Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Authenticator
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
====OATH OTP==== [[File:Aegis Authenticator 3.2 screenshot.png|thumb|upright=1.1|Example of one-time passwords]] One-time passwords (OTPs) have been used since the 1980s.{{citation needed|date=March 2019}} In 2004, an Open Authentication Reference Architecture for the secure generation of OTPs was announced at the annual [[RSA Conference]].<ref>{{cite web |last1=Kucan |first1=Berislav |title=Open Authentication Reference Architecture Announced |url=https://www.helpnetsecurity.com/2004/02/24/open-authentication-reference-architecture-announced/ |publisher=Help Net Security |access-date=26 March 2019 |date=24 February 2004}}</ref><ref>{{cite web |title=OATH Specifications and Technical Resources |url=https://openauthentication.org/specifications-technical-resources/ |publisher=[[Initiative for Open Authentication]] |access-date=26 March 2019}}</ref> The [[Initiative for Open Authentication]] (OATH) launched a year later.{{citation needed|date=March 2019}} Two IETF standards grew out of this work, the [[HMAC-based One-time Password algorithm|HMAC-based One-time Password (HOTP) algorithm]] and the [[Time-based One-time Password algorithm|Time-based One-time Password (TOTP) algorithm]] specified by RFC 4226 and RFC 6238, respectively. By OATH OTP, we mean either HOTP or TOTP. OATH certifies conformance with the HOTP and TOTP standards.<ref name="OATH-cert">{{cite web |title=OATH Certification |url=https://openauthentication.org/oath-certification/ |publisher=The [[Initiative for Open Authentication]] (OATH) |access-date=3 February 2019}}</ref> A traditional password (''something that one knows'') is often combined with a one-time password (''something that one has'') to provide two-factor authentication.<ref name="Hoffman-Andrews and Gebhart 2017">{{cite web |last1=Hoffman-Andrews |first1=Jacob |last2=Gebhart |first2=Gennie |title=A Guide to Common Types of Two-Factor Authentication on the Web |url=https://www.eff.org/deeplinks/2017/09/guide-common-types-two-factor-authentication-web |publisher=[[Electronic Frontier Foundation]] |access-date=26 March 2019 |date=22 September 2017}}</ref> Both the password and the OTP are transmitted over the network to the verifier. If the password agrees with the previously shared secret, and the verifier can confirm the value of the OTP, user authentication is successful. One-time passwords are generated on demand by a dedicated OATH OTP authenticator that encapsulates a secret that was previously shared with the verifier. Using the authenticator, the claimant generates an OTP using a cryptographic method. The verifier also generates an OTP using the same cryptographic method. If the two OTP values match, the verifier can conclude that the claimant possesses the shared secret. A well-known example of an OATH authenticator is [[Google Authenticator]],<ref name="Google-Authenticator">{{cite web |title=Google Authenticator |website=[[GitHub]] |url=https://github.com/google/google-authenticator/wiki |access-date=3 February 2019}}</ref> a phone-based authenticator that implements both HOTP and TOTP.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)