Definition

security token (authentication token)

A security token (sometimes called an authentication token) is a small hardware device that the owner carries to authorize access to a network service. The device may be in the form of a smart card or may be embedded in a commonly used object such as a key fob. Security tokens provide an extra level of assurance through a method known as two-factor authentication: the user has a personal identification number (PIN), which authorizes them as the owner of that particular device; the device then displays a number which uniquely identifies the user to the service, allowing them to log in. The identification number for each user is changed frequently, usually every five minutes or so.

Unlike a password, a security token is a physical object. A key fob, for example, is practical and easy to carry, and thus, easy for the user to protect. Even if the key fob falls into the wrong hands, however, it can't be used to gain access because the PIN (which only the rightful user knows) is also needed.

This was last updated in September 2005

Next Steps

Looking for more in-depth coverage of token technology? Read these analyses of RSA Authentication Manager and SecurID tokens and CA Strong Authentication by expert David Strom.

Read about the benefits of using smartphone authentication tokens as an added layer of security.

Continue Reading About security token (authentication token)

Dig Deeper on Two-Factor and Multifactor Authentication Strategies

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Allow users to enter their username and password in order to obtain a token which allows them to fetch a specific resource - without using their username and password the user could pass the token, once they've obtained it, on to some other automated system which they're willing to trust for a limited time and a limited set of resources, but would not be willing to trust with their username and password
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close