Definitions Edit

A token (also referred to as an electronic token, security token, hardware token, hard token, authentication token, cryptographic token, access token, or key fob) is

[s]omething that the claimant possesses and controls (typically a key or password) used to authenticate the claimant's identity.[1]
[a] data structure that contains authorization information for a user or group. A system uses an access token to control access to securable objects and to control the ability of a user to perform various system-related operations on a local computer.[2]

Overview Edit

It may be a physical device or software that an authorized user of computer services is given to assist in authentication.

Tokens are used to prove one's identity electronically (as in the case of a customer trying to access their bank account). The token is used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something.

Token threats Edit

If an attacker can gain control of a token, they will be able to masquerade as the token's owner. Threats to tokens can be categorized into attacks on the three factors:

Mitigating threats Edit

There are several complementary strategies to mitigate these threats:

References Edit

  1. NIST Special Publication 800-63.
  2. Cyber Security Combined Glossary Project, at 7.
  3. Id.
  4. Id.

See also Edit

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.