Updated: Nov 22, 2020
What is an OTP?
An OTP (One Time Password) is a password valid only once and for a limited amount of time usually 30 seconds for more sensitive applications to 1 day for less sensitive applications. A randomly generated string of characters will be sent to your mobile number or email which can be used to authenticate to an application. The general idea of OTP is to add second level authentication to stay ahead of cybercrimes to protect your data. Often called a second-factor authentication code.
How safe is OTP
OTP is considered a secure and safe way to authenticate a service. The idea is by generating a random string called OTP which is sent to the user trying to authenticate into the application or service to his/her email or mobile number registered with the service. This challenge helps to identify if the user is authorized to use the application or service.
The risk of fraud is limited when the user has to input a second password. OTP provides much better protection to e-banking, corporate networks, and other systems containing more sensitive data.
Imagine if someone knows your username or password, by using OTP or second factor, a 3rd input to the system is required to authenticate the application or service which is known to you the risk unauthorized access is denied.
How OTPs are generated
There are various approaches in generating OTP and are listed below
Based on time-synchronization between the authentication server and the client providing the password (OTPs are valid only for a short period of time). Each user is given a physical (looks like a small calculator) or app-based personal token that shows the OTP and each token is valid only for a very short period.
Using a mathematic algorithm to generate a new password based on the previous password. Here each new OTP is created based on the past OTP by using the hash function.
Using a mathematic algorithm where the new password is based on a challenge (a random number chosen by the authentication server or transaction details) and/or a counter.