A key fob is a small, programmable hardware device that provides access to a physical object. Key fobs, which are also called hardware tokens, can be used to provide on-device, one-factor authentication to objects such as doors or automobiles. They can also be used as an authentication factor for objects that require two-factor or multifactor authentication, such as laptops.
Hardware tokens are often small enough for users to store on a key ring, in their wallet or in their pocket. If a key fob is stolen or lost, it is more likely to be noticed immediately than a compromised password.
How a key fob is used in multifactor authentication
In the enterprise, key fobs are used to enable two-factor and multifactor authentication and to safeguard access to a company's network and data. In typical deployments, a user first enters a personal identification code (PIN) to log in to the network, followed by a pseudo-random token code generated by the key fob to gain access into the system or network.
The token code usually times out after a short period of time to prevent attackers from reusing intercepted codes.
While some hardware tokens only offer one-time password functionality, others can store digital certificates and Windows authentication credentials. These advanced hardware tokens can act as a user's master key and may not require the user to enter a PIN.
Biometric authentication may also be incorporated into hardware tokens. Some devices use the traditional fingerprint method, while others require users to swipe the key fob. This action reads the fingerprint ridges, but also the finger pad's seven layers of skin to authenticate the user.
Software token applications can offer the same authentication capabilities as the hardware tokens. Users can install a software token application on their smartphone to avoid carrying a physical device on their key ring.