A OTP (One-Time Password), or one-time password is a digital authentication code that is only valid for a single connection session or transaction. It is an additional security measure, often used in addition to a static username and password, to strengthen protection against identity theft and unauthorised access.
Here are the key points to remember about OTPs:
- Single use : As its name suggests, an OTP can only be used once. Once used, it expires and cannot be reused.
- Limited validity : OTPs have a very short validity period, usually a few seconds or minutes. This limits the window of opportunity for a potential cybercriminal.
- Dynamically generated : OTPs are generated dynamically, either by an algorithm, a physical token or a third-party service (SMS, email, authentication application).
- Enhanced security : OTPs add an extra layer of security, because even if a hacker manages to obtain your static password, he won't be able to log in without the OTP.
- Different types
There are several types of OTP, including :
-
- Time-based OTP (TOTP): they are generated by a time-synchronised algorithm. This is the most common type of OTP, often used by authentication applications such as Google Authenticator or Authy.
- Event-based OTP (HOTP): they are generated for each authentication request, regardless of time.
- OTP sent by SMS: a code is texted to your mobile phone.
- OTP sent by email: a code will be sent to your e-mail address.
- OTP generated by physical token: a small hardware device that displays a regularly changing code.
