A single-factor token is a small hardware device that produces one confirming credential for user authentication; the devices may be used in conjunction with other types of credentials for multifactor authentication.
Single-factor tokens require their presence alone. A security token that like a USB key fob contains or produces user authentication data for automatic login to a workstation, network, resource or service can be considered a single-factor token. Some single-factor tokens require further action, such as a button press to display a PIN code, as in RSA SecureID, or use of some soft token smartphone app. Security tokens that require a PIN to activate represent two factors of authentication.
Single-factor tokens belong to the possession category of authentication factors. Authentication factors are usually categorized as knowledge factors (sometimes referred to as things that the user knows) inherence factors (things that the user is, usually biological characteristics) and possession factors (things that the user has). Proof that the user has the device in his possession confirms his authorization to interact with the system in question.
Single factor tokens are typically used along with user names and passwords for two-factor authentication. Multifactor authentication (MFA) improves security by adding types of credentials that have different sources. The more authentication factors involved, the more difficult it is for an attacker to access all elements required to masquerade as an authorized user.
Confidence in single-factor tokens --especially the former standard RSA's Secure ID -- has waned since the RSA security breach in 2011, in which hackers stole data from RSA's secured servers. There were also allegations of CIA back doors intentionally installed into RSA encryption in that same year, which further eroded consumer confidence.
Multifactor tokens are considered a more secure method of user authentication.