A security token is a portable device that a computer user can use to access a network or enter a secured resource. The token displays an access code that the user can enter upon request, or it might plug directly into a system to authenticate the user's identity so that he or she can access it. Many companies produce security tokens that have a variety of features, and these tokens are available through computing suppliers and security firms. In some cases, they might be supplied by an employer.
Security tokens rely on a system known as two-factor identification. This starts with the user entering known data, such as his or her name and password. Some security tokens are biometric and might accept a fingerprint or similar unique identifier. The token then displays an access code and is capable of rapidly changing access codes for security. The user enters this code or connects the token to the system to allow it to enter the code, after which the user has access for a set period of time.
If the user's security token is taken, the thief might not know the user name and password, so he or she couldn't retrieve the unique access code. Thieves who acquire access codes often find them useless because the codes change every few minutes. An access code from the day before would not work, and in some systems would actually raise a red flag to alert security staff members about an attempted intrusion. The security token adds a layer of safety.
Some security tokens can store an array of access codes and passwords for the user. People might carry them around to have a secure storage device for this information so that no matter where they are, they can access email, private sections on work websites and other resources. If they use public computers, the security token inputs this data, and no record would be left in keystroke loggers, nor could a bystander determine someone's password by watching him or her at the keyboard.
Security tokens usually are small, and they often fit on key chains or into small pockets in purses and briefcases. Some devices also have a small amount of storage space for data and can encrypt this data for additional security. If the device is supplied by an employer, a technician usually will need to program it, and the employee must return it when he or she leaves the company. Technicians also can remotely deactivate security tokens, so employees who try to use them without authorization will be locked out of the system.