A hard token is a hardware security device that is used to prove a user's identity by generating a unique security code used during login procedures, confirming the user possesses the device. Soft tokens or mobile applications can generate codes but are software-based and distinguished from physical tokens. Static passwords or codes stored on a hard device or any irremovable media has NO dynamic generating capability hence not making them hard tokens, but rather just ineffective storage mechanisms for sensitive data (except where protected by additional security measures).