Authentication: Something One Has
Remember there is a trade-off with password ease-of-memorization vs. strength? We have a trade-off with physical tokens, too:
- The user needs to carry the token at all times.
- If the token is stolen or lost, the user will not be able to authenticate until the token is replaced with a new one.
As such, an alternative to using hardware tokens (= 'hard tokens') is using software tokens (= 'soft tokens'), which are phone applications that perform the same exact actions as hard token (but can be conveniently downloaded from the app store!)
Examples of soft tokens: the soft token version of RSA SecureID (links: Google Play Store | Apple App Store), the Google Authenticator app (links: Google Play Store | Apple App Store), and the Microsoft Authenticator app (which you can use to log into your College Outlook email account!) (links: Google Play Store | Apple App Store)
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.