What Is a Security Token?

What Is a Security Token?

Thousands of businesses across the globe save time and money with Okta. Find out what the impact of identity could be for your organization.

What Is a Security Token?

Learn why Top Industry Analysts consistently name Okta and Auth0 as the Identity Leader

A security token is a physical device that users must possess to access a system. Authentication data must flow between both the user and the system to validate identities and access. A security token is the conduit for this data.

The Prevalence of Security Tokens

Passwords and personal identification numbers are ubiquitous in modern businesses. Most employees know that they must enter some set of credentials to access files, servers, and sensitive documents. Security tokens take this protection to the next level.

A security token can be as big as a key fob or as small as a microchip. They either hold information that verifies a person's identity or communicate with a database or third-party system that offers verification services.

How Do Security Tokens Work? 

Each year, hackers cause approximately $400 billion in losses. Businesses have to protect against this very real threat, or the damage could be immense.

Imagine you work for a large corporation, and it's your job to protect intellectual information worth millions. Hackers want it, and it's your job to keep them away. Your token setup could include:
 

  • Keywords. The user must type in a secure password from memory. There are often detailed requirements for this password, such as a certain minimum number of characters or other specifications.
  • Computer setup. During an attempted login event, the computer system sends a message to the user's cellphone. That message contains a password that must be entered, or access is blocked.

On the surface, this is the same type of authentication and authorisation consumers have used for years with passwords. They must enter credentials they have memorised to access the systems they need. But security tokens require some type of tool. Simple memory isn't enough.

Security Token Illustration