shared secret

Contributor(s): Ivy Wigmore

A shared secret is data known to only the entities involved in a communication so that any party's possession of that data can be provided as proof of identity for authentication.

The simplest form of a shared secret is a password. Other examples include private keys, long strings of characters and random numbers. Shared secrets are used in most types of user authentication, from the simple and familiar user name and password combination to complex multifactor authentication (MFA) schemes.

For Google Authenticator's two-factor authentication (2FA) system, for example, a shared secret is established between the server and client to authorize the generation of one-time passwords (OTP) through either the time-based OTP or hash-based message authentication code (HMAC) OTP algorithm. Typically, the shared secret is initially presented to the user as a QR code on a smartphone and then saved locally. 


This was last updated in December 2014

Continue Reading About shared secret

Dig Deeper on Web authentication and access control



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats

Powered by: