One Time Password – New Dimensions in Security
There has been a sharp increase in e-commerce and online banking transactions in recent times. Remote access to the office network has resulted in ease and convenience of work. Due to this, there is increase in online network access usage. The flip side of this is the attempt by parties interested in stealing vulnerable passwords and leading to potential security breaches.
Author: Rajesh Mago
Source: Hakin9 1/2009 http://hakin9.org
What you will learn…
- Information concerning the background and present day applications of OTP technology
- Working of OTP systems, software processes and mathematics
- The main types of OTP technologies currently in use
- Pros and cons of using OTP technology
- Leading vendors and products connected with this technology
What you should know…
- How common protocols like Ethernet, TCP/IP or ARP work
- Internet links for further reading are given.
The traditional way of accessing the network using username and the same static passwords no longer suffices. The need for automated and stricter authentication has led to the quest for offline and online authentication methods to allow secure access to physical and network resources. Hence, One Time Password (OTP) technology that generates and displays a unique password typically valid for a few seconds is increasingly in demand. OTP based authentication is a simple and secure way of verifying the user credentials and granting access to the resources. The generated OTP is unique per session and valid for a set time only, reducing the chances of a fraudster using it in real time. An OTP system generally requires the user to present two kinds of evidence to verify his/her identity. Therefore, it is also known as two-factor authentication. The required proofs are:
- A token with a unique serial or unique key embedded in it
- A PIN or a secret password memorized by the user Refer to the following section for explanation of important terms required for understanding the rest of the article. Some Important Terms Token: The term token is used to refer to the hardware and software that generates and displays OTP. The hardware token is available in the form of car size key ring, smart card and the software token can be installed in mobile, PDA and PC etc.
<div id=”headersubscriptionform”>Option for individual subscribers</div>