Security Spotlight: Security Tokens
Spend any time flipping through a good infosec textbook or certification study guide nowadays, and you’ll come to two inescapable conclusions:
- Multi-factor authentication—a system that establishes user identity by combining multiple authentication methods such as account/password with a fingerprint scan, voiceprint, Smart Card, or something similar—is much stronger and harder to break than single-factor authentication
- Security tokens make an excellent element in such a multi-factor authentication scheme.
Of course it helps to understand that a security token is a small device that individuals carry with them (often as a key fob on a keychain, or something else they always keep with them). They insert the security token into a reader while active on a computer workstation or system. They’re used in combination with a user personal identification number (a PIN is thus the second factor in the two-factor authentication scheme normally used with security tokens), so that even if somebody steals or finds a security token, they still can’t log in without also providing the correct PIN.
Security tokens generate identification codes that are synchronized with security monitors on a network. These codes are both complex and hard to guess, and they change regularly (often, at 5-minute intervals) and automatically, which makes them nearly impossible to compromise. Security tokens and readers usually add no more than $250 to the cost of computer systems (but there are also other start-up costs associated with their use), so they’re more affordable than you might guess.
For more information on security tokens, please visit Whatis.com.