Security Token

A security token is a physical or digital device used as part of multi-factor authentication. Physical tokens include hardware devices that generate one-time codes (like RSA tokens or YubiKeys), while software tokens include authenticator apps on smartphones that generate time-based codes. The token provides 'something you have' as a second authentication factor.

Hardware security tokens provide stronger protection than SMS-based codes because they can't be intercepted through SIM swapping or phone compromise. FIDO2 security keys (like YubiKeys) provide the strongest token-based authentication, resistant to phishing attacks.

Why It Matters

Security tokens support CMMC's MFA requirements. Choosing the right type of token — hardware keys for highest security, authenticator apps for broader deployment — helps you balance security strength with usability for your organization.