A one-time password is a password used for authentication or authorization. Each one-time password is valid for a single use only and cannot be used a second time. Accordingly, each authentication or authorization requires a new one-time password. It is safe against passive attacks, i.e. eavesdropping. Replay attacks are also impossible. One-time passwords do not help against the man-in-the-middle attack scenario. Also, the use of one-time passwords has no influence on the security of an encryption method.
The challenge with one-time password is how both sides can know which password is valid for a particular login process. There are two ways to do this: password lists or password generators.
OTP Password Lists
With this system, ready-made lists of passwords are stored on both sides. This list is either processed sequentially (i.e. the entries are numbered consecutively) or a value that has not yet been used is freely selected. This value is transmitted as a password and removed from the list on both sides. The TAN lists in online banking are an example of a password list.
---
There is the following difference between the above-mentioned variants: In the case of one-time passwords that are used one after the other, i.e. sequentially, there is exactly one valid value at any given time, namely the first one that has not yet been used. In the case of one-time passwords, which can be selected arbitrarily by the sender from a list, there are exactly as many valid values at any given time as there are unused values on the list.
One disadvantage is a possible loss of the password list. An attacker who gets hold of them (e.g. in the event of a system break-in) knows all possible one-time passwords. A system that does not have to store the list in its entirety is therefore preferable to this method.
OTP Password Generators
A password generator is a program that automatically generates a password. In the case of password generators, a special algorithm generates an up-to-date password at any given time. A distinction must be made between three methods:
- Timed Generators
- Event-Driven Generators
- Challenge-Response-Driven Generators
In all three, it is not the algorithm itself that is transmitted, but only the proof, the result of the algorithm. With the correct result, the client proves that it has the right algorithm and, if necessary, the right initialization.
Although the server performs the same calculation as the client (the security token), it generally accepts and calculates multiple one-time passwords within a tolerance range, as the clock built into the token may not be 100% accurate. Nevertheless, each one-time password has a well-defined time interval for its validity, which is usually between 1 and 15 minutes.
If a single token is used by several independent entities, eavesdropping on the one-time password at one location would open up a security risk for the other entities within the tolerance range.
In the event-driven method, as in the timed method, the server performs the same calculation that took place on the client side, and here too it calculates and accepts several one-time passwords within a tolerance range, excluding those that have already been used. The reason is that occasionally the owner would not be able to use a generated password. This method is much gentler on the batteries of a corresponding device (token). It is also possible to operate it without a permanent power supply by simply storing the last value used and therefore devalued anyway.
If a single token is used by multiple independent entities, all entities must be notified in a timely manner of any use in any event.
There are no synchronization problems in the case of a challenge-response procedure. In this procedure, the server specifies a task (challenge) that the client must answer (response). In other words, the client receives a value from the server as input and calculates a one-time password based on that.
The advantage of this procedure is that the challenge can be set completely independently. If there is no algorithm on the server side that can be calculated in advance, then there is no way to calculate a response in advance on the client or cracker side. This also makes it possible to use a single algorithm for several independent bodies, which does not reduce security. There are solutions that use a device (token) to calculate the response. In this case, the technique described below can also be used, with the initial value as a challenge.
The prerequisite for the one-time password procedure is that both parties involved (client and server) have a common, secret password.
When Does it Make Sense to Use One-Time Passwords?
The fact that one-time passwords become invalid after a short period of time prevents potential attackers from obtaining the codes and reusing them afterwards. The use of one-time passwords is therefore particularly recommended for websites and online services that use particularly important and sensitive data. For example, in the case of:
- Sensitive company data
- Confidential communication channels
- Online Banking
- Financial services such as cryptocurrency exchanges or online stock accounts
One-time passwords are therefore not urgently required for every website. However, due to increasing cybercrime, it is generally advisable to pay attention to strong passwords.
