The biggest danger is either via unauthorized access by an employee, or worse, internal fraud. An unattended token can grant inappropriate access to someone else's account. And while the thief would still need the user's ID and password, they could easily obtain those.
The best way to prevent malicious token use is to educate employees on how to use them securely. Employees should be taught safe password practices, such as not writing them down and posting them by their desk. Employees should lock up their tokens or carry them when not in use. They should also lock their monitors when they get up from their desk, even if it is simply to get a cup of coffee or use the bathroom.
Distribute tokens from a central location or warehouse where they can be inventoried. Keep a record of all tokens received, as well as their serial numbers and apiece count. To verify that the right user received the right token, implement a policy that requires users to send inactive tokens to the help desk or to an online registration system to be activated. That way the help desk or online system can verify the user, ask for the token serial number and match it with the serial number of the sent token. Please keep in mind that the system you choose should depend on the size of your organization. For example, if you work for a large company, it's not a good idea to deluge the help desk with calls to activate tokens.
An alternate system can involve sending a new user an activation code by e-mail. Again, keep in mind that if you use this system only the activation code should be sent to the user. This will prevent theft of the token and its credentials. To activate the token, the code can be entered online at a predetermined registration site.
Dig deeper on Security Token and Smart Card Technology
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.