I have also seen implementations of this technology where the only authentication is with the key. This is not an optimal approach; if someone has the key, an attacker can log in to your bank without a user ID or a password. The better implementations utilize the key along with an ID and password.
Dig deeper on SSL and TLS VPN Security
Related Q&A from John Strand, featured expert
Expert John Strand reviews how to spot input validation flaws on your websites.continue reading
Expert John Strand explains how to shore up security as you plan a large-scale advertising campaign.continue reading
Expert John Strand reveals two exciting trends in antivirus software.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.