Authentication devices typically use a secret or private key to authenticate to a verifying entity. If this key serves as the sole basis of authentication, an adversary that captures it can perfectly impersonate the device. An adversary who captures the secret or private key of an authentication device can simulate communications of the authentication device in a manner indistinguishable from communications of a valid authentication attempt originating from the authentication device. An adversary can obtain keys of an authentication device in a variety of ways, including compromising the authentication device or, in symmetric-key systems, through compromising the verifying entity.