A soft token is a software-based security token that generates a single-use login PIN.
Traditionally, a security token has been a hardware device that produces a new, secure and individual PIN for each use and displays it on a built-in LCD display. The system may activate after the user presses a button or enters an initial PIN. Security tokens are generally used in environments with higher security requirements as part of a multifactor authentication system. While the hardware-based systems are more secure, they are also costly and difficult to deploy on a large scale, as is required for online banking, for example.
Soft tokens are an attempt to replicate the security advantages of multifactor authentication, while simplifying distribution and lowering costs. A smartphone soft token app performs the same task as a hardware-based security token. Like a hardware token, a smartphone provides an easy-to-protect and easy-to-remember location for secure login information: on the device itself. Unlike a hardware token, smartphones are connected devices, which make them inherently less secure. The extent of their security largely depends on the device’s operating system and client software.