Defender Soft Token

Defender Soft Token: Secure Two-Factor Authentication on Your Android Device

The Defender Soft Token is a mobile application that transforms your Android device into a secure token for two-factor authentication (2FA). This app provides a critical layer of security for accessing corporate networks and resources, eliminating the need to carry a separate physical hardware token. Users start by launching the app to generate a one-time passcode, which they then enter alongside their standard credentials to complete a secure login. The primary value of the Defender Soft Token lies in its convenience and security, offering robust protection against unauthorized access directly from a user’s personal phone.

One-Time Passcode Generation and Entry

This core function of the Defender Soft Token produces a time-sensitive, six-digit code that refreshes every 30 seconds. To use it, an employee opens the Defender Soft Token app to view the current valid code. They then switch to their login screen and input this code when prompted during the authentication process after entering their username and password. This workflow ensures that even if a password is compromised, an attacker cannot gain access without also possessing the device running the Defender Soft Token, significantly enhancing account security.

Synchronization with Defender for Business Systems

The Defender Soft Token application is designed to work in conjunction with the broader Defender security platform. An administrator must first provision and activate the soft token for a specific user account within the Defender system. The user then completes the setup on their Android device, ensuring the app's internal clock is perfectly synchronized with the authentication server. This behind-the-scenes synchronization is crucial, as any time drift would cause the generated codes to be invalid, preventing successful login.

User Enrollment and Initial Setup Process

Onboarding with the Defender Soft Token involves a guided workflow initiated by an organization's IT administrator. The user typically receives an activation code or a QR code to scan. Upon opening the app for the first time, the user enters this code or uses their device’s camera to scan the provided image. The Defender Soft Token then establishes a secure, unique link to the user’s identity in the corporate directory, finalizing the personalization of the token on that specific Android device.

Secure Seed Key Storage and Protection

The Defender Soft Token safeguards a unique cryptographic seed key assigned to each user. This key is the secret value used to generate the sequence of one-time passcodes. The app stores this key within the device's secure hardware enclave, often called the Trusted Execution Environment (TEE), if available. This prevents other applications or processes on the phone from accessing this sensitive material, ensuring the integrity and confidentiality of the authentication process managed by the Defender Soft Token.

Offline Code Generation Capability

A significant advantage of the Defender Soft Token is its ability to function without an active internet or cellular connection. Since the cryptographic algorithm for generating codes runs locally on the device using its internal clock and stored seed key, users can still authenticate even in areas with poor connectivity, on airplane mode, or in underground facilities. This reliability ensures continuous access to critical business systems regardless of network status.

PIN or Biometric Lock Activation

To add an extra layer of device-level security, users can configure the Defender Soft Token to require a PIN, fingerprint, or facial recognition before displaying the current passcode. When enabled, opening the app does not immediately show the code; instead, the user must first authenticate themselves to the device. This security feature ensures that if the Android phone is lost or stolen, the Defender Soft Token itself cannot be used to generate valid codes without the owner’s biometric data or knowledge of the PIN.