Ken wrote:
I do business with a company that issues a security token, that when
used with a password, allows access to my account. I know it works and
has worked for years, but I was curious as to how it works:

The number the token generates changes every minute or so, so knowing
the number it generated a minute ago and the users password is of no
value unless used while the number is valid. My questions a

How do they synchronize the timing of the token with that of the server
that receives it?

Since the token is good for several years before needing to be replaced,
how do they synchronize the generated number with the server?

I know this is an electronics newsgroup, but I thought if anyone knew
the answer to my questions, it would be here.

The software does not accept only a single reply, but rather accepts
the numbers generated by the token at a range around the current time.
When you enter a code that was valid a minute ago, it does not reject
it but it accepts it and notes that the time in the token is apparently
a minute behind. The next time you use the token the range of time has
been shifted by a minute. This way the server "locks" to the drifting
time of the token. When you would not use it for a very long time it
could have drifted outside of the range, but in practice this does not
happen (the clock in the token is accurate enough).