234 ◾ Information Security Management Handbook
reader, hold a security device near an RFID/NFC reader, or enter a constantly changing one-time
password displayed on the device.
e disadvantage to this approach is that the user must keep the token with them, which may
be inconvenient, tokens can malfunction or be lost or stolen, additional cost and complexity is
required to acquire and deploy tokens and readers and the tokens, themselves, while generally
secure, have been known to be compromised through a variety of attacks. For these reasons, pos-
session-based methods are often combined with knowledge-based methods to form a second-factor
authentication system, which lessens the risk of compromise by requiring an attacker to defeat
both c ...