A one-time password (OTP) is a password that is only valid for one session or transaction. Unlike traditional static passwords, one-time passwords are not vulnerable to replay attacks. This means that if a potential intruder manages to record an OTP that was already used to log into a service or to conduct a transaction, he or she will not be able to use it again since the password is no longer valid. One-time password generations are random which make them hard to predict. There are different ways to make the user aware of an OTP. Some systems use electronic tokens that the user carries that generate a one-time password and show them using a small display. Other systems focus on software that run on a user’s mobile phone and there are systems that generate one-time passwords on the server side and then send them to the user using an out-of-band channel such as SMS messaging.
- Authentication Token
- Two Factor Authentication Token
- Out-of-Band Authentication
- Basic Authentication
- Strong Password