In the evolution of passwords, One Time Passwords (OTPs) have become an important part of the authentication world. An OTP is just that, a password that can only be used once. Not allowing the password to be used a second time completely eliminates the possibility for an attacker to successfully use the password. The downside to OTP technology is that the proper user must be supplied with the OTP before each use. Using OTPs is not as easy as standard passwords, but the increased security outweighs the increased usability factor.
So, what are the options for getting an OTP to a user? Here are some of the options:
1. OTP via SMS
2. OTP via phone call
3. OTP via email
4. OTP via printed paper
5. OTP via Transparent Token
6. OTP via Hardware Token
OTP via SMS
During the authentication process to a resource protected by OTP security, an OTP will be sent to a pre-registered cell phone number for the user. Once the user receives the OTP it is entered into the login form and the user is authenticated. There is the possibility that the OTP might get hung up during the transmission. For this reason, there might be an additional link on the login screen that gives the user the option of requesting the OTP again. This re-request can include receiving the OTP via a different medium.
OTP via phone call
For users that might not have cell phones while they are working or they work in an environment that has limited cell phone service, having the OTP arrive on a land line with a programmed voice reciting the password is an excellent option. During the login process, the user answers their ringing phone and is read the OTP. The voice call will have the option of repeating the OTP if necessary.
OTP via email
If phone service is not an option or an additional OTP delivery method is desired, an OTP can be sent to an email address. This feature has the limitation that a user must have access to their email so it might not be the best option for a user logging into their client machine. However, for accessing applications once logged into their PC, it works very well.
OTP via printed paper
Printed OTPs are a number of OTPs that are printed to a piece of paper that an end user can carry with them. The OTPs never expire, but once used they are no longer valid. This option is very useful when a user does not have access to any phones or email. The OTPs on the piece of paper are going to have to be very carefully guarded though.
OTP via Transparent Token
This is a unique offering to many solutions in the market. A transparent token offers a way to perform multi-factor authentication by both validating the user -AND- the device they’re using. The workstation itself acts as the “token” or rather “something the user has” when unlocked by the user’s successful login to it. After installation and a one-time, automated enrollment, a client-side browser add-on automatically generates a Time-based One-time Password (TOTP) on a configurable interval and sets the value as a session-based cookie. This cookie is created for only specific websites and is encrypted using public-key cryptography to ensure only the server can decrypt it. The one-time enrollment data is created independently for each user and is securely stored in the user’s workstation profile. This ensures the data follows the user as they log into different workstations and allows multiple users to share the same workstation provided they have separate login accounts. This is an excellent form of Transparent User Authentication where it has no user interface and does not impose additional processes or steps on end-users.
OTP via Hardware Token
Although hardware or proprietary tokens have started to fall out of favor due to high cost and maintenance, they have still proven themselves as a viable option holding the largest market share and installed base in the two-factor authentication market. Hardware tokens are physical devices which provide the OTP with or without requiring the user to type it in. Some common forms of hardware tokens include USB tokens, connected tokens, tokens with a display or disconnected tokens, and smart cards.
In addition to being secure and useful on their own, OTPs can be employed with other authentication methods to provide Two Factor Authentication (2FA). 2FA consists of something the user knows and something they have. They can know a password and have a cell phone that can receive an OTP via text.
If you are looking to increase your security without incurring too much overhead or struggle for your users, you might want to consider OTPs.
For more information please visit: http://portalguard.com/two-factor_authentication.html
The PortalGuard software is an authentication platform which is focused on enhancing usability, while maintaining a balance between security, auditing, and compliance for your web and desktop authentication requirements. PortalGuard provides capabilities including multi-factor authentication, transparent user authentication, self-service password management, two-factor authentication, password synchronization and single sign-on which can be seamlessly configured by user, group, or application.
Subscribe to our newsletter: http://portalguard.com/contact_us.php