Disable ads (and more) with a premium pass for a one time $4.99 payment
The appropriate factor of authentication that can be stolen and replayed from a remote location is a software token. Software tokens are often generated by applications on smartphones or computers and can produce time-based one-time passwords (TOTPs) or push notifications for two-factor authentication.
Since software tokens rely on the use of an application, if a malicious actor gains access to this app (for instance, through malware or phishing), they can potentially retrieve the generated codes and use them maliciously from a remote location. This makes it easier to replicate or manipulate the session initiated by a legitimate user.
In contrast, hardware tokens are physical devices that generate unique codes, and without possessing the token itself, an attacker cannot effectively replicate the authentication. Passwords can be stolen but are often less secure than software tokens since they don’t change dynamically. Biometric verification, such as fingerprints or facial recognition, cannot be easily taken or replayed, as they rely on unique physical traits.