More and more, access to computer networks, web sites and the like is controlled by some type of security procedure. User names and passwords are commonly required for access to sensitive information at web sites. This provides a level of security, but can be breached by several relatively easy means, such as observance of a user or interception of the login signals as they are transmitted over the network or internet.
Token-based security is used typically for employee access to private networks. A token is a non-predictable code derived from both private and public information. The code is unique for each use. Thus, observation or interception of a token code is useless to the party intercepting the code, because by definition the code will not be used a second time. However, anyone who possesses the token generating software or device, by definition has access to the token codes. Thus, token-based security is dependent on possession of or access to software or a token-generating device, and so this security can be fairly easily breached.