Picture this scenario: you left your apartment for a business trip, and are sitting on the plane ready to take off when you realize you are missing something. You rummage through your carryon bag, when it hits you: you have left your hardware security token sitting on top of your bureau. How are you going to log into your bank account to access your information?
In today’s world, we are forced to carry a lot of different identities around with us at all times. From bank-to investment-to insurance accounts, each separate identity mandates its own set of authentication requirements. In order to securely access these accounts, security tokens are required.
Traditional hardware tokens are devices that look similar to a flash drive. The problem, however, is the same issue that is forcing just about every tangible object short of food to go digital these days. They are bulky. They break. They get lost, and stolen. Additionally, they are expensive, and require lengthy ship times from a factory. Basically, there are many hidden costs and barriers preventing a smooth user experience when using a hardware token.
Digitally based software tokens, however, avoid these issues. While digital software tokens can be deployed onto a desktop computer, they really come in handy when implemented onto a mobile device. This allows a user to carry around multiple identities at all times, without the bulk and hassle of having four or five different devices on them.
Mobile devices also offer additional security features. Part of the reason why mobile security has a leg up on its hardware counterpart is that the token’s seed file, which is a onetime password token file, is stored locally on the mobile device inside of a secure sandbox. This makes it impervious to malware, and it is not accessible through shared data or applications. In a hard token, however, the location of a seed file is questionable. If not properly deleted, someone who cracks a system might gain easy access to it.
While you might not be aware that you lost your hardware token until days after the incident, you rarely question the whereabouts of your phone—because it is almost always on you. In an increasingly digital world, a mobile, software token presents a smart solution to digital security.