Skip to main content


Home Soft token

Soft token

(also software token)

Soft token definition

A software token, often called a soft token, is a security tool in the form of an app on devices like phones or computers. It's used to authenticate a user when they're trying to access secure systems like their work network or bank account online. Unlike physical security keys like key fobs, soft tokens reside on the user's electronic devices.

See also: security token, authentication server, two-factor authentication

How soft tokens work

  1. 1.The user installs the soft token application on their device. This app is usually provided by the entity that needs to check their identity, such as a bank or employer. During the installation or activation of the app, a secure link is set up between the token and the user's account.
  2. 2.The soft token generates a passcode, often a one-time password (OTP). This code can change either after a certain amount of time or with each authentication request.
  3. 3.When the user tries to access a secure service or app, they have to enter the passcode from their software token. The authentication server then verifies the passcode, along with other info like a username or PIN.
  4. 4.If the passcode is correct and matches the server’s expectations, the user can access the system. Otherwise, they can't.

Uses of soft tokens

  • Secure logins. Soft tokens are used for securing logins to networks, systems, and online services. They're particularly relevant in corporate networks or banking applications, where security is key.
  • Two-factor authentication (2FA). Soft tokens are a key component in 2FA processes, adding an extra layer of security. A user needs both something they have (the code from the token) and something they know (a password).
  • Remote access. Soft tokens help people working from home or elsewhere outside the office to safely access work resources.
  • Transaction authorization. In banking, soft tokens are used to authorize transactions, helping prevent fraud.