Definition
Hardware Authentication Token
A hardware authentication token is a physical device used as an authentication factor. It stores cryptographic secrets or generates authentication codes within tamper-resistant hardware.
Types
Disconnected Token
Authentication data is shown on an integrated display. The user reads the code and enters it manually.
Usable as OTP generators.
Connected Token
Must be physically connected to the user’s device via USB, NFC, Bluetooth, or a dedicated card reader.
Can be used as OTP generators or for challenge-response authentication. Web browsers can use them for online authentication via the WebAuthn API.
Advantages and Disadvantages
| Advantages | Disadvantages |
|---|---|
| No need to remember authentication information if used as the sole factor. | Must be carried at all times. |
| Limits the effect of password reuse when used for multi-factor authentication. | Relatively expensive (up to 30–50 EUR depending on type). |
| Complete loss of security if the device is lost or stolen — unless multi-factor authentication is enforced. |