OTP full form One-Time Password
A
one-time password (OTP), also known as one-time pin or dynamic password is a
password that is valid for only one login session or transaction, on a computer
system or other digital device. OTPs avoid a number of shortcomings that are
associated with traditional (static) password-based authentication; a number of
implementations also incorporate two-factor authentication by ensuring that the
one-time password requires access to something a person has (such as a small
keyring fob device with the OTP calculator built into it, or a smartcard or
specific cellphone) as well as something a person knows (such as a PIN).
Advantages:
The
most important advantage that is addressed by OTPs is that, in contrast to
static passwords, they are not vulnerable to replay attacks. This means that a
potential intruder who manages to record an OTP that was already used to log
into a service or to conduct a transaction will not be able to abuse it, since
it will no longer be valid. A second major advantage is that a user, who uses
the same (or similar) password for multiple systems, is not made vulnerable on
all of them, if the password for one of these is gained by an attacker. A
number of OTP systems also aim to ensure that a session cannot easily be intercepted
or impersonated without knowledge of unpredictable data created during the
previous session, thus reducing the attack surface further.
OTPs have been discussed as a possible replacement for, as well
as enhancer to, traditional passwords. On the downside, OTPs are difficult for
human beings to manipulate. Therefore, they require additional technology to
work.
No comments:
Post a Comment