One-time password (OTP) are a mechanism for logging on to a network or service using a unique password which can only be used once. This prevents different forms of identity theft by ensuring that a user name/password combination cannot be used a second time. Typically the user’s login name stays the same, and the one-time password changes with each login. One-time passwords are a form of strong authentication, and offer more effective protection to on-line bank accounts, corporate networks and other systems containing sensitive data.
Today most enterprise networks, e-commerce sites and online communities require only a user name and static password for login and access to personal and sensitive data. Although this authentication method is convenient, a static password is not the most secure form of protection against online identity theft such as: phishing, keyboard logging, man-in-the-middle attacks and other methods.
Strong authentication solutions address the limitations of static passwords by incorporating an additional security measure, a temporary one-time password (OTP) that protects network access and end-users’ digital identities. The OTP adds an extra level of protection and makes it extremely difficult for fraudsters to access unauthorized information, networks or online accounts.
One-time passwords can be generated in several ways and each one has different benefits in terms of security, convenience, cost and accuracy. There are simple methods for one-time password regeneration such as transaction number lists and grid cards. While these methods demand minimal investment costs, they are slow, difficult to maintain, easy to replicate or share, and require the users to keep track of where they are situated in the password list.
A more convenient way for users is to use an OTP token which is a hardware device capable of generating one-time passwords. Some of these devices are PIN-protected, offering an additional level of security. The user enters the one-time password with other identity credentials (typically user name and password) and an authentication server validates the login request.
More advanced hardware tokens use microprocessor-based smart cards to calculate one-time passwords. Smart cards have many advantages when using strong authentication, including data storage capacity, processing power, portability, and easy to use. They are inherently more secure than other OTP tokens because they generate a unique, non-reusable password for each authentication. They also securely store personal information, and never send out personal or private data over the network.
Smart cards can also include additional strong authentication capabilities such as PKI, or Public Key Infrastructure certificates. When used in relation with PKI applications, the smart card device can provide core PKI services that range from encryption, digital signature and private key generation and storage.
Gemalto smart cards can integrate OTP strong authentication in either Java™ or Microsoft .NET systems. Multiple form factors and connectivity options are available to provide users with the most appropriate device relative to their network access requirements. All Gemalto OTP devices are compatible with the same Strong Authentication Server and are powered by a common set of administrative tools.