Don't Login on Untrusted Computers
You Are a Target
Never Give Your Password Over the Phone

powered by zFeeder

Security Tokens

Type: activity threat prevention security

Security tokens are a method of introducing further authentication to gain access to a computer or network. Swipe cards and biometrics are physical methods of increasing authentication security but security tokens can be used for access to computers. This makes authentication more difficult than simply entering a password as security tokens introduce another element into the authentication procedure.

Security tokens can vary from software, which uses certificates and/or shared secret questions to add a further authentication step, to hardware which implements the use of a physical device in order to authenticate and identify the user. Hardware tokens are considered more secure as software is vulnerable to software attacks, errors or corruption.

Hardware tokens can consist of smart cards, key chain devices; code input devices, USB devices and other types of hardware that can be carried around easily. USB devices are particularly popular as they do not need a special interface with computers as all modern computers have USB sockets easily available. USB devices are small and often capable of acting as data storage devices as well.

USB security tokens function in the same way as most other hardware tokens, the token is interfaced with the computer and a password, that is associated with the hardware token, is entered into the computer. This is known as multi authentication and is more secure because gaining access to the computer requires not only the password but also the specific hardware token that is associated with that password.

Double Password

Double Password is an example of a cheap endpoint control application; it can be used for a 2 week trial and then purchased for a relatively cheap price. Double password can be used to place a key on USB devices which essentially turns them into hardware tokens, without an associated USB device access to the computer cannot be accomplished. When using software such as Double Password, the administrator should use an emergency USB device to be configured so that it can be used to access any desktop. This will be useful if the administrator needs to gain access without the users assistance or if the userís USB device is lost, stolen or damaged.

Although hardware tokens are a dramatic improvement over single factor authentication, they have a number of disadvantages when compared to biometrics. Hardware devices can be lost, damaged or stolen; this can cause accessibility or security problems for the network. Also hardware tokens require extra expense and maintenance compared with simple password authentication. Biometric authentication is unique to an individual rather than a device which means it cannot be lost, damaged or stolen. Also biometrics once installed is relatively low maintenance and cost when compared with hardware tokens that require more devices for additional users and replacement devices for lost, damaged or stolen devices.

Multi authentication is the introduction of extra validation steps in order to make impersonation of users or authentication security breaches more unlikely. The different methods of authentication are categorised into something an individual knows i.e. password, something an individual is i.e. biometrics and something an individual has i.e. hardware token. The authentication security increases dramatically when two of these methods are combined, when all three are combined authentication security is maximised and it is unlikely to be successfully breached.