For an academic project I am doing, I am using a number of Aladdin eTokens to show off to people why two-factor security is better than just a single password.
However, I keep running into this one question that takes forever to explain to people. Most everyone asks "Why do I need this token to store my private key? Why can't I use a USB thumbdrive?"
Nowhere have I found a good guide explaining the fact that the difference between a USB drive and a cryptographic token (like an Aladdin eToken) is the fact that the USB flash drive just does I/O such as block reads and writes. The computer reads the private key from the flash drive then performs the decryption/signing. The use of a smart card is totally different. The smart card does the decryption and signing on the card itself when requested to by the host computer. The host computer passes the encrypted data to the card, and takes the decrypted data when its processed. Nowhere does the private key get read to the host computer, so if someone compromises the host computer, the private key cannot be obtained. This is in contrast of storing a private key on a USB thumbdrive where the private key can be easily and undetectably read off by malware.
Of course, if I explain this to people, their eyes glaze over. (which is fine and I'm not trying to sound superior than other people, as not everyone needs to be a cryptographic geek.) I just want them to understand why this piece of plastic that plugs into a USB port gives them more security than just punching in a password.