What Is a Security Token?
A security token is a portable device that a computer user can use to access a network or enter a secured resource. The token displays an access code that the user can enter upon request, or it might plug directly into a system to authenticate the user's identity so that he or she can access it. Many companies produce security tokens that have a variety of features, and these tokens are available through computing suppliers and security firms. In some cases, they might be supplied by an employer.
Security tokens rely on a system known as two-factor identification. This starts with the user entering known data, such as his or her name and password. Some security tokens are biometric and might accept a fingerprint or similar unique identifier. The token then displays an access code and is capable of rapidly changing access codes for security. The user enters this code or connects the token to the system to allow it to enter the code, after which the user has access for a set period of time.
If the user's security token is taken, the thief might not know the user name and password, so he or she couldn't retrieve the unique access code. Thieves who acquire access codes often find them useless because the codes change every few minutes. An access code from the day before would not work, and in some systems would actually raise a red flag to alert security staff members about an attempted intrusion. The security token adds a layer of safety.
Some security tokens can store an array of access codes and passwords for the user. People might carry them around to have a secure storage device for this information so that no matter where they are, they can access email, private sections on work websites and other resources. If they use public computers, the security token inputs this data, and no record would be left in keystroke loggers, nor could a bystander determine someone's password by watching him or her at the keyboard.
Security tokens usually are small, and they often fit on key chains or into small pockets in purses and briefcases. Some devices also have a small amount of storage space for data and can encrypt this data for additional security. If the device is supplied by an employer, a technician usually will need to program it, and the employee must return it when he or she leaves the company. Technicians also can remotely deactivate security tokens, so employees who try to use them without authorization will be locked out of the system.
@Markerrag -- you forgot to mention that using a USB drive as a token means they are inexpensive. Also, it's worth mentioning that a lot of companies put these together and finding a good one is very simple -- just research and look for ratings.
That was a bit novel when these were somewhat rare. However, people are concerned about security and that has made a booming market for companies that sell security tokens with storage, without storage or otherwise. Finding a good company, then, is easy and tokens are inexpensive enough to be very viable for most companies.
A USB drive purposed as a security token has become a very popular way to store encrypted files. The files are added to the token, which means they aren't hanging around on a hard drive where someone might access and swipe them. This method is somewhat different from what is described in the article, but it does show the flexibility of these things.
Post your comments