What is one-time password (OTP)?
A one-time password (OTP), also known as a dynamic password, is a password that can only be used once, typically during a short period of a few seconds or minutes after the password has been issued.
How do one-time passwords (OTP) work?
In some applications, a set of one-time passwords (OTPs) are predetermined or even printed, but in most applications today, a one-time password (OTP) is generated in real time by a software or hardware authenticator that a user has in their possession. The authenticator that the user owns shares a cryptographic key with the verifier, which is the software that is trying to verify the user's identity.
Whatever way it is generated, each OTP can only be used once. The verifier who checks the password as a means of verifying the identity of a user rejects the repeated use of a password.
In many cases, the use of an OTP authenticator is only one component of a procedure multi-factor authentication. Combining an OTP with another factor such as a static password or a biometric signature of a certain type , the information can be more secure than a static password stored on its own.
KuppingerCole Leadership Compass Cloud-based MFA Solutions
Overview of the SaaS MFA market, with top requirements, insights on 12 leading vendors, and the latest innovations.Download Now
The benefits of one-time passwords
The adoption of OTPs (One time passwords) can offer a more secure alternative to or even supplement a memorized static password as a part of a multi-factor authentication process. This is because a password that has been compromised would be of little use to someone trying to compromise an account or application.
With static passwords, a hacker or fraudster who obtains a user’s password would have access to potentially sensitive information until that password is changed. In an even worse scenario, whoever compromised that account could change the password before its rightful owner could change it and secure their information.
Because of their one-use nature, OTPs have the potential to secure an application or account so that even in the event that an attacker captures a password, they would not be able to re-use the password in a second attempt. A user who falls prey to a phishing scam or malware that capture their keystrokes would still be protected. The information would remain safe from conventional password-stealing methods.