Knowledge Base > Article [0023]

One-Time Password

A one-time password (OTP) is a password that is valid for only one login session or transaction. OTPs avoid a number of shortcomings that are associated with traditional (static) passwords. The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are dynamic hence not vulnerable to replay attacks. This means that a potential intruder who manages to record an OTP that was already used to log into a service or to conduct a transaction will not be able to abuse it, since it will be no longer valid. On the downside, OTPs are dynamic therefore require additional devices that can generate one time password. This type of device is generally called OTP token.

In contrast to the traditional static passwords, one-time password is sometimes also refered as dynamic passwords.