A Hardware Token is an Authenticator in the form of a physical object, where the user's interaction with a login system proves that the user physically possesses the object. Proving possession of the Token may involve one of several techniques:
- Reading a periodically changing pseudo-random number from the Token's display and typing it into a login prompt.
- Keying a challenge string displayed by the login system into the Token, and typing a string that the Token displays as a result back into the login system.
- Plugging the Token into the workstation, using a USB port, or some other connection (parallel or serial port, smart card slot, etc.).
Hardware Tokens authenticate users on the basis that only the Token assigned to the user could have generated the pseudo-random number or code response keyed in by the user. Successful entry of this code implies that the user is in physical possession of the Token. This implies that the user does not allow users to use his Token, and has not lost it.