Token authentication

How your Token authentication works

Token authentication works on the basis of a 2-factor method or a FIDO token. The main difference is that 2-factor token authentication uses static codes or passwords, while FIDO token authentication uses asymmetric cryptography.

The security mechanism of the 2-factor method uses 2 different factors for identity verification. Typically, these are a specially created password and a token PIN. Accordingly, you enter your username and password to log in. The service checks to confirm your identity. If this 1st factor is successfully confirmed, the token verification kicks in. The service verifies your token (e.g. unique PIN code), which is based on a time-based algorithm and is updated regularly. Upon confirmation of the correctly entered Token PIN, you will be granted access to your protected digital content.

In contrast, FIDO token authentication uses different technologies and security mechanisms. While 2-factor token authentication usually relies on OTPs or other static codes, FIDO token authentication relies on asymmetric cryptography and public-private key pairs. Asymmetric cryptography, also known as public key cryptography, is based on a pair of mathematically linked keys: a public key and a private key. Unlike symmetric cryptography (which uses the same key for both encryption and decryption), asymmetric cryptography uses different keys for different tasks.

Revolution in Token authentication

The first “security token” or “hardware token” authentications were developed as early as the 1980s. In recent decades, government agencies and banks in particular, have taken advantage of the increased security measures in their IT environments. Today, many commercial enterprises and government organizations also secure themselves use token authentication.

The increased security measures are a result of the growing number of hacker attacks on corporate and organizational networks. In 2021 alone, 124,137 cybercrimes will be recorded by the police in Germany (source: Statista). In particular, companies and organizations have problems with ransomware. Ransomware is malicious software, also known as malware, that is designed to block or encrypt data and systems. As a result, ransomware extorts money from affected companies and organizations to restore access. Typically, ransomware enters the system through infected email attachments, malicious links, drive-by downloads, or software vulnerabilities. Once activated, the ransomware begins encrypting files or even the entire IT system. The ransom demand usually appears as a pop-up or text file. The ransom is often demanded in cryptocurrency to avoid detection.

With token authentication, you can provide an effective barrier against crimes such as ransomware at a very reasonable cost and without much additional implementation to the existing IT infrastructure. Several types of tokens are available.

Token authentication types

Use 4 types of tokens for authentication: TOTP, HOPT, QR Token, and FIDO Token.

• TOTP
  TOTP stands for Time-based One-Time Password. This hardware token uses various algorithms to generate a time-based code that can only be used once. Available as a key fob, card or QR device, it protects your digital systems.
• HOTP
  The abbreviation HOTP stands for HMAC-based One-Time Password. It is a cryptographic algorithm. Like TOTP, this token secures your systems with a uniquely generated code. Protect your access with your HOTP key fob, card or QR device.
• QR Code Token
  QR codes provide the same protection as TOTP or HOPT. Since QR codes have become very popular, many users are using this form of secure encryption, especially for payment transactions.
• FIDO
  Fast Identity Online – this is the FIDO token. The FIDO protocol uses public key authentication. A token action is used to create a signature that is verified by the server. No information is transmitted during this process. It is therefore considered to be very secure.

Advantages and disadvantages of Token authentication

Token authentications has significant advantages and few disadvantages.

Benefits of token authentication

• extremely high level of security
• great risk reduction by changing pins (every 30-60s)
• Algorithm-driven process
• no risk in case of token loss
• process multiple users simultaneously
• flexibility with different token types
• extra high security with FIDO tokens

Disadvantages of token authentication

• trust in employees is required
• Token batteries with limited life (3-5 years)
• repeated entry of a new token PIN in case of loss or excessive delay

Token authentication with PCP

Secure your IT systems with the authentication mechanisms of our tokens. Choose a token type that fits your needs. Have questions about the right token authentication? For increased security against cyber-attacks, please contact us and we will be happy to help you choose the right token type that is easy to implement and applicable to a wide range of applications.