Definition

one-time password token (OTP token)

Contributor(s): Matthew Haughn

A one-time password token (OTP token) is a security hardware device or software program that is capable of producing a single-use password or PIN passcode.

One-time password tokens are often used as a part of two-factor and multifactor authentication. The use of one-time password tokens hardens a traditional ID and password system by adding another, dynamic credential.

Depending upon the vendor, an OTP token will generate a PIN synchronously or asynchronously. Synchronous tokens use a secret key and time to create a one-time password. Asynchronous tokens use a challenge-response authentication mechanism (CRAM).

In the past, OTP security tokens were usually pocket-size fobs with a small screen that displayed a number. The number changed every 30 or 60 seconds, depending on how the token is configured and the user entered his or her user name and password, plus the number displayed on the token.

Today, OTP tokens are often software-based, and the passcode generated by the token is displayed on the user's smartphone screen. Software tokens make it easier for mobile users to enter authentication information and not have to keep track of a separate piece of hardware.

This was last updated in December 2014

Next Steps

Multifactor authentication is especially important when it comes to protecting enterprise data. Knowing how to secure one-time password tokens to implement them in an MFA scenario will keep corporate data safe in the long-run. Understand how to distribute OTP to employees so that systems aren’t left open for attack.

Continue Reading About one-time password token (OTP token)

Dig Deeper on Web authentication and access control

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close