// THREAT DETECTION AND DATA PRIVACY TERM
Token
In cybersecurity, a token is a digital or physical item used to verify someone's identity or grant them access to protected systems or information. It often acts as a temporary key after successful login.
TECHNICAL DEFINITION
A cybersecurity token functions as a cryptographic credential, either a digital object (e.g., JSON Web Token, OAuth access token) or a physical device (e.g., FIDO key, smart card), issued post-authentication to establish identity, authorize access to resources, or represent specific permissions within secure architectures, crucial for identity and access management (IAM) and API security.
BACKGROUND
The Cybersecurity and Infrastructure Security Agency (CISA), headquartered in Arlington, Virginia, is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Access Token
- Authentication Token
- Security Token
- Bearer Token
- Hardware Token
- Soft Token
- Digital Credential
USAGE NOTE
Tokens are critical components in modern authentication flows, including multi-factor authentication (MFA) and API authorization, enabling secure, stateless access control.
DEVELOPERS
Organizations developing technology related to Token.
A cybersecurity firm known for its SecurID tokens, which provide strong authentication for users accessing sensitive information and systems, crucial for multi-factor authentication.
Developer of the YubiKey, a hardware security key that serves as a physical token for strong two-factor and multi-factor authentication, supporting various protocols like FIDO2, WebAuthn, and OTP.
Provides identity and access management solutions that rely heavily on security tokens (e.g., OAuth, SAML, JWT) for secure authentication, authorization, and single sign-on across enterprise applications.
A global leader in digital security, producing secure smart cards, identity tokens, and secure hardware modules used for strong authentication, data protection, and secure access across various sectors including defense.
Develops a wide range of secure identity solutions, including smart cards, mobile credentials, and physical access control tokens, used for strong authentication and secure access in physical and digital environments.
Offers cloud-based multi-factor authentication (MFA) solutions that leverage various token types, including software tokens and push notifications, to secure access to applications and data for enterprises and government.
Develops enterprise identity solutions like Azure Active Directory, which extensively use security tokens (e.g., OAuth 2.0, OpenID Connect, SAML) to manage access, authentication, and authorization for cloud and on-premises resources.
Specializes in enterprise identity management, providing solutions for single sign-on, multi-factor authentication, and API security that heavily rely on standard security tokens (e.g., OAuth, OpenID Connect, SAML, JWT).