security token (authentication token)

A security token (sometimes called an authentication token) is a small hardware device that the owner carries to authorize access to a network service. The device may be in the form of a smart card or may be embedded in a commonly used object such as a key fob. Security tokens provide an extra level of assurance through a method known as two-factor authentication: the user has a personal identification number (PIN), which authorizes them as the owner of that particular device; the device then displays a number which uniquely identifies the user to the service, allowing them to log in. The identification number for each user is changed frequently, usually every five minutes or so.

Unlike a password, a security token is a physical object. A key fob, for example, is practical and easy to carry, and thus, easy for the user to protect. Even if the key fob falls into the wrong hands, however, it can't be used to gain access because the PIN (which only the rightful user knows) is also needed.

This was last updated in September 2005

Next Steps

Looking for more in-depth coverage of token technology? Read these analyses of RSA Authentication Manager and SecurID tokens and CA Strong Authentication by expert David Strom.

Read about the benefits of using smartphone authentication tokens as an added layer of security.

Continue Reading About security token (authentication token)

Dig Deeper on Two-factor and multifactor authentication strategies