Become a member to view the rest of the video: https://www.studynotesandtheory.com/signup
Hard Token Implementation
Look Up Secret Token
Consists of a claimant and a verifier
Uses grid-cards which consists of rows and columns
Both the claimant and the verifier have the same grid-card
How it works:
Claimant wants to access a remote site
The verifier sends a challenge in the form of the grid coordinates
Claimant sends back the code locations from the coordinates
If verifier asks for locations G9, A6, F7, claimant has to send back the codes 1Z, K9, P4
Vulnerabilities: Grid-card can be stolen, grid-card can be photographed
Out-of-Band Token
Authentication that can take place outside of the Internet i.e. phones
If you have 2-factor authentication with your bank, you use an out-of-band token when a code is sent to your phone
How it works:
First you enter a password (something you know)
Then your bank sends a code to your phone (something you have)
You enter this code into the bank's website and proceed to access your account
Vulnerabilities: Key loggers, call re-routing or call-forwarding, turning off 2-factor authentication
One-Time Password Device
A device in your possession that can generate a one-time passcode
Client's one-time password device can be synchronized to the server
How it works:
Client wants to access a system remotely
System presents a prompt for a one-time passcode
Client generates a one-time passcode and enters it to login
Vulnerabilities: Token can be stolen or copied (highly unlikely)
Cryptographic Device
Dedicated device which may contain private keys to calculate crypto operations
Commonly used with government employees and systems
Vulnerabilities: N/A