One-Time Password (OTP)

What is one-time password (OTP)?

A one-time password (OTP), also known as a dynamic password, is a password that can only be used once, typically during a short period of a few seconds or minutes after the password has been issued.

One-Button Hardware Authenticator and Lock
SMBC | Offering Digipass 302 Comfort Voice, a One-Time Password Device with Audio Capability
Case Study

SUMITOMO MITSUI BANKING CORPORATION

Sumitomo Mitsui Banking Corporation offers Digipass 302 comfort voice, a one-time password device with audio capability

Read Case Study

How do one-time passwords (OTP) work?

In some applications, a set of one-time passwords (OTPs) are predetermined or even printed, but in most applications today, a one-time password (OTP) is generated in real time by a software or hardware authenticator that a user has in their possession. The authenticator that the user owns shares a cryptographic key with the verifier, which is the software that is trying to verify the user's identity.

Whatever way it is generated, each OTP can only be used once. The verifier who checks the password as a means of verifying the identity of a user rejects the repeated use of a password.

In many cases, the use of an OTP authenticator is only one component of a procedure multi-factor authentication. Combining an OTP with another factor such as a static password or a biometric signature of a certain type , the information can be more secure than a static password stored on its own.

Analyst Report

KuppingerCole Leadership Compass Cloud-based MFA Solutions

Overview of the SaaS MFA market, with top requirements, insights on 12 leading vendors, and the latest innovations.

Download Now

The benefits of one-time passwords

The adoption of OTPs (One time passwords) can offer a more secure alternative to or even supplement a memorized static password as a part of a multi-factor authentication process. This is because a password that has been compromised would be of little use to someone trying to compromise an account or application.

With static passwords, a hacker or fraudster who obtains a user’s password would have access to potentially sensitive information until that password is changed. In an even worse scenario, whoever compromised that account could change the password before its rightful owner could change it and secure their information.

Because of their one-use nature, OTPs have the potential to secure an application or account so that even in the event that an attacker captures a password, they would not be able to re-use the password in a second attempt. A user who falls prey to a phishing scam or malware that capture their keystrokes would still be protected. The information would remain safe from conventional password-stealing methods.

Get in touch with us

Get in touch with one of our security experts to learn more about how our solutions can help with your digital security needs