What is a one-time password? Definition from SearchSecurity

A one-time password is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login session.
An OTP is more secure than a static password, especially a user-created password, which can be weak and reused across multiple accounts.
OTPs might replace traditional authentication login information or may be used in addition to it to add another layer of security.
OTP security tokens are microprocessor-based smart cards or pocket-size key fobs that produce a numeric or alphanumeric code to authenticate access to the system or transaction.
Mobile device apps, such as Google Authenticator, rely on the token device and PIN to generate the one-time password for two-step verification.
Unlike traditional passwords that remain static or expire every 30 to 60 days, the one-time password is used for one transaction or login session.
When an unauthenticated user attempts to access a system or perform a transaction on a device, an authentication manager on the network server generates a number or shared secret, using one-time password algorithms.
The same number and algorithm are used by the security token on the smart card or device to match and validate the one-time password and user.
The temporary passcode is obtained out of band through cellphone communications after the user enters his username and password on networked information systems and transaction-oriented web applications.
For two-factor authentication, the user enters a user ID, traditional password and temporary passcode to access the account or system.
In OTP-based authentication methods, the user's OTP app and the authentication server rely on shared secrets.
A moving factor, such as time-based information - e.g., a time-based OTP - or an event counter that tracks the number of authorization attempts - e.g., HMAC-based OTP. The OTP values have minute or second timestamps for greater security.
The one-time password can be delivered to a user through several channels, including an SMS-based text message, an email or a dedicated application on the endpoint.
Security professionals have long been concerned that SMS message spoofing and man-in-the-middle attacks can be used to break 2FA systems that rely on one-time passwords.
The U.S. National Institute of Standards and Technology considered deprecating SMS for 2FA and one-time passwords in 2016.
Experts such as those at NIST recommend enterprises consider one-time password delivery methods besides SMS - and avoid delivering OTPs via SMS to email addresses or VoIP numbers, which cannot prove device possession.
The one-time password avoids some common pitfalls of password security.
With OTPs, IT administrators and security managers do not have to worry about composition rules, known-bad and weak passwords, sharing of credentials or reuse of the same password on multiple accounts and systems.
Another advantage of one-time passwords is that they become invalid in minutes - in the case of TOTPs - or once they have been used - in the case of HOTPs.
In this way, one-time passwords prevent attackers from obtaining the secret codes and reusing them.


This Cyber News was published on www.techtarget.com. Publication date: Thu, 28 Dec 2023 17:13:04 +0000


Cyber News related to What is a one-time password? Definition from SearchSecurity

What is a one-time password? Definition from SearchSecurity - A one-time password is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login session. An OTP is more secure than a static password, especially a user-created password, ...
11 months ago Techtarget.com
Best Password Generators of 2024 to Secure Your Accounts - Overview of best password generators to secure online accounts. We have various password generators to help us protect our accounts and practical barriers to protect our sensitive information. We have compiled this list of the best password ...
6 months ago Cyberdefensemagazine.com
Adobe Real-Time CDP: Personalized Customer Experience - Adobe Experience Cloud Products like Adobe Real-Time CDP are available to assist. A revolutionary solution called Adobe Real-Time Customer Data Platform was created to assist companies in realizing the whole value of their customer data. Adobe ...
11 months ago Hackread.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Password Advice for the Rest of Us - Cisco Blogs - The key function you’re wanting out of a password manager is the ability to create passwords that are at least twenty (20) characters long, with all the typical mix of letters, numbers and symbols, as well as the ability to create a unique password ...
2 months ago Feedpress.me
Understand the pros and cons of enterprise password managers - To counter these threats, corporate IT security teams are turning to business-grade password managers to help centralize and streamline password and credential management. A password manager is a credential vault that gives IT teams a unified digital ...
10 months ago Techtarget.com
How to Share a Wi-Fi Password: A Step-by-Step Guide - You can unsubscribe at any ...
2 months ago Techrepublic.com
Securden Password Vault Review 2024: Security, Pros & Cons - Securden Password Vault is a password management solution geared towards supervising multiple accounts and sensitive login credentials. Yes, Securden Password Vault can be accessed for free. If you're looking for an enterprise-level password solution ...
10 months ago Techrepublic.com
6 Best Enterprise Password Managers for 2024 Rated - Password managers are security tools that store, manage, and share authorization credentials safely for individual users and groups. In this article, I evaluate the top password managers and their ability to deliver and support solutions for ...
9 months ago Esecurityplanet.com
Open Source Password Managers: Overview, Pros & Cons - There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source ...
9 months ago Techrepublic.com
Protect your Active Directory from these Password-based Vulnerabilities - Deploying a security solution like Specops Password Policy enhances the protection of passwords, which are frequently exploited as an initial entry point by attackers. In this attack, the perpetrator, typically using a compromised low-level account ...
1 year ago Bleepingcomputer.com
Top 6 LastPass Alternatives for 2024 - LastPass is a popular choice for managing passwords and sensitive information for individuals and businesses. While the tool still enjoys global patronage, it's not a bad idea to consider other password managers that can serve as worthy alternatives ...
10 months ago Techrepublic.com
Helping to keep the lights on in Ukraine in the face of electronic warfare - Ukraine's high-voltage electricity substations rely on GPS for time synchronization. Many of Ukraine's high-voltage electrical substations - which play a vital role in the country's domestic transmission of power - make extensive use of the ...
1 year ago Blog.talosintelligence.com
Why Cybersecurity Businesses Need a Real-Time Collaboration Tool - When the Cybercrime in a Pandemic World study was released in late 2021, the report noted that cybersecurity threats had risen 81% since the coronavirus raised its ugly head. It was a time of restrictive lockdowns, stay-at-home orders, and mask ...
1 year ago Hackread.com
Researchers crack 11-year-old password, recover $3 million in bitcoin - Michael, who is based in Europe and asked to remain anonymous, stored the cryptocurrency in a password-protected digital wallet. He generated a password using the RoboForm password manager and stored that password in a file encrypted with a tool ...
6 months ago Packetstormsecurity.com
What is identity management? Definition from SearchSecurity - Identity management is the organizational process for ensuring individuals have the appropriate access to technology resources. Identity management is an essential component of security. Identity management includes authenticating users and ...
8 months ago Techtarget.com
How long does it take to crack a password in 2024? - With AI entering the game, the time to brute force passwords has been reduced significantly already and continues to be reduced. ADVERTISEMENT. Password guidelines and rules have not changed all that much for users in the past ten or so years, ...
7 months ago Ghacks.net
Most common passwords: 70% can be cracked in less than a second - Racking your brains to come up with a strong password can be a pain. NordPass, the password management tool from the team behind NordVPN, partnered with independent researchers to release its study of the 200 most common passwords used in 2023. Of ...
1 year ago Cnbc.com
Secure Password Hashing in Java - In the domain of digital security, password hashing stands as a critical line of defense against unauthorized access. The landscape of hashing algorithms has evolved significantly, with some methods becoming obsolete and newer, more secure techniques ...
11 months ago Feeds.dzone.com
CVE-2023-6194 - In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML ...
1 year ago Tenable.com
Beyond the Noise: Appreciating the Quiet Work of Effective Doers - In many cases, few, if any, are aware of the work that they do and how important it is. We as an industry are long overdue in appreciating those who talk little but deliver big for us time and time again. Getting things done requires more than talk - ...
1 year ago Securityweek.com
DevSecOps: Definition, Benefits and Best Practices - DevSecOps is an approach that focuses on the alignment of the three core pillars of DevOps — Development, Operations, and Security. It’s a combination of processes, tools and practices designed to enable organizations to adopt innovative and ...
1 year ago Heimdalsecurity.com
CVE-2022-31163 - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to ...
2 years ago
What is the NIST Cybersecurity Framework? Definition from SearchSecurity - The NIST Cybersecurity Framework provides guidance on how to manage and reduce IT infrastructure security risk. NIST created the CSF to help private sector organizations in the United States develop a roadmap for critical infrastructure ...
11 months ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)