A one-time password or passcode (OTP) is a string of characters or numbers that authenticates a user for a single login attempt into a network or transaction. An algorithm generates a unique value for each one-time password by factoring in contextual information, like time-based data or previous login events.
OTP’s can also come in the form of a card or USB device that displays a one time password on a digital display.
The OTP feature prevents some forms of identity theft by making sure that a captured user name/password pair cannot be used a second time.
Typically the user’s login name stays the same, and the one-time password changes with each login.
One-time passwords (aka One-time passcodes) are a form of strong authentication, providing much better protection to eBanking, corporate networks, and other systems containing sensitive data.
Although this authentication method is convenient, it is not secure because online identity theft – using phishing, keyboard logging, man-in-the-middle attacks, and other practices – is increasing worldwide.
Strong authentication systems address the limitations of static passwords by incorporating an additional security credential, such as a temporary one-time password (OTP), to protect network access and end-users digital identities.
When authenticating users, companies have to keep three independent factors to keep in mind:
- Knowledge. Things the user knows, like a password, PIN, or security question answer.
- Possession. Things the user has, such as a token, smart card, or phone.
- Biometric. Things that identify the user uniquely, like fingerprints or behavioral data.