If you’ve used a tiny device that produces random-looking numbers as a second authentication tool in addition to a password, you’ve used token authentication. AT&T introduced a new service to provide this service without a physical device.
It provides a one-time passcode for authentication use in high security environments. AT&T doesn’t describe how this service works. However, some currently existing services send a text message with a pseudo-random number to use along with your account name and password. This one time passcode is usually good for a very short period.