112 Eleventh Hour Security : Exam SY0-201 Study Guide Two-factor Two -factor authentication is typically implemented as a combination of something you have (e.g., Automatic Teller Machine [ATM] cards) and something you know (a PIN). In order to misuse a victim's authentication credentials in a two-factor authentication scheme like an ATM, both the ATM card and the PIN number must be acquired. Token authentication is a form of two-factor authentication and can be provided by way of either hardware- or software-based tokens: A hardware device that is coded to generate token values at specific intervals A software or server-based component that tracks and verifies that these codes are valid The token code is entered into the server/software monitoring system during setup of the system. A user wishing to be authenticated visits the machine or resource they wish to access and enters a PIN number in place of the usual user logon password. They are then asked for the randomly generated number cur- rently present on their token. When entered, this value is checked against the server/software system's calculation of the token value. If they are the same, the authentication is complete and the user can access the machine or resource.