Both Hardware Tokens and Software Tokens provide "something you have" factor authentication. Common hardware tokens are smartcards, USB sticks or one-time-use password generators. Software tokens are generally apps that generate a temporary password. Software tokens are considered a cheaper alternative to hardware tokens, as issuing a hardware token to a large number of users has a high cost. Arguably hardware tokens are more secure, but are less practical and more costly.
A software token (aka soft token) is a piece of a two-factor authentication security device that may be used to authorize the use of computer services Software tokens are stored on a general-purpose electronic device such as a desktop computer, laptop, PDA, or mobile phone and can be duplicated (Contrast hardware tokens, where the credentials are stored on a dedicated hardware device and therefore cannot be duplicated (absent physical invasion of the device)) Because software tokens are something one does not physically possess, they are exposed to unique threats based on duplication of the underlying cryptographic material - for example, computer viruses and software attacks