Talk:Security token

Latest comment: 3 years ago by Djstringcheese in topic Modern definition of token

Jibberish

edit

This is not an encylopedia article, it is jibberish that nobody can understand. What is a token? How do you use it? Does it work with browsers, if so how? Can you use it for bank login online? These are the kinds of questions the public are interested in. —Preceding unsigned comment added by 80.65.241.142 (talk) 12:40, 6 September 2008 (UTC)Reply

I think you have a valid point. I have made several edits to try to make the page more public friendly and a little easier to read. See additional comments below. --Tigereye7 (talk) 15:31, 29 October 2008 (UTC)Reply


The article starts with an incomplete or inconsistent list: There are five (5) types of tokens: 1.Static password. 2.Synchronous dynamic password 3.Asynchronous password 4.Challenge response — Preceding unsigned comment added by 207.107.233.124 (talk) 16:57, 9 January 2012 (UTC)Reply

It has since been rewritten. -- Beland (talk) 18:14, 28 April 2013 (UTC)Reply

............................................................................................................... — Preceding unsigned comment added by 27.123.170.130 (talk) 05:16, 26 October 2014 (UTC)Reply

Insecure editing?

edit

Hello, The pages seem to not be secure. It appeared that they could be changed or modified. ??? —Preceding unsigned comment added by 137.87.0.10 (talkcontribs) 17:40, 5 February 2007

Yes, this is the Wikipedia, any one can edit and help make it better. And if you do bad edits others will discover that and fix it. --David Göthberg 16:41, 4 August 2007 (UTC)Reply

Some edits should be checked...

edit

Some recent (as of August 2007) edits consist mostly in deletion of wikilinks allegedly not working. I assume good faith as much as the next person, but somebody could have deleted overzealously. Could someone expert in this filed check if anything is amiss, by having a look at this article's history? Happy editing, --Goochelaar 22:50, 30 August 2007 (UTC)Reply

I looked through edits from that period and I don't see any useful internal links that have been lost. -- Beland (talk) 18:18, 28 April 2013 (UTC)Reply

What to do about all the vendors

edit

I made several edits trying to clean the page up and make it less of an advert but the bottom section is still a mess. This page is turning into a vendor circus. Its too commercial and confusing. I think it might make more sense to focus on general the types and limit the vendors to brief mentions or references if they illustrate a specific point. Any comments on this? --Tigereye7 (talk) 16:20, 29 October 2008 (UTC)Reply

Why exactly does it matter if it's written as an Ad? In my point of view if we get to learn a bit more about said brand of product, it's a good thing. The point of advertising is to describe the benefits of a product. —Preceding unsigned comment added by 98.113.122.98 (talk) 03:19, 15 February 2010 (UTC)Reply
Well apart from the fact that advertisements are against Wikipeadia policy, you clearly know little or nothing about advertisements. Since when was their purpose to "describe the benefits of a product" as opposed to concealing a product's defects?109.154.82.95 (talk) 07:36, 27 May 2011 (UTC)Reply
I don't think anything in this article as it now stands reads as an advertisement. It is a fairly balanced (but possibly incomplete) overview of the various forms commonly referred to as being part of the "Security Token" technology, and includes a list of vendors (which could be more complete). Including lists of available products and vendors in computer technology articles on Wikipedia is a fairly common thing to do, either in the main article or in a supplemental "Comparison of ..." article.

62.198.224.178 (talk) 12:06, 13 April 2010 (UTC)Reply

Agree. It is very confusingly written and seems to promote certain products. Electron100 (talk) 23:57, 9 September 2010 (UTC)Reply
The edit at 14:53, 11 October 2012‎ removed most vendor information from the sections describing the various technologies. I just created a section called "Notable vendors and models", which I think will be a cleaner way of presenting this information, separate from the technical information. We have a number of articles which are comparisons of vendor products, and this is certainly useful information to readers, as long as it doesn't stray into the self-promotional. Sticking to verifiable and objective facts, it is helpful to get a sense of the marketplace and the current state of technology. For this article, some of the information that was removed highlights technological innovations particular to specific products; that might be interesting to re-incorporate into the article in some way. For now, I have simply created a list of vendors and names of products, without much description, based on what was mentioned in older versions of the article. There is probably some sorting out to do as to which are "notable" and which, if any, need to be removed. -- Beland (talk) 21:35, 28 April 2013 (UTC)Reply

Local keyboard, first and second security factor, needs rewrite

edit

From article: "The client enters the number to a local keyboard as displayed on the token (second security factor), usually along with a PIN (first security factor), when asked to do so."

That is an ungentle start of the section. What is a local keyboard. What is displayed on the token. What is the first and second security factor. What is the whole context of doing this.

213.165.179.229 (talk) 09:02, 11 July 2011 (UTC)Reply

Just rewrote that. -- Beland (talk) 18:55, 28 April 2013 (UTC)Reply

Paper printed security tokens?

edit

What about small papers (often creditcard-sized) with some kode/key pairs printed on them? Some banks use that.

Do they also belong in the definition of a security toke?

213.165.179.229 (talk) 09:10, 11 July 2011 (UTC)Reply

I think you are referring to a one-time pad? I added some links to that article in appropriate spots. -- Beland (talk) 18:55, 28 April 2013 (UTC)Reply
I think that the small transaction authentication number paper documents, containing a printed list of one-time passwords, should be mentioned in this article. I suspect that's what 213.165.179.229 was talking about, since many banks have issued TANs, but I've never heard of any bank using a one-time pad. --DavidCary (talk) 03:26, 21 August 2015 (UTC)Reply

Crows can count. Can we?

edit

There are five types of tokens: 1. Static password. 2. Synchronous dynamic password 3. Asynchronous password 4. Challenge response

Subj :) — Preceding unsigned comment added by 212.113.102.144 (talk) 16:32, 7 December 2011 (UTC)Reply

Since fixed. -- Beland (talk) 18:11, 28 April 2013 (UTC)Reply

ArrayShield and other vendors

edit

I just moved an added listing about ArrayShield to a token-type category. If this is not the correct category, feel free to move it or if there is truly no category that fits, create a new one and explain the reasoning on this talk page. The last thing we need is every vendor under the sun making their own category and making this page more hairy that it is already. Descriptions should be objective, not promotional. Also, links should be relegated to references. If anyone disagrees or has something to add, I welcome your comments. Tigereye7 (talk) 15:40, 20 February 2012 (UTC)Reply

Laptop only?

edit

"Older PC card tokens are made to only work with laptops"

...except for those desktops that had PC Card adapters. Should the laptop only reference be removed? 99.245.248.91 (talk) 04:09, 11 May 2013 (UTC)Reply

I changed it.99.245.248.91 (talk) 18:20, 14 May 2013 (UTC)Reply

RE: Incomprehensible English

edit

Hi,

not a regular Wikipedia editor, but upon scanning the article, looking for information on the subject, I noticed that alot of the English seems to be very oddly written (perhaps by a non-native speaker?). One particularly confusing example I found below during a quick scan:

"The major threat is by incautious operation. Users shall be aware of permanent options of threat."

The first sentence is comprehensible, if badly written, but the second is a mystery to me. Plenty of other similar examples I noticed during an only cursory read - a fair amount of rewriting seems to be requred. — Preceding unsigned comment added by 108.171.129.188 (talk) 07:25, 20 October 2017 (UTC)Reply

Authenticator is the new token

edit

I'm rewriting the Authenticator article to align with the NIST Digital Identity Guidelines.[1] According to NIST, use of the word "token" is deprecated so I'd like to propose we change the name of this article from "Security token" to "Security key". Comments? Tom Scavo (talk) 01:09, 4 February 2019 (UTC)Reply

Modern definition of token

edit

With OAuth and token based authenticator apps being the main context in which tokens are discussed, I think it is essential that the first paragraph be reworked to reflect the modern usage of the word. I may go ahead and do this later if I have time. I don't think that renaming the article is the solution here. Djstringcheese (talk) 07:53, 4 December 2020 (UTC)Reply

References

edit
  1. ^ Grassi, Paul A.; Garcia, Michael E.; Fenton, James L. (June 2017). "NIST Special Publication 800-63-3: Digital Identity Guidelines". National Institute of Standards and Technology (NIST). Section 4.3.1. Retrieved 2 February 2019.

History section is missing

edit

it would be nice to know, when the first security token has been created and was used? --2A02:908:1588:F580:887E:EC4C:5C13:68C0 (talk) 13:45, 26 June 2019 (UTC)Reply