Lukas' Notes

One-Time Password

May 01, 20261 min read

Definition

One-Time Password

A one-time password (OTP) is a password that is valid for only a single authentication session or transaction. After use it is invalidated and cannot be reused.

One-time passwords mitigate the risk of replay attacks and reduce the impact of credential theft, since a captured password is useless for subsequent sessions.

Implementations

One-Time Password Generator

The user and the server compute the password on the fly using a cryptographic algorithm and a shared secret. Typically time-based.

TAN List

A printed list of precomputed one-time passwords communicated over a secure channel. Each entry is used once and then invalidated.

Mobile TAN

A one-time password sent to the user’s registered phone number via SMS. Proves possession of the SIM card.

Graph View

Definition
Implementations

Backlinks

192.019 Introduction to Security
Challenge-Response Authentication
One-Time Password Generator
TAN List

Created with Quartz v4.4.0 © 2026

GitHub