one-time password (OTP)

Contributor(s): Ivy Wigmore

A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or session.

An OTP is more secure than a static password, especially a user-created password, which is typically weak. OTPs may replace authentication login information or may be used in addition to it, to add another layer of security. 

OTP tokens are usually pocket-size fobs with a small screen that displays a number. The number changes every 30 or 60 seconds, depending on how the token is configured. For two-factor authentication, the user enters his user ID, PIN and the OTP to access the system. 

OTP mobile apps are also available.


This was last updated in September 2013

Next Steps

Multifactor authentication is especially important when it comes to protecting enterprise data. Knowing how to secure one-time password tokens to implement them in an MFA scenario will keep corporate data safe in the long-run. Understand how to distribute OTP to employees so that systems aren’t left open for attack.

Continue Reading About one-time password (OTP)

Dig Deeper on Web authentication and access control

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Do you use one-time passwords in your organization?
As an IT expert, I can never overemphasize the importance of safe passwords. While a combination of numbers and letters are essential, passwords must be changed on a frequent and periodic basis. With foreign intrusion and digital terrorism soaring at alarming rates, one time passwords are crucial for existing and new organizations. Whether via manual or recurring methods, one time passwords can truly protect your most intricate and detailed information.
My organization did this years ago, but actually moved away from it. I don't know of all of the reasons, but I can say that those little fob things were definitely easy to lose.
These seemed popular awhile ago, especially as one-time credit cards for use online. As paypal becomes more popular, I see less of them. Two-factor authentication and biometric seem more reasonable as next steps.
For the time being, two-step authentication seems like the best approach. A PITA when time is short, but worth the effort. Looking forward, biometrics seem like a more likely future option, but only until someone figures out how to spoof it. 


File Extensions and File Formats

Powered by: