One-time passwords (OTPs) are passwords that are valid for only one login session or transaction, on a computer system or other digital device. OTPs are automatically generated numeric or alphanumeric strings of characters that authenticate a user for a single transaction or login session. OTPs are more secure than static passwords, especially user-created passwords, which can be weak and/or reused across multiple accounts. OTPs avoid several shortcomings that are associated with traditional (static) password-based authentication; a number of implementations also incorporate two-factor authentication by ensuring that the one-time password requires access to something a person has (such as a small keyring fob device with the OTP calculator built into it, or a smartcard or specific cellphone) as well as something a person knows (such as a PIN) .
OTPs may replace authentication login information or may be used in addition to it to add another layer of security. OTPs can be generated by hardware OTP tokens, mobile device apps, or other software. The OTP values have minute or second timestamps for greater security. While OTPs provide an extra layer of security over static passwords, there are still security issues. The whole concept of the OTP is based on the fact that the authentication server is reaching out to the person to confirm that they indeed are trying to log in, but attackers are good at circumventing these security systems.
