What is a Hardware Token? Hard Tokens vs. Soft Tokens

February 17, 2021

Passwords are flawed, and nowadays, obsolete methods of authentication. For this reason, cybersecurity companies have developed more sophisticated authentication methods for ensuring enhanced user security. The most notable examples are hardware tokens, dedicated portable devices that authenticate the user’s identity and prevent unauthorized access.

Hardware tokens have been the top security standard in the industry for decades. But, in the past few years, they have been challenged by another means of authentication, software tokens. These tokens are stored on general-purpose devices, eliminating the need for dedicated hardware.

On this page, we’ll take a closer look at the forms and types of hardware tokens and how each type works. In the end, we’ll also compare hard tokens and soft tokens to help you decide which authentication method is the better choice for you.

What is a Hardware Token?

Before we move on to the more in-depth and complex topics, we should first understand what a hardware token is. In simple terms, a hardware token (also known as a security or authentication token) is a small physical device that you use to authorize your access to a specific network.

Its purpose is to provide an extra security layer by ensuring two-factor authentication. As the token owner, you connect the hard token to the system you want to enter to get access to its service.

Forms and Types of Hardware Tokens

Hardware tokens are created with customization and user experience in mind. For this reason, they can come in many forms, most commonly as USB tokens, key fobs, and wireless Bluetooth tokens. Also, there are three main types of hardware tokens. Let’s take a closer look at each:

Connected Tokens - In order to access the system with a connected token, you must physically tie it to the system. The way this works is that you slide your hardware security token into a reader. When you do so, your token device automatically pushes relevant authentication information to the system. Common examples of connected tokens include key fobs and USB tokens such as Yubikey.
Disconnected Tokens - Unlike connected tokes, disconnected ones don’t require you to physically insert a hardware security token into the system when you want to access it. Instead, you need to set up your device to generate a one-time access code. The most common example of a disconnected token is a phone you set up as a two-factor authentication device.
Contactless Tokens - With contactless tokens, you don’t need to connect to a device or enter any access codes. Instead, contactless devices connect with the system wirelessly. Based on the connection’s credentials, the system either grants or denies access. The most noteworthy examples of contactless tokens are Bluetooth tokens and wireless keychains like Hideez Key.

How Do Hardware Tokens Work?

Knowing the types and forms of hardware tokens, we can better understand how hardware tokens work. To make a simple hardware token example, let’s say that you use your mobile device as your hardware security token.

When accessing a system, you first enter a secure and unique password you’ve memorized. After you’ve input your login credentials, the system will prompt you for additional verification by sending a message to your mobile device. You must enter the password or code sent to you via message, or your access attempt is denied.

At first glance, such a login system looks like the classic authentication and authorization system credit card users have implemented for years. You simply enter your credentials to get access. But, the added layer of protection comes from the hard token authentication step, for which you need some tool to complete. Just memorizing your PIN or password isn’t enough in a hardware token-based authentication system.

Hard Tokens vs. Soft Tokens

When discussing hard tokens vs. soft tokens, the most apparent difference between the two is discernible even for those with a basic understanding of how these authentication methods work. A hardware token is a physical device you must have in your possession. A software token is a virtual tool you have on your device. Essentially, both work in the same principle when accessing a system, with this one, significant difference. To help you choose which one is better for you, we want to discuss some pros and cons of both.

Hard Tokens Pros and Cons

In most parts of the world, hardware tokens are still considered the standard for every user who wants to increase their security with multi-factor authentication. They are much more secure than simple passwords and, as long as you have hardware tokens for authentication by your side, you can be worry-free that only you can access the system by using your unique credentials.

With this in mind, we should also mention that hard tokens suffer from a list of inherent and unavoidable limitations. Since they are physical devices, they can get lost or stolen, though in most cases you can easily unlink your hardware device from your accounts and prevent unauthorized use. Another significant drawback is that hard tokens are challenging to use for businesses with employees in different geographical locations.

Soft Tokens Pros and Cons

Although hardware token authentication is still the prevalent form of two-factor authentication, soft tokens are also becoming more popular for a number of reasons. They can be distributed to any user regardless of location, and can be automatically updated any time you want to. Plus, the incremental costs for each additional soft token are negligible compared to costs of hardware tokens.

Of course, like hardware security tokens, soft tokens also come with a unique set of disadvantages you need to be aware of before you start using them. The most significant drawback of soft tokens is that they potentially represent a single point of failure. If a hacker uses the stolen mobile phone to make a transaction, receiving the authentication through a text message on the same device will only make his attack easier. By the way, we explained why a separate wearable device is more secure than a smartphone in one of our previous articles.

To sum up this page, we want to highlight that using security tokens to enhance your security is paramount nowadays. Despite some of their drawbacks, both soft tokens and hard tokens are still precious authentication tools and should be incorporated as security measures. That said, the latter, while a bit more impractical, is the better option.

Hideez Key 4 is the most effective option which ensures both convenience and protection thanks to a unique set of features:

Password-based Digital Access - This feature of the Hideez Key provides for a great user experience across the board. You can use the key to lock or unlock your Windows 10 PC by proximity, generate new compex passwords and one-time passwords for two-factor authentication. Moreover, you can store up to 1,000 logins and passwords from your existing accounts and ensure their secure autofill. This also includes password-protected local folders, PDF, Word, ZIP files, and any other documents you want to keep safe.
Passwordless Access - The device also supports FIDO U2F and FIDO2, the two open authentication standards aimed at reducing the world’s over-reliance on passwords. It means that the Hideez Key can be used for passwordless authentication and 2FA on FIDO-supported browsers and platforms (Google and Microsoft services, Facebook, Twitter, Dropbox, Azure AD, etc.), the number of which is growing steadily. The Hideez Key wirelessly supports FIDO authentication on Windows 10 and Android 8+ devices via Bluetooth Low Energy (BLE) technology.
Proximity logon - A built-in proximity lock will protect your computer every time your walk away. Using the Hideez Key, you can automatically lock and unlock your Windows workstation based on the Bluetooth strength between the key and your PC. You can tailor and customize how you want to lock it by adjusting preferable proximity thresholds and choosing the unlocking method.
Physical Access - Besides digital access, the Hideez Key also provides convenient physical access. A built-in RFID tag can be pre-programmed to open any RFID door lock at office buildings, data centers, factories, etc., thus replacing a smart card.
Strengthened Protection - The Hideez Key provides enhanced protection against both phishing and pharming, as well as all other password-related attacks. Plus, unlike most other password managers, the Hideez Key doesn’t send any credentials into the cloud or to any third parties.

If you are looking for a universal security solution, Hideez Key is a perfect choice with various use cases going far beyond the capabilities of conventional hardware security tokens. What’s more, we’ve prepared a special deal for everyone reading this page. You can use the promo code “TRYHIDEEZ” at the checkout to knock off an additional 10% off of your first purchase! And as for business owners, our experts can help you take a closer look at modern authentication methods and find a personalized identity and management solution for your organization.

Hideez SAML Identity Provider for CyberArk PVWA
CyberArk is a publicly traded information security company offering Privileged Account Security. CyberArk delivers th...
Hideez Key for CyberArk | Authentication Integration
Stolen credentials are used to commit fraud on an enormous scale through Account Takeover (ATO) or credential stuffin...
Hideez Last Mile Authentication Solution Now Available on the CyberArk Marketplace
Hideez is excited to announce the availability of a Hideez Key integration with CyberArk that provides an added layer...
How to Recover a Forgotten Password on Facebook
On its own, forgetting your Facebook password is frustrating. But when you realize that you might also require your...