A conventional authentication system includes a hardware authenticator (sometimes called a token) and an authentication server which work together to grant a token holder with login access using one-time use passwords (OTPs). Such OTPs are often referred to as OTP codes, one-time passcodes, and pseudo-random numbers, among other terms. To this end, both the token and the authentication server share a cryptographic key which is not otherwise known. The token uses this key to produce a series of OTPs. Concurrently, the authentication server carries out the same operations on its end to produce the same series of OTPs. Accordingly, at any time, the token holder is capable of providing a matching OTP from the token to the authentication server to prove that the token holder possesses the token.
A soft token is a software application which installs on a computer system. Once the soft token is properly installed, the soft token provides functionality similar to that of a conventional hardware authenticator. That is, the soft token provides a user of the computer system with the ability to offer matching OTPs and thus prove to an authentication server that the user of the computer system is in possession of the soft token.