A security token is a kind of electronic key that is used to gain access to restricted electronic devices, software and servers. RSA are the leading vendors of the two-factor authentication token. They are often issued by companies as a way of providing their clients and customers with an additional layer of security.
The RSA token is a physical ‘pen’ that generates a random code every 60 seconds. This code is used, along with the RSA PIN number that you choose, in order to gain authentication for access to an account or server. The RSA token offers a two-factor authentication process that consists of:
‘Something you know’ – A four digit, memorised PIN number.
‘Something you have’ – The physical token, which generates a 6 or 8 digit code every 60 seconds.
The user must enter their personal RSA token PIN number, followed by their 6-digit RSA token code, to make a 10-digit password used to gain authentication. This provides a strong defence against key loggers and those trying to gain unauthorised entry to a system. It’s another preventative technology that can help against cyberattacks.
What Are RSA Tokens Used For?
RSA tokens have many applications and uses. Companies and corporations often use them to give employees access to their networks. Companies can also use RSA tokens to secure desktop architecture, defend web portals and protect their web servers. Individual users might also want to use RSA for personal finance and to protect private accounts.
Many famous and high-profile companies use RSA tokens for extra security. PokerStars offer RSA tokens to clients to allow players to protect their real-money accounts. NASA provide RSA for two-factor authentication on their servers and computing resources.
Anywhere that a password is required for access could, in theory at least, benefit from the introduction of an RSA token, which adds the ‘something you have’ layer of security.
How Do RSA Tokens Work?
When the user is given or orders an RSA token, they register it using the serial numbers on the back and create their 4-digit PIN. Once activated, the token is linked with the software, VPN or server. The user must then enter both the PIN and the generated 6-digit code at the moment of login, along with any other passwords that they would usually use.
The 6-digit code is generated from a seed number that is unique to the individual RSA token. The token takes the seed number, along with the current elapsed time, to generate a huge number which is then hashed down to make the 6-digit code.
If the code the user enters is the same as this code, then authentication is granted. If not, the RSA system adds a minute and takes a minute away to see if the number matches recent codes. If it does, the user gains authentication. If not, the time window becomes greater (+/- 10 mins), but the user is prompted to give two consecutive codes to make sure they actually have the device.
Without knowing both the seed and the elapsed time, it is pretty much impossible to figure out or guess the number, so unauthorised login becomes very difficult. Of course, the RSA token has its vulnerabilities, but it does greatly enhance login security. It’s useful for anyone who wants to use two-factor authentication.