Hardware Token
What is Hardware Token?
Hardware TokenPhysical device that stores cryptographic secrets and performs authentication operations, used as a possession factor in multi-factor authentication.
A hardware token is a tamper-resistant physical device that generates or holds credentials used to prove identity. Examples include FIDO2 security keys (YubiKey, Titan Key, SoloKey), OATH TOTP/HOTP fobs (RSA SecurID), PIV/CAC smartcards, and chip-based EMV payment cards. Hardware tokens are stronger than passwords and TOTP apps because the private key never leaves the device, the device is bound to a physical user, and modern FIDO2 keys bind authentication to the origin to defeat phishing. Risks include loss, theft, supply-chain compromise, and side-channel attacks on poorly designed devices; lifecycle and revocation processes are essential.
● Examples
- 01
Issuing FIDO2 hardware tokens to all administrators to meet phishing-resistant MFA requirements.
- 02
Using a PIV smartcard plus PIN for federal-government login per HSPD-12 and NIST 800-157.
● Frequently asked questions
What is Hardware Token?
Physical device that stores cryptographic secrets and performs authentication operations, used as a possession factor in multi-factor authentication. It belongs to the Cryptography category of cybersecurity.
What does Hardware Token mean?
Physical device that stores cryptographic secrets and performs authentication operations, used as a possession factor in multi-factor authentication.
How does Hardware Token work?
A hardware token is a tamper-resistant physical device that generates or holds credentials used to prove identity. Examples include FIDO2 security keys (YubiKey, Titan Key, SoloKey), OATH TOTP/HOTP fobs (RSA SecurID), PIV/CAC smartcards, and chip-based EMV payment cards. Hardware tokens are stronger than passwords and TOTP apps because the private key never leaves the device, the device is bound to a physical user, and modern FIDO2 keys bind authentication to the origin to defeat phishing. Risks include loss, theft, supply-chain compromise, and side-channel attacks on poorly designed devices; lifecycle and revocation processes are essential.
How do you defend against Hardware Token?
Defences for Hardware Token typically combine technical controls and operational practices, as detailed in the full definition above.
● Related terms
- cryptography№ 1260
YubiKey
Family of hardware security keys from Yubico that implement FIDO2, WebAuthn, U2F, PIV smartcard, OpenPGP, and OTP for phishing-resistant authentication.
- identity-access№ 414
FIDO2
An open authentication standard from the FIDO Alliance combining WebAuthn (browser API) and CTAP (authenticator protocol) to enable phishing-resistant, passwordless sign-in.
- identity-access№ 708
Multi-Factor Authentication (MFA)
An authentication method that requires two or more independent factors — typically from different categories — before granting access.
- cryptography№ 1178
Trusted Platform Module (TPM)
Standards-based security chip soldered to a mainboard or implemented in firmware that provides hardware-rooted key storage, attestation, and measured boot.
- cryptography№ 461
Hardware Security Module (HSM)
Tamper-resistant hardware appliance that generates, stores, and uses cryptographic keys without ever exposing the raw key material to the operating system.
- identity-access№ 1185
U2F (Universal 2nd Factor)
An open authentication standard from the FIDO Alliance that adds a hardware second factor to passwords using a USB, NFC, or Bluetooth security key.
● See also
- № 981Secure Boot