A time-synchronized token generates a unique value that changes at regular intervals (for example, once a minute). A central server keeps track of the token-generated passwords in order to compare the input against the expected value. To log onto a system, users enter a one-time password that consists of their PIN followed by the unique value generated by their token. The PIN helps the central server to identify the user and the password value that should be entered. If the number entered by the user and the one generated by the server are the same, the user will be granted access to the system.
A problem that can arise with time-synchronized tokens is that the token and the central authentication server can get out of sync. If the token’s clock drifts significantly ahead of or behind the server’s clock, the authentication server may be vulnerable to a cryptographic attack.