Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Token-based authentication is a security technique that authenticates users who are attempting to log in to a server, a network, or some other secure system. These devices strengthen the logon sequence. Today, most remote authentication schemes do not send passwords over the wire, either in the clear or encrypted. Remote users who need to access corporate servers are assigned a user account and given a secret password that is known to the user and the server. A successful authentication takes place if a user can prove to a server that he or she knows the shared secret without actually transmitting that secret across the wire.

CHAP (Challenge Handshake Authentication Protocol) provides the best example of this technique. Basically, the server sends a random message to the user. The user then appends the shared secret password to the message and runs it through a hash function, producing a message digest. This is returned to the server, which has also produced a message digest from the same information. The server compares the two message digests and, if they compare, the remote user is considered authentic.