Tokens are used to generate one-time passcodes (OTPs) that enable users to securely login to or authenticate to remote servers. Remote authentication servers and tokens are both configured to be able to generate time-based OTPs that are cryptographically based on the current time as well as a secret seed to which both the token and the remote server have access.
Some tokens are configured to expire after a certain amount of time unless they are renewed. In order to renew the token, the user of the token speaks to an administrator of a remote server so that the administrator can verify the user's identity. Upon such verification, the administrator will allow the token to be renewed with a new secret seed. This expiration and renewal process prevents thieves who steal tokens from being able to have unlimited access to the remote servers because the thief will generally not be able to renew a token once the token expires.