What is the OTP code?
Online shopping and e-banking transactions have been on the rise in recent years. In view of the risk of fraud, increasingly secure methods have been developed to be able to verify the identity of the payers and ensure that they are authorised persons. This is where the OTP comes in.
What is it?
The OTP code is a single-use password (an acronym for: One-Time Password), also known as password or dynamic password. It is used as a second authentication factor in addition to the commonly used username and password. It is only valid once so, even if an attacker managed to get hold of it, they would not be able to reuse it.
What are one-time passwords used for?
It is used in environments that require a high level of security that static passwords alone cannot achieve. Some examples of this type of environment are the well-known electronic banks.
How do these confirmation codes work?
Tokens are the most widespread implementation of this type of second authentication factor. When the user attempts to perform a transaction covered by OTP, the token or mechanism generates a dynamic password in order to authenticate the user.
Tokens are primarily deployed in three different ways:
- A small physical device with a screen that displays the one-time password.
- An application on the user's Smart phone.
- Or by sending an SMS or email to the user.
This type of authentication is common in online banking as well as in applications such as Office 365/Outlook, Gmail, Linkedin, although in most of these their use is optional and configurable. OTP mechanisms increase user confidence and security of online applications and transactions.