Software token

A software token (a.k.a. soft token) is a piece of a two-factor authentication security device that may be used to authorize the use of computer services.^[1] Software tokens are stored on a general-purpose electronic device such as a desktop computer, laptop, PDA, or mobile phone and can be duplicated. (Contrast hardware tokens, where the credentials are stored on a dedicated hardware device and therefore cannot be duplicated — absent physical invasion of the device)

Because software tokens are something one does not physically possess, they are exposed to unique threats based on duplication of the underlying cryptographic material - for example, computer viruses and software attacks. Both hardware and software tokens are vulnerable to bot-based man-in-the-middle attacks, or to simple phishing attacks in which the one-time password provided by the token is solicited, and then supplied to the genuine website in a timely manner. Software tokens do have benefits: there is no physical token to carry, they do not contain batteries that will run out, and they are cheaper than hardware tokens.^[2]

^ Chung, Joaquin; Jung, Eun-Sung; Kettimuthu, Rajkumar; Rao, Nageswara S.V.; Foster, Ian T.; Clark, Russ; Owen, Henry (2018-02-01). "Advance reservation access control using software-defined networking and tokens". Future Generation Computer Systems. 79: 225–234. doi:10.1016/j.future.2017.03.010. OSTI 1394409.
^ SecurityPro News Strong Authentication Retrieved on April 3, 2007.

[1] Chung, Joaquin; Jung, Eun-Sung; Kettimuthu, Rajkumar; Rao, Nageswara S.V.; Foster, Ian T.; Clark, Russ; Owen, Henry (2018-02-01). "Advance reservation access control using software-defined networking and tokens". Future Generation Computer Systems. 79: 225–234. doi:10.1016/j.future.2017.03.010. OSTI 1394409.

[2] SecurityPro News Strong Authentication Retrieved on April 3, 2007.

[1]

[2]