Authentication: Something One Has
The RSA SecureID hardware token works as follows:
- The device features a display of 6-digit long numbers.
- Every 60 seconds, the device generates a distinct, unpredictable number. That is, the number of the screen changes every minute.
- The user is asked to enter the current number displayed on the token into the authentication application (e.g., the login page of a website.)
Each RSA SecureID token is paired with a single user: the token information is linked with the user's account/details so that, whenever the user is asked to be authenticated, the system would know what number to expect at any moment.
An RSA SecureID token belongs to the authentication category of "something that one has" because the user must have a physical possession of this token to successfully authenticate.
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.