What is a One-Time Password (OTP)?
A one-time passcode or password (OTP) is a code that is valid for only one login session or transaction. An OTP is typically sent via SMS to a mobile phone, and they are frequently used as part of two-factor authentication (2FA). The NIST organization has recently deprecated SMS as a weak form of 2FA and encourages other approaches for strong 2FA.Back to Glossary
How do one-time passwords work?
OTPs are delivered in many ways, usually via an object the user carries with him, such as his mobile phone (using SMS or an app), a token with an LCD-display, or a security key. OTP technology is compatible with all major platforms (desktop, laptop, mobile) and legacy environments, making it a very popular choice among second-factor protocols.
Are there any limitations to traditional OTP?
•Users need to type codes during their login process.
•Manufacturers often possess the seed value of the tokens.
•Administrative overhead resulting from having to set up and provision devices for users.
•The technology requires the storage of secrets on servers, providing a single point of attack
Are there additional advantages to 2-factor authentication when using Yubico OTP?
No client software needed. The OTP is just a string. If you can send a password, you can send an OTP.Read More
Easy to implement. Using YubiCloud, supporting Yubico OTP is not much harder than supporting regular passwords.Read more
YubiKey ID embedded in OTP. This allows for self-provisioning, as well as authenticating without a username.Read more