What is OTP

OTP (one-time password) as the name says a password that can be only used one time.it  is a password that is valid for only one login session or one transaction on a computer system or digital device.

OTP is safe because the password keeps on changing.The main advantage of OTP is that it is valid for a single transaction and can not be reused since its no longer valid.

There can be two type of OTP generating devices

1.Hardware Tokens: for example RSA SecurID, SAFEID etc.

2.Software Tokens: for example Google Authenticator,LastPass Authenticator etc.

There is two main standard for generating One-Time Passwords:

1.HOTP(Hmac-based One-Time Password) Algorithm

2.TOTP (Time based One Time Password) Algorithm

HOTP(Hmac-based One-Time Password) Algorithm:This type of OTP generating algorithm uses a shared secret and a moving factor(counter). This algorithm is event-based, meaning whenever a new OTP is generated, the moving factor is incremented, hence generating a different password each time.At last an HmacSHA1 is calculated as OTP.

TOTP (Time based One Time Password) Algorithm: TOTP algorithm works similar to HOTP: it also uses a shared secret and a moving factor,In case of TOTP, he moving factor constantly changes based on the time passed. it also calculates an HmacSHA1 in the same way as with HOTP.

Which is better:The main difference between HOTP and TOTP is that the HOTP password is valid for an unknown amount of time, while the TOTP password keep on changing and are only valid for a short time.Because of this difference TOTP is considered as a more secure OTP.


Posted in Java | Leave a comment