Everything you need to know about OTP-One Time Password

OTP stands for One Time Password which is used to verify the user. It is the single and one time password, which cannot be used more than one time or a session.

It is used in online payment system. It is used to protect the theft and allows a greater security. This is highly useful in this digital world as we are now heavily dependent in Internet banking or mobile banking . Because internet banking/mobile banking are now used to pay the daily online utilities like phone bill or even used in online payement system. Generally OTP are 4-8 digit numeric or alphanumeric which are usually sent in authorized phone number via SMS/Voice or Email code.

A. Types of OTP:

1. SMS:

This is the most common and most useful type of OTP which is directly sent to the authenticated registered mobile number. Because of the cheaper system, it is widely used by banking institutions, security firms, ticketing system and many more. World’s top social media giants like

2. Voice:

Voice generally comes to the second choice after SMS. Voice OTP is done via the voice call on the mobile number registered. The OTP is delivered with the one way automated voice call. This call is one way, i.e we cannot have a two way conversation on this. One of the common Voice OTP service is of google’s gmail service, where google calls in the registered mobile number to share the OTP.

3. Email:

Email OTP is also on of the common way of delivering OTP’s to the users. OTP is generated and sent to the users registered email. This email OTP is generally used in resetting the password or other purposes like getting the access to the online web services.

2. What is the Validity of the OTP?

Generally, the OTP is validated for minimum 60 seconds to maximum 30 minutes but it depends upon the organization policy and security rules.

3. How OTP are generated?

OTP are generated randomly on each time so that the intruder cannot invade or predict the future codes.

The most common way for the generation of OTP defined by The Initiative For Open Authentication (OATH) is theĀ Time Based One Time Passwords (TOTP), which is a Time Synchronized OTP. In these OTP systems, time is the basic factor to generate the unique password.

The password generated is created using the current time and it also factors in a secret key. An example of this OTP generation is the Time Based OTP Algorithm (TOTP) .

The time duration is started once the requester request for OTP and the server sends the OTP. The token/OTP code is expired even if the phone is offline or the code is unused.

4. How Authenticator OTP works?

The authenticator OTP’s are like google authenticator and Microsoft authenticator. They are specially designed to provide the OTP code in real time to the user by being in the users handsets.

Fig: TOTP system of Authenticator

OTP Authenticator app generates the pre-shared key. This key may vary from at least 4 digit numeric to 8 digit alphanumeric key. This app now sends the generated key to the server and to the mobile device in real time. The users enter the OTP to get access. On the same time, the servers check if the users entered OTP is same as the provided OTP by the authenticator app. If this both key match, then the users will be validated and if not, the users will not be allowed to do the desired task.

Share this:



Leave a Reply

Your email address will not be published. Required fields are marked *