A one-time password, also known as an OTP, is a password that is valid for only a single login. OTPs are commonly used as part of a two-factor authentication system. For instance, when a user logs into a secure network, they may be presented with two prompts: one for a conventional password and the other for an OTP. A one-time password can come from sources including a USB security token (shown right) or a smartphone application.
OTP authentication methods
- Time synchronization: The login server knows that a one-time password is valid because the USB key generates a random password based on the current time.
- Previous password: The login server keeps a record of the last password entered by the OTP device and can use this information to validate the current one-time password.
- Challenge-response: The login server can issue a unique challenge to the USB key, for which there is only one unique response.