A soft token is a software version of a hard token, which is a security device used to give authorized users access to secure locations or computer systems. For this reason, soft tokens can be called "virtual tokens," since they are a virtual version of hardware keys and other physical security devices.
Soft tokens are typically generated by a central server that runs security software. They are sent to users' devices, such as cell phones, PDAs, and laptops. Once the soft token has been received by the device, the user can use the device within a secure network or can gain access to the server as an authorized user. To add an extra measure of security, most soft token authentication also requires a username and password to make sure the correct user is using the authorized device.