Q-Bot is a unique robot whose goal is to automate the double authentication (2FA) by retrieving the value of authentication tokens.

Hardware tokens are often used as a second authentication factor(dual authentication or 2FA) and allow for increased security of access to applications or computer systems in general. Luxtrust is a Luxembourg-based provider of secure access to bank accounts, monetary transactions or to strengthen confidence in cybersecurity.

With a robot like Q-Bot, which automatically retrieves the value of tokens, it becomes possible to automate testing processes that were previously impossible to automate.

Q-Bot allows to automate the execution of the most critical test cases that until now could not be executed because of the physical constraint of authentication tokens.

With Q-Bot, it becomes possible to automate the testing of the most critical functionalities of the applications, for example login, document signing, transaction validation, official requests, etc.

All features that require the use of an authentication token (dual authentication or 2 FA) cannot be automated without a bot like Q-Bot.

The testers’ objectives are to validate that the applications comply with the requirements defined upstream.

Testers, especially automation specialists, need to be able to interact with the full functionality of an application. Bypassing certain features such as two-factor authentication puts the quality of the delivered application at risk. With Q-Bot, these features can now be tested, which results in a higher quality of the delivered application.

For testing activities, Q-Bot is a simple, safe and effective solution:

• It is very easy to use with its two types of access: Web and API
• There is no software installation required. A simple connection to the company network is required
• The recovery of the token value is done in less than 10 seconds
• The efficiency of the token’s value recognition exceeds 99%.
• A single robot can be used by an entire team. Retrieval requests are queued and processed one after the other in FIFO (first in first out) order

You can take an appointment with Sylvain Perez, creator of Q-Bot and CEO of Q-Leap by following the Calendly link below. You will participate in a demo and be able to ask all the questions you want.

You can also contact us by email at bot@q-leap.eu or call us at +352 20 21 17.

The first version of Q-Bot was designed to work with the tokens of the Luxtrust brand, leader on the authentication market in Luxembourg. In its second version, Q-Bot supports the vast majority of physical tokens on the market.

If you want to know if your token works with Q-Bot, do not hesitate to contact us by email at bot@q-leap.eu or by phone at +352 20 21 17.

In a future version, Q-Bot will also support dual authentication on all types of smartphones.

Q-Bot is offered through a rental contract at a rate of 590 EUR per month all inclusive. This price includes technical assistance and replacement of the robot in case of failure.

It’s very simple, contact us by email at bot@q-leap.eu or call us by phone at +352 20 21 17 and ask for Sylvain Perez.

Yes, technical support is included with Q-Bot.

Once Q-Bot is connected to the corporate network and accessible by the testers’ machines, the recovery of the token value can be tested immediately from the web interface.

In a second step, the Q-Bot API should be used from an automated test case. A GET call to the Q-BOT API retrieves the token value in a few seconds. All test automation technologies like selenium, webdriver.io, cypress, appium, robot framework, cucumber, etc. allow to make API calls. Finally, you just need to use the appropriate method to call the Q-Bot API, retrieve the token value and insert it in the OTP field of the application’s authentication form.

Q-Bot works with a mini-computer the size of a credit card from the Raspberry Pi brand. This mini-computer, which runs under Linux, coordinates all the processing required to recover the value of the token.

When Q-Bot starts, its web server starts automatically. The latter listens and responds to requests sent on its Web interface or API

The processing of a request always follows the following actions performed by the different components inside the Q-Bot:

1. The actuator presses on the button of the token to light it
2. The leds light up to illuminate the screen of the token
3. The camera focuses on the token screen and takes a picture
4. The leds go out
5. The actuator presses on button of the token to extinguish it
6. The token value recognition program processes the photo and returns the value

Q-Bot requires a connection to the corporate network to be accessible by automated test cases. However, it does not need an internet connection because all operations are performed locally on the robot. Q-Bot takes a picture of the token with the OTP value and with the help of a Computer Vision type image processing, recovers the OTP value. Before returning this value to the test case, the photo is deleted from the Q-Bot. This way, no files or information are stored on Q-Bot.

Contact Q-Bot support by email: bot@q-leap.eu or call us at +352 20 21 17.

If it is not possible to repair it remotely, the customer can send the robot back and we will send you a brand new and functional robot.

As a person interested in Q-Bot, we keep your email address, name and surname in our database for future business contacts.

As a Q-Bot customer, your personal information is used only for our billing process.

We will never give or sell your personal data.
They are kept within Q-Leap. You may, upon request, retrieve them, correct them or ask us to delete them.

Dual authentication (2FA) via SMS is a type of authentication often used in addition to the standard password in two-factor authentication (2FA) or multi-factor authentication (MFA) flows. Two-factor authentication via SM involves sending a one-time password (OTP) to the user via text message (SMS).

If you are looking for a solution to automate test flows involving SMS messages, we recommend using GetMyMFA, our trusted partner.

GetMyMFA is an SMS-based MFA / 2FA sharing platform covering a variety of use cases. Primarily, GetMyMFA can be used to automate E2E tests involving SMS feeds allowing for dual authentication, but it can also be used to facilitate mobile application submissions or robotic process automation through the rental of virtual phone numbers.

With GetMyMFA you can easily purchase virtual private phone numbers that will retransmit SMS authentication codes automatically.

More information here.