What is a one-time password (OTP)? Definition from SearchSecurity (2024)

Table of Contents
What is a one-time password (OTP)? One-time password examples How to get a one-time password How a one-time password works Benefits of a one-time password FAQs

By

  • Kathleen Richards
  • Ivy Wigmore

What is a one-time password (OTP)?

A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login session.

An OTP is more secure than a static password, especially a user-created password, which can be weak and reused across multiple accounts.

OTPs might replace traditional authentication login information or may be used in addition to it to add another layer of security.

One-time password examples

OTP security tokens are microprocessor-based smart cards or pocket-size key fobs that produce a numeric or alphanumeric code to authenticate access to the system or transaction. This secret code changes every 30 or 60 seconds, depending on how the token is configured.

See Also
What is a token code and how do I obtain it? | FAQ | Bloomberg Professional ServicesToken Based Authentication Made EasyUltimate Guide to Token-based AuthenticationWhat Is an Authentication Token? | Fortinet

Mobile device apps, such as Google Authenticator, rely on the token device and PIN to generate the one-time password for two-step verification.

OTP security tokens can be implemented using hardware, software or on demand. Unlike traditional passwords that remain static or expire every 30 to 60 days, the one-time password is used for one transaction or login session.

How to get a one-time password

When an unauthenticated user attempts to access a system or perform a transaction on a device, an authentication manager on the network server generates a number or shared secret, using one-time password algorithms. The same number and algorithm are used by the security token on the smart card or device to match and validate the one-time password and user.

Many companies use Short Message Service (SMS) to provide a temporary passcode via text for a second authentication factor. The temporary passcode is obtained out of band through cellphone communications after the user enters his username and password on networked information systems and transaction-oriented web applications.

For two-factor authentication (2FA), the user enters a user ID, traditional password and temporary passcode to access the account or system.

What is a one-time password (OTP)? Definition from SearchSecurity (1)

How a one-time password works

In OTP-based authentication methods, the user's OTP app and the authentication server rely on shared secrets.

See Also
IBM Cloud Docs

Values for one-time passwords are generated using the following factors in conjunction with one another:

  • HMAC, or Hash-based Message Authentication Code, algorithm.
  • A moving factor, such as time-based information -- e.g., a time-based OTP (TOTP) -- or an event counter that tracks the number of authorization attempts -- e.g., HMAC-based OTP (HOTPs).

The OTP values have minute or second timestamps for greater security. The one-time password can be delivered to a user through several channels, including an SMS-based text message, an email or a dedicated application on the endpoint.

Security professionals have long been concerned that SMS message spoofing and man-in-the-middle attacks can be used to break 2FA systems that rely on one-time passwords.

The U.S. National Institute of Standards and Technology (NIST) considered deprecating SMS for 2FA and one-time passwords in 2016. Ultimately, however, the organization decided that while using SMS as a second authentication factor is not the most secure option, it is more effective than single-factor authentication.

Experts such as those at NIST recommend enterprises consider one-time password delivery methods besides SMS -- and avoid delivering OTPs via SMS to email addresses or VoIP numbers, which cannot prove device possession.

Benefits of a one-time password

The one-time password avoids some common pitfalls of password security. With OTPs, IT administrators and security managers do not have to worry about composition rules, known-bad and weak passwords, sharing of credentials or reuse of the same password on multiple accounts and systems.

Another advantage of one-time passwords is that they become invalid in minutes -- in the case of TOTPs -- or once they have been used -- in the case of HOTPs. In this way, one-time passwords prevent attackers from obtaining the secret codes and reusing them.

Editor's note: This article was written by Ivy Wigmore in 2014 and subsequently updated by Kathleen Richards. TechTarget editors revised it in 2023 to improve the reader experience.

This was last updated in December 2023

Continue Reading About one-time password

  • What is identity and access management? Guide to IAM
  • How secure are one-time passwords from attacks?
  • 5 password management tips for MSP customers
  • What is passwordless authentication?

Related Terms

out-of-band authentication
Out-of-band authentication is a type of two-factor authentication (2FA) that requires a secondary verification method through a ...Seecompletedefinition
What is a SSL (secure sockets layer)?
Secure sockets layer (SSL) is a networking protocol designed for securing connections between web clients and web servers over an...Seecompletedefinition
What is role-based access control (RBAC)?
Role-based access control (RBAC) is a method of restricting network access based on the roles of individual users within an ...Seecompletedefinition

Dig Deeper on Identity and access management

  • out-of-band authenticationBy: NickBarney
  • soft tokenBy: PaulKirvan
  • multifactor authenticationBy: KinzaYasar
  • security tokenBy: PaulKirvan
What is a one-time password (OTP)? Definition from SearchSecurity (2024)

FAQs

What is a one-time password (OTP)? Definition from SearchSecurity? ›

A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login session. An OTP is more secure than a static password, especially a user-created password, which can be weak and reused across multiple accounts.

Read On
What is opt One Time Password? ›

What does OTP mean? One-time password (OTP) systems provide a mechanism for logging on to a network or service using a unique password that can only be used once, as the name suggests. The static password is the most common authentication method and the least secure.

Discover More Details
What is the One Time Password OTP algorithm? ›

OTP generation algorithms typically make use of pseudorandomness or randomness to generate a shared key or seed, and cryptographic hash functions, which can be used to derive a value but are hard to reverse and therefore difficult for an attacker to obtain the data that was used for the hash.

Continue Reading
What does OTP mean? ›

OTP means One Time Password: it's a temporary, secure PIN-code sent to you via SMS or e-mail that is valid only for one session.

See Details
What is the OTP verification password? ›

OTP authentication works by sending a one-time code comprised of letters and/or numbers to a second MFA source used in addition to a username and password. Common types of OTPs include SMS and voice messages, as well as email verification.

Find Out More
What is an example of a One Time Password authentication? ›

One Time Password Examples

Once the user has begun his login attempt, filling in his username and the correct password, an SMS OTP is sent to the mobile number connected to his account. The user then enters this code shown on this phone in the login screen, completing the authentication process.

Tell Me More
Is an OTP one-time password hackable? ›

The FBI highlighted this problem and suggested that biometric authentication be added as multi factor authentication to provide a stronger layer of security. In a nutshell, even though OTPs are better than static passwords, they are still susceptible to attacks by hackers.

Show Me More
Where do I find my OTP password? ›

To get an OTP code, a user typically needs to enter their phone number or email address when prompted by the service they are trying to access. The service will then generate a code and send it to the user's device. Depending on the service, the code may be sent via SMS, email, or even an in-app notification.

Explore More
Why is one-time password OTP safe? ›

A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login session. An OTP is more secure than a static password, especially a user-created password, which can be weak and reused across multiple accounts.

Continue Reading
What is the meaning of OTP password? ›

What does OTP mean? Simply put, a one-time password is an autogenerated code that's good for a single login and used to verify the user's identity. Customers receive this token by email or SMS and enter it into the login form to access their accounts.

Show Me More

What are the disadvantages of one-time password? ›

Disadvantages of One-Time Passwords

A user may also be unable to access the OTP. Some emailed OTPs may be delayed or end up in a Spam folder. If a user loses a physical token, they've lost access to their OTP.

Read The Full Story
Is OTP one true pairing? ›

"OTP" means "one true pair/pairing," according to Merriam-Webster. The term comes from "shipping" within fandom culture. "Shipping" refers to creating a relationship between two characters or people who are not previously romantically linked, says Merriam-Webster. So, OTP refers to a fan-made couple.

See Details
What does it mean when someone sends you OTP? ›

OTP, which stands for One True Pairing, is a term that signifies a person's favorite fictional romantic relationship.

Get More Info Here
Does OTP mean over the phone? ›

OTP stands for On the Phone. OTP is an internet slang initialism used to let a message sender know that the recipient is talking on the phone. OTP.

Continue Reading
Can OTP be intercepted? ›

For valuable accounts (like banking), attackers may try to intercept the OTP if it's sent via text. This is done through SIM swapping (registering a new SIM card to your number) or launching an attack via the operator's service network utilizing a flaw in the SS7 communications protocol.

View More
How long is OTP valid? ›

This alphanumeric code which is used to authenticate access to the system changes every 30-60 seconds depends on how the back end system is generated. Most bank's offer the period from 2 minutes to 10 minutes for the OTP to expire.

View Details
What is the 6 digit code OTP? ›

The 6 digit OTP code does prevent replay attacks where the 7 digit password does not. And locking the user out after 10 invalid attempts will add more security to the 6 digit OTP code than the 7 digit pure numeric password because the lockout would invalidate all previous guesses on the OTP code.

See More
What is the OTP sent to your mobile number? ›

OTP is a six-digit numerical code sent in real time as SMS to your registered mobile number while performing the transaction. OTP is mandatory for authorizing the following transactions: Registration of beneficiary bank accounts of other banks. Bill payments.

Learn More
How to get OTP without phone number? ›

Use OTP apps like Google Authenticator or Microsoft Authenticator to receive OTP without a SIM card. Request a replacement SIM card from your carrier to access OTP messages. Explore online SMS verification services that offer virtual phone numbers for OTP reception. You can also use a SIM card via email.

Discover More Details
What are OTPs in text messaging? ›

SMS OTP (one time password) is a secure 2 factor authentication method where a text containing a unique alphanumeric or numeric code is sent to a mobile number (MSISDN). The recipient then uses this code or password as an additional layer of security to login to a service, website or app.

Show Me More

What is the Amazon OTP one-time password? ›

Due to the value of some items, a one-time password (OTP) is required on delivery for some orders. An OTP adds an extra layer of security to your packages. If an OTP is required, we will send a six-digit numeric OTP to your registered email address on the delivery day.

Learn More Now
What is my OTP number? ›

OTP- One Time Password, that four to six-digit code that pops up on your screen every time you use your Debit or Credit Card for an online transaction or a NetBanking transaction. Have you ever wondered what exactly are these numbers and why do they play such an integral role to secure your bank account?

Explore More
What is my OTP code 4 digit? ›

In simple terms, an OTP code is a unique password that you can use only once. They are usually four or six numeric digits. This code enables you to gain a single login session. You can perform a transaction with your OTP on a computer or digital device.

Explore More
How to generate OTP code? ›

There are two ways to create OTPs. One way is through the use of smartphone apps like Google Authenticator, Authy, and Duo. The other way is to generate one-time passwords online using websites such as TOTP Generator.

Continue Reading
Top Articles
Max Lamb at Johnson Trading Gallery | Dezeen
How one Woman Balances Financial Shifts due to COVID-19 While Saving for Her Son's College Tuition
Sandrail Options and Accessories
Cad Calls Meriden Ct
Practical Magic 123Movies
Polyhaven Hdri
Fnv Turbo
Craigslist Vermillion South Dakota
Tanger Outlets Sevierville Directory Map
Atrium Shift Select
Free Robux Without Downloading Apps
Mycarolinas Login
Urban Dictionary Fov
De Leerling Watch Online
The Shoppes At Zion Directory
charleston cars & trucks - by owner - craigslist
Cvb Location Code Lookup
Youravon Comcom
Me Cojo A Mama Borracha
Craigslist Mt Pleasant Sc
UPS Store #5038, The
Tyrone Unblocked Games Bitlife
Lakers Game Summary
Dcf Training Number
Air Quality Index Endicott Ny
2021 Volleyball Roster
Best Sports Bars In Schaumburg Il
Panolian Batesville Ms Obituaries 2022
§ 855 BGB - Besitzdiener - Gesetze
Infinite Campus Asd20
Tracking every 2024 Trade Deadline deal
Things to do in Pearl City: Honolulu, HI Travel Guide by 10Best
Srjc.book Store
Log in or sign up to view
Amazing Lash Bay Colony
Craigslist Texas Killeen
Kristen Hanby Sister Name
Dumb Money, la recensione: Paul Dano e quel film biografico sul caso GameStop
Ni Hao Kai Lan Rule 34
Craigslist Pets Huntsville Alabama
Felix Mallard Lpsg
Ucsc Sip 2023 College Confidential
Sun Tracker Pontoon Wiring Diagram
Nami Op.gg
Promo Code Blackout Bingo 2023
Pike County Buy Sale And Trade
Lady Nagant Funko Pop
Neil Young - Sugar Mountain (2008) - MusicMeter.nl
Wera13X
Rocket Bot Royale Unblocked Games 66
Latest Posts
Due Diligence for various purposes
Dear Penny: If My Credit Score Drops Due to COVID-19, Can I Recover?
Article information

Author: Mrs. Angelic Larkin

Last Updated:

Views: 5985

Rating: 4.7 / 5 (47 voted)

Reviews: 94% of readers found this page helpful

Author information

Name: Mrs. Angelic Larkin

Birthday: 1992-06-28

Address: Apt. 413 8275 Mueller Overpass, South Magnolia, IA 99527-6023

Phone: +6824704719725

Job: District Real-Estate Facilitator

Hobby: Letterboxing, Vacation, Poi, Homebrewing, Mountain biking, Slacklining, Cabaret

Introduction: My name is Mrs. Angelic Larkin, I am a cute, charming, funny, determined, inexpensive, joyous, cheerful person who loves writing and wants to share my knowledge and understanding with you.