One-time password can be referred to as systems which provides a mechanism to enable logging on to a network or service through the use of a code know as a unique password which can only be used once. The OTP prevents some forms of identity theft by ensuring that a captured user name/password pair cannot be used any other time again.
Typically the users logon name stays the same. The one-time password does not remain the same, it changes with each logon. One-time passwords contains some so-called strong authentication, which provides better protection to sensitive data like on-line bank accounts, corporate networks and other systems as well.
In this modern days, only a user name and static password for logon and access to personal and sensitive data are used by e-commerce sites, online communities and most enterprise networks. Although this authentication method is convenient, it is not secure due to online identity theft – using phishing, keyboard logging, man-in-the-middle attacks and other methods –which is increasing globally.
Strong authentication systems address the limits of static passwords by introducing another security credential, given an example, a temporary one-time password (OTP), to protect network access and end-users’ digital identities. This brings an extra level of protection and makes it extremely difficult to access unauthorized information, or online accounts or networks.
One-time passwords has several ways in which it can be generated and each one contains a trade-offs in term of security, convenience, cost and accuracy. A set of one-time passwords can be generated by some methods such as transaction numbers lists and grid cards. These methods are slow, difficult to maintain, easy to replicate and share, and require the users to keep track of where they are in the list of passwords. Thereby these methods offer low investment costs.
There is a more convenient way to make the user aware of the next OTP to use. Special electronic security tokens are used by some systems inwhich the user carries and generate OTPs and show them using a small display. Software that runs on the user’s mobile phone are other systems that can be included.
Yet other systems generate OTPs on the server-side and send them to the user using an out-of-band channel such as SMS messaging. Finally, there are some systems inwhich OTPs are printed on paper that requires the user to always carry along.
In General, An OTP is described to be more secure than a static password, especially a password that was created by the user, which can be typically weak. OTPs may replace authentication login information or may be used in addition to it, to add another layer of security.
OTP tokens are usually pocket-size fobs with a small screen that displays a number. The number changes every 30 or 60 seconds, depending on how the token is configured.
For two-factor authentication, the user enters his user ID, PIN and the OTP to access the system.
OTP tokensare usually pocket-size fobs with a small screen that displays a number. The number changes every 30 or 60 seconds, depending on how the token is configured.
For two-factor authentication, the user enters his user ID, PIN and the OTP to access the system.
