If a phone or notebook is lost, the administrator can deactivate the token easily, and assign a temporary token to that user. The seed file will not be compromised in this situation, and you can set a pin number along with the token code to assure that someone who steals a phone will not be able to use their token, should they manage to have access to the username and password. PINs (Passwords; they can contain any number of any characters) can be set on the tokens; these PINs encrypt the seed file on disk. Deniable encryption is used, meaning the low entropy of most unlock-codes, PINs or passwords cannot be exploited to brute-force the seed-file, unlike our competitors. Furthermore, if you feel someone may be able to steal a device and then guess a passcode / PIN, Mi-Token's administrative flexibility is such that you can even allow users to unassign tokens from themselves via a website, as well as making it very straightforward for administrators to unassign tokens from users.