what is an otp code

A one-time password (OTP) is a password that is valid for only one login session or transaction. It is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login. OTPs are used to provide an additional layer of security to the authentication process, minimizing the risk of fraudulent login attempts and maintaining high security. OTPs can be generated in several ways, including mobile device apps, smart cards, or pocket-size key fobs. The secret code changes every 30 or 60 seconds, depending on how the token is configured. OTPs are used when a transaction needs additional security or an alternative method of proving a customer’s identity. The OTP values are generated using the Hashed Message Authentication Code (HMAC) algorithm and a moving factor, such as time-based information (TOTP) or an event counter (HOTP) . When correctly implemented, OTPs are no longer useful to an attacker within a short time of their initial use.