How OTP (One Time Password) take effect on:-
OTP is short for One Time Password and is a system that generates unique passwords which are valid only once, per user or session. This is a high level view of what happens:
User Request:
User logging in, or enacting an action that necessitates increased security (e.g. performing a banking transaction; two-factor authentication). The service apparently prompts you for a password…and possibly an OTP as well just to be extra secure.
OTP Generation:
The Server creates a random numeric/alphanumeric code (e.g. 6~8 digits code). Which can rely on anything from algorithms including:
User enters time-based one-time password (TOTP) — e.g., 30 second valid code
HOTP (HMAC-Based One-Time Password) – The code is generated from a counter which increases when you make new request, not from time.
Delivery:
The user receives the OTP by one of many channels like sms, email or an authenticator app (e.g., Google Authenticator or Authy).
User Entry:
The user uses the OTP to validate their identity in the website or app.
Verification:
Once the OTP was generated by the app, it will be entered and compared to from server. When they match and the OTP has not expired, the user is signed in. If not, access is denied.
Expiration:
This OTP expires after a certain idle time & becomes useless. This would require a fresh OTP.
Advantages:
Improves security by requiring possession of something only a user has (i.e their phone OR token) in addition to something they know.
Decreases the chances of credential theft or replay attacks.
 Works for Online Security){kind=link}
0 Comments