One-Time Password

A One-Time Password (OTP) is a unique, temporary code generated for a single login session or transaction. OTPs are commonly used as an additional layer of security in two-factor Authentication (2FA) and multi-factor Authentication (MFA) systems, helping to prevent unauthorised access by adding a dynamic credential that expires shortly after use.

OTPs are generated through Algorithms that produce unique codes each time a user requests them. Unlike static passwords, OTPs change frequently and are valid for only a short period of time or a single use. This makes them highly resistant to Replay Attacks and credential theft, as stolen OTPs quickly become useless once used or expired.

The purpose of OTPs is to enhance security by providing a second form of Authentication that attackers cannot easily reuse. Even if an attacker obtains a user's static password, they would still need the OTP to complete the login process, adding a significant barrier against unauthorised access.

OTPs are typically delivered through various channels, such as SMS, email, or authenticator apps (e.g., Google Authenticator). When a user attempts to log in, they enter their static password and the OTP generated at that moment. The system verifies the OTP, ensuring it matches the expected value and that it has not expired. OTPs may be generated using Algorithms like the Time-based One-Time Password (TOTP) or HMAC-based One-Time Password (HOTP).

Examples of OTP use include online banking systems that send OTPs via SMS to authorise transactions, authenticator apps that generate rotating codes, and hardware tokens that display OTPs. These mechanisms provide a second layer of security to protect against common attacks, such as password theft or Phishing.

While OTPs greatly improve security, certain methods, such as SMS-based delivery, can be vulnerable to interception through SIM-swapping attacks. Additionally, reliance on mobile devices or tokens may lead to access issues if the device is unavailable. Organisations should consider using secure delivery methods and providing backup Authentication options to mitigate these risks.