This simple process provides two factors of authentication through two separate channels (your computer and your telephone):
Something you know – your password (as an option).
Something you have – your telephone.
For a third factor of authentication, the Soft Token prompts you to enter a short PIN and then provides you a OTP:
A hacker would have to know your password and have your telephone to login as you. By requiring you to also verify your secret PIN. This approach can further ensure that you have possession of your telephone at the time of the authentication.
The entire authentication process is completely out-of-band, which protects against malware installed on your computer and man-in-the-middle attacks.These types of attacks defeat in-band authentication methods like security tokens which require that a one-time passcode be entered into the login screen.