Q-Bot for all IT professionals

All types of projects

Q-Bot takes care of your development, testing, integration or business process automation (Robot Process Automation RPA) projects requiring validation by Luxtrust token.

All types of applications

Q-Bot supports your Web, Mobile or Desktop applications. The use cases are numerous: authenticate a user, create a user account, confirm an e-commerce transaction, reset a user's password, validate a money transfer, sign a document, request an official document...

Serveur Q-Bot dédié à automatiser les cas de test logiciels

Who can use Q-Bot to automate test cases?

Q-Bot for all IT professionals

All types of IT projects

Q-Bot supports your development, testing, integration or business process automation (RPA) projects requiring token validation.

All types of applications

Q-Bot supports your Web, Mobile or Desktop applications. The use cases are numerous: authenticate a user, create a user account, confirm an e-commerce transaction, reset a user's password, validate a money transfer, sign a document, request an official document...

Q-Bot in less than a minute!

Automate the use of Luxtrust tokens

Find out how Q-Bot allows you to connect to Luxtrust with Cypress, for example.

Compatible with Selenium, Katalon, Robot Framework,
and all other automation solutions through its simple and secure API.

See more videos with Postman and the web interface!

Innovation continues...



February 2022

Customer needs have been identified and start to develop a prototype.


May 2022

First functional prototype based on the Luxtrust token


The main questions around Q-BOT


Q-Bot is a unique robot whose goal is to automate the double authentication (2FA) by retrieving the value of authentication tokens.

Hardware tokens are often used as a second authentication factor(dual authentication or 2FA) and allow for increased security of access to applications or computer systems in general. Luxtrust is a Luxembourg-based provider of secure access to bank accounts, monetary transactions or to strengthen confidence in cybersecurity.

With a robot like Q-Bot, which automatically retrieves the value of tokens, it becomes possible to automate testing processes that were previously impossible to automate.

Q-Bot allows to automate the execution of the most critical test cases that until now could not be executed because of the physical constraint of authentication tokens.

With Q-Bot, it becomes possible to automate the testing of the most critical functionalities of the applications, for example login, document signing, transaction validation, official requests, etc.

All features that require the use of an authentication token (dual authentication or 2 FA) cannot be automated without a bot like Q-Bot.

The testers’ objectives are to validate that the applications comply with the requirements defined upstream.

Testers, especially automation specialists, need to be able to interact with the full functionality of an application. Bypassing certain features such as two-factor authentication puts the quality of the delivered application at risk. With Q-Bot, these features can now be tested, which results in a higher quality of the delivered application.

For testing activities, Q-Bot is a simple, safe and effective solution:

  • It is very easy to use with its two types of access: Web and API
  • There is no software installation required. A simple connection to the company network is required
  • The recovery of the token value is done in less than 10 seconds
  • The efficiency of the token’s value recognition exceeds 99%.
  • A single robot can be used by an entire team. Retrieval requests are queued and processed one after the other in FIFO (first in first out) order

You can take an appointment with Sylvain Perez, creator of Q-Bot and CEO of Q-Leap by following the Calendly link below. You will participate in a demo and be able to ask all the questions you want.


You can also contact us by email at or call us at +352 20 21 17.

The first version of Q-Bot was designed to work with the tokens of the Luxtrust brand, leader on the authentication market in Luxembourg. In its second version, Q-Bot supports the vast majority of physical tokens on the market.

If you want to know if your token works with Q-Bot, do not hesitate to contact us by email at or by phone at +352 20 21 17.

In a future version, Q-Bot will also support dual authentication on all types of smartphones.

Q-Bot is offered through a rental contract at a rate of 590 EUR per month all inclusive. This price includes technical assistance and replacement of the robot in case of failure.

It’s very simple, contact us by email at or call us by phone at +352 20 21 17 and ask for Sylvain Perez.

Yes, technical support is included with Q-Bot.

Once Q-Bot is connected to the corporate network and accessible by the testers’ machines, the recovery of the token value can be tested immediately from the web interface.

In a second step, the Q-Bot API should be used from an automated test case. A GET call to the Q-BOT API retrieves the token value in a few seconds. All test automation technologies like selenium,, cypress, appium, robot framework, cucumber, etc. allow to make API calls. Finally, you just need to use the appropriate method to call the Q-Bot API, retrieve the token value and insert it in the OTP field of the application’s authentication form.

Q-Bot works with a mini-computer the size of a credit card from the Raspberry Pi brand. This mini-computer, which runs under Linux, coordinates all the processing required to recover the value of the token.

When Q-Bot starts, its web server starts automatically. The latter listens and responds to requests sent on its Web interface or API

The processing of a request always follows the following actions performed by the different components inside the Q-Bot:

  1. The actuator presses on the button of the token to light it
  2. The leds light up to illuminate the screen of the token
  3. The camera focuses on the token screen and takes a picture
  4. The leds go out
  5. The actuator presses on button of the token to extinguish it
  6. The token value recognition program processes the photo and returns the value

Q-Bot requires a connection to the corporate network to be accessible by automated test cases. However, it does not need an internet connection because all operations are performed locally on the robot. Q-Bot takes a picture of the token with the OTP value and with the help of a Computer Vision type image processing, recovers the OTP value. Before returning this value to the test case, the photo is deleted from the Q-Bot. This way, no files or information are stored on Q-Bot.

Contact Q-Bot support by email: or call us at +352 20 21 17.

If it is not possible to repair it remotely, the customer can send the robot back and we will send you a brand new and functional robot.

As a person interested in Q-Bot, we keep your email address, name and surname in our database for future business contacts.

As a Q-Bot customer, your personal information is used only for our billing process.

We will never give or sell your personal data.
They are kept within Q-Leap. You may, upon request, retrieve them, correct them or ask us to delete them.

Dual authentication (2FA) via SMS is a type of authentication often used in addition to the standard password in two-factor authentication (2FA) or multi-factor authentication (MFA) flows. Two-factor authentication via SM involves sending a one-time password (OTP) to the user via text message (SMS).

If you are looking for a solution to automate test flows involving SMS messages, we recommend using GetMyMFA, our trusted partner.

GetMyMFA is an SMS-based MFA / 2FA sharing platform covering a variety of use cases. Primarily, GetMyMFA can be used to automate E2E tests involving SMS feeds allowing for dual authentication, but it can also be used to facilitate mobile application submissions or robotic process automation through the rental of virtual phone numbers.

With GetMyMFA you can easily purchase virtual private phone numbers that will retransmit SMS authentication codes automatically.

More information here.


We have not been able to confirm your registration.
Your subscription to our newsletter is confirmed.


If you want to get the latest news from Q-Bot, subscribe to our newsletter.

We use Sendinblue as a marketing platform. By submitting this form, you acknowledge that the information you are about to provide will be transmitted to Sendinblue in its capacity as data processor; and in accordance with its terms and conditions of use.