Do you use Hardware Authentication?

Do you use Hardware Authentication?

We all know two step authentication systems which are available on all modern online services and apps. These offer a higher level of security for their user which do not want to risk having their personal data and files compromised.

These systems use different methods of authentication, from the simplest ones like receiving an SMS with a code, to other applications which generate a time-based code used to access the desired service.

Even if there are so many security measures, corporations and companies prefer using other methods of securing data, where it is essential and required to hide all sensitive data under another safety layer. When looking into these, we are jumping over the classic codes over SMS, and we are looking at more physical methods used for what is known as Hardware Authentication.

What types of authentication do we have?

Before jumping into hardware authentication, it is essential to understand the different types of authentication available on the market. Now that we got past the presentation, there are three different factors on which authentication is based:

  • Based on what we know
  • Based on what we have
  • Based on what we are


Factors based on what we know

These are factors based on common knowledge, chosen by users. If we are speaking about checking the log-in with a password, a PIN, a drawn pattern or an SMS code, these methods are open to personalization from the user. They also create the simplest methods of authentication while also being the easiest to bypass. To counter the low level of security when speaking about breaking such an authentication method, developers frequently recommend using a stong password, occasional update or confirmation of recovery methods or of system access.

Factors based on what we are:

Biometric based authentication methods are at the base of this authentication factor. Them being based on the user's construction, from eyes to facial expressions and fingerprints, these are the strongest authentication methods, while also being the ones that are exposed to the biggest risk of errors.

These errors come in two different types. Type 1 errors refer to the impossibility of authentication for a real user, error which is usually found at a system level. This type focuses on the system not being able to correctly identify the characteristics of the real user who requires access.

Type 2 errors reference a failure in blocking a person who does not have the necessary permissions. This error is presumed to appear more based on the detection sensitivity of the selected biometric method. Looking at it from a neutral perspective, this has a bigger final impact, as it cannot secure data external users who should not be permitted in the system.

Factors based on what we have:

The base of hardware authentication methods, requiring a physical item to assist for successfully authenticating into a system. As they are usually used in companies, they are set up to offer fast and easy access to an employee to a system which contains critical data. Token based systems come in many forms and shapes and use different types of codes and password, from static passwords generated on the spot, all the way to asynchronous password which have a time limit.

To make them even more secure, these methods are also assisted by external factors which are usually employee dependent like an additional password or a specific PIN which is only known by the users permitted to access the system.

One of the downsides of using such a system is in the case where the authentication method should be disabled, the hardware token usually not having the possibility to reconnect to the previous system. These are set up at the beginning and if anything happens, they cannot revert to a previous version.

PROs and CONs on different hardware authentication methods

U2F Token

General info:

  • Usually in the form of a USB module which contains a key which should be plugged into the device
  • Login action is done on a custom platform and the server sends an Unlock message on the USB device
  • The USB device confirms the message and the server grants necessary access


  • No internet required
  • Ease of use


  • Not all platforms support this
  • Many companies block operations secured over USB
  • This type of devices can be used for a small, limited number of maximum different authentications
  • For a large team, they are pretty expensive, coming at around 20$ each
  • Really easy to forget them in a USB port

Contactless Token Cards


  • They do not connect to any device
  • Are not affected by a stolen SIM or access key
  • Battery life for a few years
  • No Internet access required


  • If compromised, it requires a replacement
  • If it is no longer used with a service, it cannot be used with another one
  • Multiple cards required for multiple accounts

Programable Hardware Token


  • Can be used on multiple platforms due to it being resettable
  • Advanced security, based on being invulnerable to all types of viruses and malware injection
  • Contactless
  • Reduced price


  • Max battery life of around 5 years, requiring complete change after that period
  • Big restrictions when setting up password, having multiple length, character and encoding requirements

Does your business require Infrastructure as a Service?