Anyone using hard tokens/hardware-based MFA? What's your experience?
Sort by:
Same as many others, have had the horrific experience of having to support RSA key fobs and then transitioned to a combination of Yubico's YubiKey for hardware-based MFA and Duo for Enterprise wide software-based MFA
We first tried key-fob hardware tokens about 10+ years ago. Technically worked. Then there was a famous breach where the algorithm was compromised and we dropped them. More recently we offered it via software installed on phone or tablet. Our employees rejected the software on any BYOD devices. (Long back story on that) It seems to work reasonably well for those with Corporate owned cell phones, as long as they don't forget them at home. That does occasionally happen, and that creates a lot of grief at IT and the Service Desk. I personally believe 2-Factor should be with password and Biometric, either face or thumbprint. It needs to be something you can't forget to bring with you if you are implementing this across a large and diverse workforce. If you are doing MFA but just for your key IT people, or for very special critical employees with access to critically sensitive data, the latest Token/Hardware solutions may serve you well.
Very hard to manage with lost token and synchronisation issues, plus battery life isn't that great
Ex user of hard token but very much like software token now with mobile apps.
Not the best solution, there is nothing you can do if you forget your token at home, battery runs out after 1-2 years so you would need to order a replacement. total cost of solution is huge compared to soft tokens.
in my opinion, hard tokens will fade our soon.