top of page

Hard Token Implementation

Become a member to view the rest of the video:

Hard Token Implementation

Look Up Secret Token

  • Consists of a claimant and a verifier

  • Uses grid-cards which consists of rows and columns

  • Both the claimant and the verifier have the same grid-card

  • How it works:

  • Claimant wants to access a remote site

  • The verifier sends a challenge in the form of the grid coordinates

  • Claimant sends back the code locations from the coordinates

  • If verifier asks for locations G9, A6, F7, claimant has to send back the codes 1Z, K9, P4

Vulnerabilities: Grid-card can be stolen, grid-card can be photographed

Out-of-Band Token

  • Authentication that can take place outside of the Internet i.e. phones

  • If you have 2-factor authentication with your bank, you use an out-of-band token when a code is sent to your phone

  • How it works:

  • First you enter a password (something you know)

  • Then your bank sends a code to your phone (something you have)

  • You enter this code into the bank's website and proceed to access your account

Vulnerabilities: Key loggers, call re-routing or call-forwarding, turning off 2-factor authentication

One-Time Password Device

  • A device in your possession that can generate a one-time passcode

  • Client's one-time password device can be synchronized to the server

  • How it works:

  • ​Client wants to access a system remotely

  • System presents a prompt for a one-time passcode

  • Client generates a one-time passcode and enters it to login

Vulnerabilities: Token can be stolen or copied (highly unlikely)

Cryptographic Device

  • Dedicated device which may contain private keys to calculate crypto operations

  • Commonly used with government employees and systems

Vulnerabilities: N/A


bottom of page