What is a security token?
The token often called a security token, is a hardware component, usually in the form of a small smart card or USB stick-like device, which its owner can use to authenticate himself to computer systems, services, networks, or access systems.
Authentication by means of a token offers additional security compared to the normal user password procedure since the user must be in possession of the physical security key in addition to knowledge of the user name and password. As soon as one of the required factors is missing, access to the system is denied.
In addition to passwords or PINs, biometric recognition features such as human fingerprints can also be used in conjunction with a security token. Some tokens are also capable of generating one-time passwords on demand, which can be used together with other authentication factors for multifactor authentication (MFA). The mere loss of the token does not usually pose a security threat to the system, since the user needs other factors for successful authentication and a pure token is useless.
Example of authentication with a security token
Depending on the type of token and the system to which the security token is to grant access, different procedures and processes are used for authentication. An exemplary procedure could look as follows: The user holds the token in front of a reader. The reader recognizes the token via a unique feature and requests further features for authentication.
The user can then enter a PIN or password, for example, and other features. If the characteristics entered match the token, the system grants the user access to permitted resources. In all other cases, it denies access and logs the failed authentication attempt. Under certain circumstances, the token is completely blocked after a certain number of incorrect access attempts.
Advantages of authentication with a security token
In contrast to pure password authentication, the security token provides additional security because the user must be in possession of a physical object. Even if all other credentials are spied out, the attacker will never gain access to the system without the token.
Since the token is usually very small and can be attached directly to a key ring, for example, it is easy to carry around and use everywhere. If it is lost, this will be noticed quickly if it is used regularly. A lost token does not allow unauthorized access because it lacks additional features such as a PIN or password.
If the token falls into the wrong hands, it can be quickly and easily blocked for any further use and is thus completely useless. Since each token is unique and has properties that cannot be copied, unauthorized duplication or manipulation is virtually impossible.
In order to use tokens covertly without this being visible to outsiders, radio-based reading methods for short distances are possible. In this case, the token can remain in the pocket, for example, and does not have to be explicitly held up to the reader.
Possible applications for the security token
The possible applications for security tokens are very diverse. For example, they can be used as follows:
- Logging on to a PC, a network, or a Windows domain
- Dialing into a company network via the public Internet (VPN service)
- Employee time recording
- Cashless payment
- Access to specially protected areas
- Online banking
- Accessing pay TV offers
- Use of ATMs
- As a key for the car
- Travel ticket
- Admission ticket
- Health insurance card
- In the form of a SIM card in a cell phone or smartphone for access to a specific mobile network