Soft Authentication Tokens
A soft authentication token is an OTP sent to a registered number or email account or generated by an authenticator app as a means of two-step verification when authenticating account access.
- likely to use counter-based tokens
- have an expiry period
- SMS/text message and email methods are susceptible to interception
- Authenticator app is more secure
- possible that malware could compromise phone, though
Info
- Soft tokens sent via SMS or email do not really count as an ownership factor.
- These systems can be described as two-step verification rather than MFA.
- The tokens are highly vulnerable to interception.