With the enhancement and the enrichment of Internet and World Wide Web, more and more services offer online facilities for using their services more conveniently. All of these online services used authentication procedures to make sure only the authenticated persons use their services. This is more critical when it comes to services related to finance, personal information and law where sensitivity of the information matters the most.

But with increasing number of hacking attacks, software professionals were forced to find more reliable and fool-proof mechanisms for user authentication. There have been so many introductions to the world of cryptography to answer this very issue including the concept called Security Tokens. Let’s have a look at Security Tokens to understand how it really works.

In this article, we are not trying to explain the security token of all categories. There are a number of security token categories but let’s try to understand the basics. Let’s consider a scenario of you wanting to make an online payment by logging in to your bank account online. Usually you go to the bank’s website and enter the username and the password and then you are conveniently logged in to the website to carry out your transaction. Ok, what if someone steals your user name and the password? They both are just words right? So, someone can simply steal it using their own methods. Security tokens can be an ideal solution for such a situation.

When you login with a Security Token, after entering your user name and the password, you are supposed to enter another input. This maybe a number or a string made of characters and numbers. This string is dynamically generated by your security token and will be valid only for a very short period of time. The website accepts only the correct string generated by the security token generated at that moment dynamically. So for someone to gain access to an account which is secured with a security token will have to have user name, password and the security token. Although stealing the first two is relatively easy for a remote hacker, stealing the physical security token is impossible. This makes your website login more secure!