How is a one-time password generated?
- For OTPs valid only for a short period of time, generation is based on time-synchronization between the authentication server and the client providing the password.
- For OTPs that are to be used in a predefined order, a mathematical algorithm is used to generate a new password based on the previous password.
- For random OTPs, a mathematical algorithm is used where the new password is based on a challenge. A random number is chosen by the authentication server.
Read About: Correctly Configure Two-Factor Authentication before you’re locked out of your own account
Receiving the generated OTP
SMS is the commonest technology used for the delivery of OTPs . This is particularly because text messaging is available on almost all mobile handsets and it has a great potential to reach mass numbers of clients at a low total cost to implement. This however requires you to have a connection with a mobile network, which might corrupt the security of the system.
Via smartphones, a one-time password can also be delivered directly through mobile apps, or within a service’s existing app. These systems do not share the same security vulnerabilities as SMS, and do not necessarily require a connection to a mobile network to use, as they are internet-based.
How OTPs work
In order for a user to successfully log into a system that utilizes OTPs, the following sequence of events would occur:
- The user logs into the system with a user name and password.
- The system verifies that the password matches.
- The system then sends the user a request for the OTP on his phone number by SMS, email or voice call.
- The User types in the current OTP before the device cycles to a new OTP.
- The system verifies OTP matches with the phone number that was registered to that user.
- The user is granted access to the system
OTPs are more likened to two-factor authentication, where it is not likely that both layers of the authentication would be hindered by somebody using only one type of attack.
Discover more from Dignited
Subscribe to get the latest posts sent to your email.