An authentication token is a physical device which outputs a series of passcodes (e.g., one-time use passcodes or OTPs) for use by a user to authenticate with an authentication server. The authentication token generates each passcode based on a token seed (or secret). To properly authenticate, the user provides a current passcode from the authentication token to an authentication server. If the authentication server matches the current passcode to an expected passcode for that user, authentication is deemed successful. If the current passcode does not match the expected passcode, authentication is deemed unsuccessful.
One conventional way to form an authentication token is to install new authentication software on a smart device such as a personal computer, a tablet or a smart phone and then provision the smart device with the token seed. When the smart device runs the authentication software with the provisioned token seed, the smart device operates as an authentication token. Typically, to equip the smart device with the token seed, a human authentication expert (i.e., an Authentication Service administrator) participates in deployment of the token seed within the smart device to ensure that the process is performed securely and successfully.