A hard token, or hardware token, is a piece of hardware that authenticates a user in a multi-factor authentication system. Hard tokens can take several forms, including small USB tokens, smart cards, or dedicated password-generating fobs. Hard tokens often work alongside other authentication methods like a username and password, but some systems may use them as the only necessary authentication method.
Hard tokens come in several different forms. The most common type of hard token is a disconnected token, also known as an OTP token. These tokens do not plug into a computer to provide authentication but instead have a small screen that displays a one-time-use passcode when you click a button on the device. You can use this passcode as part of an MFA system, similar to a soft token authentication app.
Another common form of hard token is a connected token, which plugs into a computer's USB port and can authenticate a user using one of several methods. Some USB tokens can insert a cryptographically-generated passcode whenever you press a button on the device and work without extra drivers or software. Others use a combination of private and public encryption keys to answer a cryptographic challenge issued during the login process. These tokens require compatible software (now built into most operating systems and web browsers) and the support of the service you're logging into.
Hard tokens are also often used to increase security when logging into a local computer system. Smart keycards can act as hard tokens; some require physical contact by placing a chip in a reader, and others use RFID chips to authenticate through proximity. Some specialized systems use wireless fobs that contain NFC or Bluetooth LE radios that can unlock a computer when the user is nearby and lock it again once they walk away.