A security token, also commonly referred to as an authentication token, is a small hardware device that you use to gain access to a system. These devices are often used with passwords to provide a second layer of security when you log into an application, service, or network. Some examples you may be familiar with include USB drives, tokens that generate random numbers at regular intervals, and input devices such as number pads.
There are three main types of security tokens:
• Connected tokens: Users physically connect these tokens to the system they wish to access. Smart cards, for instance, are inserted into a device’s smart card reader.
• Disconnected tokens: These are the most commonly-used tokens in two-factor authentication with passwords. Users don’t have to physically insert these tokens into their devices, but they may instead need to enter a code that the token generates.
• Contactless tokens: Contactless tokens don’t need to physically connect to a device, nor do they require the user to manually input something. Instead, these tokens transmit authentication data to a given system, which then determines whether the user has access rights. Bluetooth tokens are a common example of this.
How Do Security Tokens Work?
Security tokens use a variety of methods to authenticate users. Some store verification information, such as an encrypted digital key, or a biometric identifier like fingerprint details. After the user inserts the security token into their workstation or laptop, or enters the code generated by it, their work device analyzes this stored information to authenticate the user’s identity. The system then compares the information with what it has in the database. If the information is correct, the user is then authorized access to the system.
This concept of authentication and authorization is the same as with using passwords—but with security tokens, users don’t have to enter any login credentials, and the encrypted information is on a secure device in the user’s possession.
What Benefits Do Security Tokens Provide?
Security tokens offer stronger protection than using usernames and passwords alone. Every organization has digital assets that are confidential, and in some cases, highly valuable. Attackers often target these assets by taking advantage of users’ poor password practices, like using easy to guess passwords, or the same password across multiple accounts.
Security tokens can mitigate these threats by complementing—or even replacing—passwords. When used with passwords, security tokens form part of a multi-factor authentication (MFA) solution. MFA solutions reinforce system security as they require the user to submit another verification factor, such as one-time passcodes and U2F token information.
Security tokens provide excellent secondary verification as they rely on a possession factor (something the user has) in addition to a knowledge factor (something the user knows, like their password). Even if a hacker gets ahold of your password, they wouldn’t be able to access your information without your security token.
Think of it this way: exclusively using a password is like protecting your home with just a number combination. It works, but it also grants access for anyone else who knows the number. Adding a security token puts a key-locked gate in front of your door—even those that know your door combination can’t get past the gate, and your home stays safe and sound.