The PCI-DSS mandates the use of Two-Factor Authentication(2FA) to ensure secure remote access sessions to devices within the CDE.
There are several different types of 2FA tokens that have become available but a soft token can significantly increase the convenience of access for users. Instead of carrying around a separate key FOB token that can clutter up your keychain, this token is installed on your smart phone as an application. The soft token is very secure because the serial numbers for a specific user cannot be installed on more than one smart phone at a time. This prevents misuse of the application and insecure remote control. Sharing of user information such as usernames, passwords, and tokens is prohibited and the soft token takes an extra step towards preventing misuse.
