Authentication using a password alone is not secure enough. If the password is weak or an attacker manages to steal the password, the attacker will be able to gain access to the account. One way to make the authentication process more secure is to use another factor of authentication. We have already discussed what authentication factors are and how 2 Factor Authentication makes us more secure.
One way to implement 2 Factor Authentication is to use a One Time Password or OTP as the second factor of authentication. In that case, when a user provides his password as the knowledge factor, the server requests for an OTP. The user either uses a hardware device like a YubiKey device or uses an app like Google Authenticator to generate the OTP. Once the user provides the OTP, the server validates it. On successful validation of the OTP, the authentication is successful. (What is an authentication factor?)
HOTP and TOTP are two algorithms using which an OTP can be generated by a hardware device or software for the purpose of authentication. How do HOTP and TOTP work? How are they different from each other and which one should we use? In this article, we would discuss that in detail.
In this article, we will discuss:
-
What is HOTP?
-
How does HOTP work?
-
What is TOTP?
-
How does TOTP work?
-
HOTP vs. TOTP – Which one is more secure?
0 Comments