For the most part, these are very reliable authentication tools. They can be the second factor in a two-factor authentication system, which means they provide an extra layer of protection over a single-factor authentication system.
Two-factor authentication, as the name suggests, uses two factors to authenticate a user. A factor can be any one of the following three: something you know, as in a user ID and password, something you have, such as a OTP or smart card, or something you are, which is a personal characteristic like your fingerprint or voice recording. The idea being that combining two factors makes it more difficult for a malicious user to crack your system. If an attacker breaks one authentication factor, they're only halfway there and still have to crack the second factor to break into your system.
An OTP augments a user ID and password system by providing an extra dynamic password, so to speak. User IDs and passwords are static. If they remain unchanged, a hacker can steal them and use them at any time. Therefore, the user or administrator has to change them frequently. An OTP, on the other hand, changes every 30 to 60 seconds. The attacker would have to use a script that could quickly guess the right number among the millions of possible numbers displayed on the device to break into the system.
The network server has proprietary software from the OTP token manufacturer, like RSA and Vasco, that synchronizes the token with the server.
There is some debate within the information security community about the reliability of OTP tokens for authentication. Critics claim a hacker can defeat the device with a man-in-the middle (MITM) attack, which is when a hacker intercepts the token value in real time, along with the user ID and password. The However, again this attacker would have to act fast and use the OTP value within the short timeframe -- between 30 and 60 seconds. Despite this possibility, OTP tokens are still widely regarded as reliable for two-factor authentication.
For More Information:
Related Q&A from Joel Dubin, past SearchSecurity.com expert
The security of RFID chips and smart cards may not be fully mature, but there are best practices to keep facilities safe. Identity and access ...continue reading
Picture passwords for mobile device security aren't a new idea, but they have been recently improved. Identity and access management expert Joel ...continue reading
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.