A one-time password (OTP), also known as a one-time PIN, one-time passcode, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid several shortcomings that are associated with traditional (static) password-based authentication; a number of implementations also incorporate two-factor authentication by ensuring that the one-time password requires access to something a person has (such as a small keyring fob device with the OTP calculator built into it, or a smartcard or specific cellphone) as well as something a person knows (such as a PIN).
OTP generation algorithms typically make use of pseudorandomness or randomness to generate a shared key or seed, and cryptographic hash functions, which can be used to derive a value but are hard to reverse and therefore difficult for an attacker to obtain the data that was used for the hash. This is necessary because otherwise, it would be easy to predict future OTPs by observing previous ones.
OTPs have been discussed as a possible replacement for, as well as an enhancer to, traditional passwords. On the downside, OTPs can be intercepted or rerouted, and hard tokens can get lost, damaged, or stolen. Many systems that use OTPs do not securely implement them, and attackers can still learn the password through phishing attacks to impersonate the authorized user.
The most important advantage addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks. This means that a potential intruder who manages to record an OTP that was already used to log into a service or to conduct a transaction will not be able to use it, since it will no longer be valid.[1] A second major advantage is that a user who uses the same (or similar) password for multiple systems, is not made vulnerable on all of them, if the password for one of these is gained by an attacker. A number of OTP systems also aim to ensure that a session cannot easily be intercepted or impersonated without knowledge of unpredictable data created during the previous session, thus reducing the attack surface further.
There are also different ways to make the user aware of the next OTP to use. Some systems use special electronic security tokens that the user carries and that generate OTPs and show them using a small display. Other systems consist of software that runs on the user's mobile phone. Yet other systems generate OTPs on the server-side and send them to the user using an out-of-band channel such as SMS messaging. Finally, in some systems, OTPs are printed on paper that the user is required to carry.
In some mathematical algorithm schemes, it is possible for the user to provide the server with a static key for use as an encryption key, by only sending a one-time password.[2]
Concrete OTP algorithms vary greatly in their details. Various approaches for the generation of OTPs include:
A time-synchronized OTP is usually related to a piece of hardware called a security token (e.g., each user is given a personal token that generates a one-time password). It might look like a small calculator or a keychain charm, with an LCD that shows a number that changes occasionally. Inside the token is an accurate clock that has been synchronized with the clock on the authentication server. On these OTP systems, time is an important part of the password algorithm, since the generation of new passwords is based on the current time rather than, or in addition to, the previous password or a secret key. This token may be a proprietary device, or a mobile phone or similar mobile device which runs software that is proprietary, freeware, or open-source. An example of a time-synchronized OTP standard is time-based one-time password (TOTP). Some applications can be used to keep time-synchronized OTP, like Google Authenticator or a password manager.
See main article: article and Hash chain.
Each new OTP may be created from the past OTPs used. An example of this type of algorithm, credited to Leslie Lamport, uses a one-way function (call it
f
s
f(s)
f(f(f(\ldotsf(s)\ldots)))
f1000(s)
p
f
f999(s)
f(p)
f1000(s)
p
f998(s)
f999(s)
p
p
f
s
s
x
x
f-1
f
f
The use of challenge–response one-time passwords requires a user to provide a response to a challenge. For example, this can be done by inputting the value that the token has generated into the token itself. To avoid duplicates, an additional counter is usually involved, so if one happens to get the same challenge twice, this still results in different one-time passwords. However, the computation does not usually involve the previous one-time password; that is, usually, this or another algorithm is used, rather than using both algorithms.
A common technology used for the delivery of OTPs is text messaging. Because text messaging is a ubiquitous communication channel, being directly available in nearly all mobile handsets and, through text-to-speech conversion, to any mobile or landline telephone, text messaging has a great potential to reach all consumers with a low total cost to implement. OTP over text messaging may be encrypted using an A5/x standard, which several hacking groups report can be successfully decrypted within minutes or seconds.[4] [5] [6] [7] Additionally, security flaws in the SS7 routing protocol can and have been used to redirect the associated text messages to attackers; in 2017, several O2 customers in Germany were breached in this manner in order to gain access to their mobile banking accounts. In July 2016, the U.S. NIST issued a draft of a special publication with guidance on authentication practices, which discourages the use of SMS as a method of implementing out-of-band two-factor authentication, due to the ability for SMS to be intercepted at scale.[8] [9] Text messages are also vulnerable to SIM swap scams—in which an attacker fraudulently transfers a victim's phone number to their own SIM card, which can then be used to gain access to messages being sent to it.[10] [11]
RSA Security's SecurID is one example of a time-synchronization type of token, along with HID Global's solutions. Like all tokens, these may be lost, damaged, or stolen; additionally, there is an inconvenience as batteries die, especially for tokens without a recharging facility or with a non-replaceable battery. A variant of the proprietary token was proposed by RSA in 2006 and was described as "ubiquitous authentication", in which RSA would partner with manufacturers to add physical SecurID chips to devices such as mobile phones.
Recently, it has become possible to take the electronic components associated with regular keyfob OTP tokens and embed them in a credit card form factor. However, the thinness of the cards, at 0.79mm to 0.84mm thick, prevents standard components or batteries from being used. Special polymer-based batteries must be used which have a much lower battery life than coin (button) cells. Semiconductor components must not only be very flat but must minimise the power used in standby and when operating.
Yubico offers a small USB token with an embedded chip that creates an OTP when a key is pressed and simulates a keyboard to facilitate easily entering a long password.[12] Since it is a USB device it avoids the inconvenience of battery replacement.
A new version of this technology has been developed that embeds a keypad into a payment card of standard size and thickness. The card has an embedded keypad, display, microprocessor and proximity chip.
On smartphones, one-time passwords can also be delivered directly through mobile apps, including dedicated authentication apps such as Authy and Google Authenticator, or within a service's existing app, such as in the case of Steam. These systems do not share the same security vulnerabilities as SMS, and do not necessarily require a connection to a mobile network to use.[13] [14] [15]
In some countries' online banking, the bank sends to the user a numbered list of OTPs that is printed on paper. Other banks send plastic cards with actual OTPs obscured by a layer that the user has to scratch off to reveal a numbered OTP. For every online transaction, the user is required to enter a specific OTP from that list. Some systems ask for the numbered OTPs sequentially, others pseudorandomly choose an OTP to be entered.
When correctly implemented, OTPs are no longer useful to an attacker within a short time of their initial use. This differs from passwords, which may remain useful to attackers years after the fact.
As with passwords, OTPs are vulnerable to social engineering attacks in which phishers steal OTPs by tricking customers into providing them with their OTPs. Also like passwords, OTPs can be vulnerable to man-in-the-middle attacks, making it important to communicate them via a secure channel, for example Transport Layer Security.
The fact that both passwords and OTP are vulnerable to similar kinds of attacks was a key motivation for Universal 2nd Factor, which is designed to be more resistant to phishing attacks.
OTPs which don't involve a time-synchronization or challenge–response component will necessarily have a longer window of vulnerability if compromised before their use. In late 2005 customers of a Swedish bank were tricked into giving up their pre-supplied one-time passwords.[16] In 2006 this type of attack was used on customers of a US bank.[17]
Many OTP technologies are patented. This makes standardization in this area more difficult, as each company tries to push its own technology. Standards do, however, exist – for example, RFC 1760 (S/KEY), RFC 2289 (OTP), RFC 4226 (HOTP) and RFC 6238 (TOTP).
A mobile phone itself can be a hand-held authentication token.[18] Mobile text messaging is one of the ways of receiving an OTAC through a mobile phone. In this way, a service provider sends a text message that includes an OTAC enciphered by a digital certificate to a user for authentication. According to a report, mobile text messaging provides high security when it uses public key infrastructure (PKI) to provide bidirectional authentication and non-repudiation, in accordance with theoretical analysis.[19]
SMS as a method of receiving OTACs is broadly used in our daily lives for purposes such as banking, credit/debit cards, and security.[20] [21] [22]
There are two methods of using a telephone to verify a user’s authentication.
With the first method, a service provider shows an OTAC on the computer or smartphone screen and then makes an automatic telephone call to a number that has already been authenticated. Then the user enters the OTAC that appears on their screen into the telephone keypad.[23]
With the second method, which is used to authenticate and activate Microsoft Windows, the user call a number that is provided by the service provider and enters the OTAC that the phone system gives the user.[24]
In the field of computer technology, it is known that using one-time authorization code (OTAC) through email, in a broad sense, and using one-time authorization code (OTAC) through web-application, in a professional sense.
It is possible to send OTACs to a user via post or registered mail. When a user requests an OTAC, the service provider sends it via post or registered mail and then the user can use it for authentication. For example, in the UK, some banks send their OTAC for Internet banking authorization via post or registered mail.[27]
Quantum cryptography, which is based on the uncertainty principle is one of the ideal methods to produce an OTAC.[28]
Moreover, it has been discussed and used not only using an enciphered code for authentication but also using graphical one time PIN authentication[29] such as QR code which provides decentralized access control technique with anonymous authentication.[30] [31]