Hard certificates are more secure

An electronic certificate confirms that a certain open key actually belongs to a certain person. One person can have several certificates for various purposes. They can all be stored on a single smart card.

Certificates can be soft or hard. Hard certificates provide significantly higher security than soft certificates. Soft certificates (also referred to as file certificates) store keys in a file on a computer hard disk. Hard certificates (also referred to as card certificates) store keys in a chip on a smart card (or a USB memory stick). The private key is stored on one location only - on the receiver's smart card or hard disk - and has not been copied or placed anywhere else. The open key, however, is available to all in an open folder.

When someone logs on, the certificate authenticates that the person is actually who her or she claims to be. Smart cards along with PINs provide two-factor authentication (something one has and something one knows), which is stronger than traditional single-factor authentication (something one knows) in the form of user names and passwords. In systems with particularly strict demands of security, three-factor authentication (something one has, something one knows and something one is) provides additional security by also including a biometric factor such as a fingerprint or facial form.