Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
One-time password
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Characteristics == The most important advantage addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to [[replay attack]]s. This means that a potential intruder who manages to record an OTP that was already used to log into a service or to conduct a transaction will not be able to use it, since it will no longer be valid.<ref name=":1">{{Cite book|last1=Paterson|first1=Kenneth G.|last2=Stebila|first2=Douglas|title=Information Security and Privacy |chapter=One-Time-Password-Authenticated Key Exchange |date=2010|editor-last=Steinfeld|editor-first=Ron|editor2-last=Hawkes|editor2-first=Philip|chapter-url=https://eprints.qut.edu.au/31900/27/OTPAKfull.pdf|series=Lecture Notes in Computer Science|volume=6168|language=en|location=Berlin, Heidelberg|publisher=Springer|pages=264β281|doi=10.1007/978-3-642-14081-5_17|isbn=978-3-642-14081-5}}</ref> A second major advantage is that a user who uses the same (or similar) password for multiple systems, is not made vulnerable on all of them, if the password for one of these is gained by an attacker. A number of OTP systems also aim to ensure that a session cannot easily be intercepted or impersonated without knowledge of unpredictable data created during the ''previous'' session, thus reducing the [[attack surface]] further. There are also different ways to make the user aware of the next OTP to use. Some systems use special electronic [[security token]]s that the user carries and that generate OTPs and show them using a small display. Other systems consist of software that runs on the user's [[mobile phone]]. Yet other systems generate OTPs on the server-side and send them to the user using an [[Out-of-band data|out-of-band]] channel such as [[SMS]] messaging. Finally, in some systems, OTPs are printed on paper that the user is required to carry. In some mathematical algorithm schemes, it is possible for the user to provide the server with a static key for use as an encryption key, by only sending a one-time password.<ref name=":0">[https://defuse.ca/eotp.htm EOTP β Static Key Transfer]. Defuse.ca (July 13, 2012). Retrieved on 2012-12-21.</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)