Soft tokens are typically generated by a central server that runs security software. They are sent to users' devices, such as cell phones, PDAs, and laptops. Once the soft token has been received by the device, the user can use the device within a secure network or can gain access to the sever as an authorized user. To add an extra measure of security, most soft token authentication also requires a username and password to make sure the correct user is using the authorized device.