One Time Password (OTP, TOTP) : definition, examples

Cùng xem One Time Password (OTP, TOTP) : definition, examples trên youtube.

What does OTP mean?

One-time password (OTP) systems provide a mechanism for logging on to a network or service using a unique password that can only be used once, as the name suggests.

one time password

Bạn đang xem: otp meaning

The static password is the most common authentication method and the least secure. If “qwerty” is always your password, it’s time for a change.

Why is a one-time password safe?

The OTP feature prevents some forms of identity theft by making sure that a captured user name/password pair cannot be used a second time.

Typically the user’s login name stays the same, and the one-time password changes with each login.

One-time passwords (aka One-time passcodes) are a form of strong authentication, providing much better protection to eBanking, corporate networks, and other systems containing sensitive data.

Authentication answers the question: “Are you indeed Mr or Mrs. X?”

Today most enterprise networks, e-commerce sites, and online communities require only a user name and static password for login and access to personal and sensitive data.

OTP and TOTP vs. static password

Although this authentication method is convenient, it is not secure because online identity theft – using phishing, keyboard logging, man-in-the-middle attacks, and other practices – is increasing worldwide.

Strong authentication systems address the limitations of static passwords by incorporating an additional security credential, such as a temporary one-time password (OTP), to protect network access and end-users digital identities.

This adds an extra level of protection and makes it more challenging to access unauthorized information, networks, or online accounts.

Time-based One-Time Password (TOTP) changes after a set period, such as 60 seconds, for example.

In India, the mAadhaar app on your mobile phone allows you to generate a dynamic OTP instead of waiting for a one-time password to arrive. The app’s algorithm generates a dynamic OTP or TOTP. The 8-digit code is valid for 30 seconds.

It sounds simple, and it is.

Here is an example of OTP in online payment.

How are one-time passwords created?

Có thể bạn quan tâm: Cách viết mail xin việc ấn tượng để chinh phục mọi nhà tuyển dụng

Xem Thêm : [2021] – [Digital Marketing Là Gì] – Công Việc Của Digital Marketing

One-time passwords can be generated in several ways, and each one has trade-offs in terms of security, convenience, cost, and accuracy.

Grid cards

Simple methods such as transaction number lists and grid cards can provide a set of one-time passwords.

These methods offer low investment costs but are slow, difficult to maintain, easy to replicate and share, and require the users to keep track of where they are in the list of passwords.

otp tokens

Security tokens

A more convenient way for users is to use an OTP token, a hardware device capable of generating one-time passwords.

There’s more.

Some of these devices are PIN-protected, offering an additional level of security.

The user enters the one-time password with other identity credentials (typically user name and password), and an authentication server validates the logon request.

Although this is a proven solution for enterprise applications, the deployment cost can make the solution expensive for consumer applications.

Because the token must be using the same method as the server, a separate token is required for each server logon, so users need a different token for each Web site or network they use.

Smart cards and OTP

More advanced hardware tokens use microprocessor-based smart cards to calculate one-time passwords.

Smart cards have several advantages for strong authentication, including data storage capacity, processing power, portability, and ease of use.

They are inherently more secure than other OTP tokens because they generate a unique, non-reusable password for each authentication event, store personal data, and do not transmit confidential or private data over the network.

Display payment cards can even integrate an OTP generator for 2-factor authentication.

Public Key Infrastructure for OTP strong authentication

Smart cards can also include additional strong authentication capabilities such as PKI or Public Key Infrastructure certificates.

When used for PKI applications, the smart card device can provide core PKI services, including encryption, digital signature, and private key generation and storage.

Tham khảo: mẫu ghi biên bản họp chi bộ

Xem Thêm : Mẫu báo cáo thực tập

Thales smart cards support OTP strong authentication in both Java™ and Microsoft .NET environments.

Multiple form factors and connectivity options are available so that end-users have the most appropriate device for their network access requirements.

All Thales OTP devices work with the same Strong Authentication Server and are supported with a standard set of administrative tools.

Single-factor authentication (SFA)

Single-factor authentication is the traditional security process that requires a user name and password before granting access to the user.

A single compromised password was enough to take down the largest US fuel pipeline. In May 2021, a raid by the ransomware group Darkside forced the shutdown of Colonial Pipeline’s network. This attack, which created shortages, pushed up gas prices and led to a wave of panic-buying, put a spotlight on weak password protection and ransomware’s potential to disable critical infrastructure. Bloomberg (4 June 2021) reported that the company’s system was breached through a single leak password to an old VPN account used to remotely access the company’s servers. The account did not use multifactor authentication. Hackers breached Colonial’s network using just one compromised username and password. According to Bloomberg, the user may have used the same password for different accounts but it would be hard for investigators to know precisely how it’s been obtained.

Two-factor authentication (2FA)

Stronger authentication can also be implemented with two-factor authentication (2FA) or multiple-factor authentication. In these cases, the user provides two (or more) different authentication factors.

Below is another example of 2 factor-authentication in banking.

OTP SMS is a common second-factor authentication method for banks.

At the ATM, you will need your card (something you have) AND a PIN code (something you know).

In Singapore, Singpass uses Two-Factor Authentication (2FA) and end-to-end encryption of passwords to access the country’s eGovernment services securely.

Note that the European PSD2 regulation is requesting stronger customer authentication to banks and financial institutions. As a result, OTP SMS is no longer a PSD2-compliant method.

OTP markets and key industry players

The OTP segment is part of a more global two-factor authentication market evaluated at $3,5B in 2018. It will reach $8,9B by 2024, as revealed by a Market Research future study.

The OTP market is estimated at $1,5B in 2018 and will reach $3,2B by 2024.

The two-factor authentication market’s major players include Thales, Fujitsu, Suprema, OneSpan, NEC, Symantec, RSA, IDEMIA, HID, Entrust, and Google, to name a few.

The hardware OTP token authentication business is a small part of the OTP market. However, according to Research and Markets, its worldwide size is estimated at $261m for 2019 and is expected to reach $403m by 2025.

Primary customers are enterprises, banking, finance, insurance and securities, government, healthcare, and gaming.

Xem thêm: SEO là gì? 9 lưu ý quan trọng để làm SEO website thành công

Beyond OTP: More resources on authentication

  • It’s time for a change (CNN)
  • Create a more robust password (Google)
  • The password is dying.
  • Share a secret link that is available only once (One Time Secret)
  • A brief history of encryption
  • German banks move away from SMS OTP (ZD Net – 11 July 2019)
  • Learn more about biometric authentication (Thales web dossier)
  • Discover multi-factor authentication solutions from Thales
  • Behavioral biometrics in banking (for stronger authentication)
  • Learn more about silent authentication
  • Discover our 3-factor authentication smart token
  • Passwordless authentication
  • Advanced OTP in Banking: VTB24 in Russia
  • Future of identification

Nguồn: https://dongnaiart.edu.vn
Danh mục: Cẩm Nang Việc

Lời kết: Trên đây là bài viết One Time Password (OTP, TOTP) : definition, examples. Hy vọng với bài viết này bạn có thể giúp ích cho bạn trong cuộc sống, hãy cùng đọc và theo dõi những bài viết hay của chúng tôi hàng ngày trên website: Dongnaiart.edu.vn

Related Posts

Cách viết thư cảm ơn sau khi phỏng vấn chuyên nghiệp

Cách viết thư cảm ơn sau khi phỏng vấn chuyên nghiệp

Sau buổi phỏng vấn trực tiếp với nhà tuyển dụng, bạn đừng quên gửi thư cảm ơn nhé vì đơn thuần chỉ là trả lời email phỏng…

Cách khắc phục lỗi save trong word 2010 mà bạn nên biết

Cách khắc phục lỗi save trong word 2010 mà bạn nên biết

https://www.youtube.com/watch?v=lASide7oOQkCó thể bạn quan tâm học viện và đại học cái nào cao hơn Kênh phân phối là gì? Chìa khóa để phát triển chiến lược kênh…

Hướng dẫn cách ghi nhật ký chung chi tiết

Hướng dẫn cách ghi nhật ký chung chi tiết

Các số liệu kế toán được theo dõi tại các sổ kế toán. Ghi sổ kế toán theo hình thức nhật ký chung được nhiều doanh nghiệp…

20 Mẫu đoạn văn tiếng Anh về công việc tình nguyện hay nhất năm 2022

20 Mẫu đoạn văn tiếng Anh về công việc tình nguyện hay nhất năm 2022

https://www.youtube.com/watch?v=Dh_AhY48iGECó thể bạn quan tâm Listing là gì? Những điều quan trọng cần biết về listing cách viết quy trình làm việc Tiểu sử tỷ phú Bill…

Mẫu lời tri ân khách hàng hay, sâu sắc và ý nghĩa nhất 2022

Mẫu lời tri ân khách hàng hay, sâu sắc và ý nghĩa nhất 2022

https://www.youtube.com/watch?v=zvkH5Z0VN6MCó thể bạn quan tâm CHƯƠNG 3: KỸ NĂNG TƯ DUY Deep Web là gì? Deep Web ở đâu? Deep Web tốt hay xấu? Kinh doanh hộ…

6 thủ thuật excel cho dân văn phòng hữu ích, dễ thực hiện

Excel là phần mềm cực kỳ hữu ích nhất là trong công việc. Để thao tác với excel được nhanh, tiết kiệm thời gian, nâng cao năng…