Tokens generating one-time dynamic passwords have been and continue to be a popular choice for strong authentication because they are secure, reliable, and easy to use. One-time dynamic passwords work with most applications and are quite deployable because they do not need hardware readers. For these reasons, tokens are used by many corporations today. Another popular kind of token is the event-synchronous type.

RSA SecurID, ActivCard, CryptoCard, and Secure Computing’s SafeWord are all tokens placing in the time-dependent password category. These devices all generate one-time dynamic passwords that are short enough for one person to easily enter into a system. Although the one-time password can be automatically entered for a user, it usually consists of eight or fewer characters, easily entered by hand. All tokens work by taking an input value, encrypting it with an algorithm, and displaying the result as a one-time dynamic password. The encryption process uses a secret key within each token as part of the process to generate the password. The secret keys are assigned to particular users—thus tying them to a specific token.