A hardware token is a portable security device used for authenticating into a system. Examples of hardware tokens include electronic key fobs, OTP tokens, or USB flash drives.

Benefits of Hardware Tokens

Hardware tokens for 2FA increases the security posture of the organization as a whole, but does not address the need to reduce usability inefficiencies among end users. Hardware tokens for logging in reduces password resets and forgotten passwords.

Any attempt to reduce your attack surface must involve building additional security controls around privileged access. The National Institute of Standards and Technology (NIST) recommends implementing multifactor tokens as an additional layer of security, particularly for senior executives and system administrators. This reduces the chance that attackers who got access to legitimate credentials can reuse them and successfully impersonate privileged users. Multi-factor controls are highly effective as demonstrated by Microsoft - their studies show that 99% of automated password attacks were stopped by using multifactor authentication.

A simple and highly effective solution to implement these defenses and enhance security involves proximity tokens for multifactor authentication. To authenticate successfully, two authentication elements are required: something you know, such as a password, and something you have; a hardware token. Access is only granted when both elements are present. If an attacker steals an administrator’s credentials, they will be unable to gain access to your systems without the token being present. The software can automatically lock a computer when the user walks away with their hardware token. This additional layer of security provides further reduces the risks of a security incident.

A study by Google and several universities compared account takeover (ATO) prevention rates between different methods of defense. The study showed that only users that used security tokens for 2FA had a 100% prevention rate against multiple account takeover methods including automated bots, bulk phishing attacks, and targeted attacks. Localized hardware tokens for 2FA also minimizes the attack vector to physically in front of the computer. Protected buildings, gates, locked doors, and physical access control also contribute to the overall cyber security posture.

Provisioning and deprovisioning passwords for users are also simplified by using hardware tokens. For use cases where an administrator needs to share passwords with a user, a few simple steps in the administration portal can help accomplish this.

When employees depart, instead of trying to figure out every single account that a user has access to, proximity tokens can help automate workflow to reset or deprovision multiple account passwords instantly. This allows to reduce administrative burden associated with employee turnover, reduce errors, and save time.

Adoption of hardware tokens can greatly enhance the security of your environment by simplifying authentication (2FA) beyond what other methods can achieve. Flexibility for administrators and users alike make it a perfect addition to a well-thought security defense-in-depth strategy.