As the name suggests itself, OTP or One-time password can be used only once. And is valid for the particular time. Let us understand what OTP is and how it works.
Definition: What is OTP?
An OTP is a randomly generated password which can only be used once time. I send this password to your registered mobile number and/or email address.
Why Is It Secure Than Static Password?
As static passwords can easily be compromised because of most of the users never set it a strong one. Contrary to the static password as it generates only the OTP for the short time, this makes it more secure. It is mostly 6 digits long.
They can compromise a static password in this way: phishing, a man in the middle attack, keyboard logging and more. This makes it weaker than the One Time Password system.
We can get the One Time Password several times and each time it displays random numbers. And it is valid for 1-2 minutes.
How OTP Works?
The website asks the users to enter their mobile number for verification. When the user enters his/her mobile number, a random sequence of digits is generated and gets send to that number. The OTP delivery gets done through Bulk SMS services which are available online. Once the user gets the code and enters it on the site, the validation is done.
If we consider the TOTP or Time-Based OTP, where the OTP to get generated depends on the current timestamp, and a secret key. The OTPs generated using this implementation is a little similar when are generated at the same time because of a timestamp. And the secret key makes it differ from each other.
Other One Time Password authentication processes are hardware tokens, software tokens.
Two Factor Authentication
In two factor OTP authentication, there is an Authentication Manager which validates the OTP submitted by the user. The Manager and the hardware/software tokens use the same algorithm which makes it possible to match the OTPs on both the Manager side and User side.
Working Of Two Factor Authentication OTP
- User Enters Username and OTP
- Middleware receives the data and passes to Manager
- The manager responds to the Middleware whether One-Time Password is correct
- The Middleware then allows or deny the service based on the Manager’s response.
The best example is ATM system where the Hardware token (card) and Software token (PIN) is used.
Also Read: How CPUs are made! Explained Everything.