OTP
4
What is two-factor authentication? In the real world of bricks-and-mortar, banks try to secure their valuables by putting them in vaults that have multiple security devices. A safe might need two different sets of keys to open it, for example, with each one held by a different, senior member of staff. Or it might have a timelock that means it opens only between certain hours of the day, whether you have the right keys or not. The online equivalent of this is called multi-factor authentication (MFA) and it means you have to pass distinctly different types of security check to get access to a computer system. In theory, just as you could have a bank vault secured by any number of keys and other security devices, so you could have an online bank or shopping website secured by lots of different security checks. In practice, most online systems that use this extra security currently require you to sign in with a username and password and satisfy one extra security check as well. Since two separate checks are involved instead of the normal one, this is often called two-factor authentication (2FA or TFA). What is a one-time password? So what's the extra check? Where signing into computer systems and websites is concerned, it usually involves entering a disposable password, which is valid only once and changes every time you sign-in. This is called a one-time password (OTP) and a new one is generated fresh each time you access the system. Typically a one-time password is a series of meaningless numbers or characters or it might be a half dozen or so short, random words. How do you know your one-time password if it keeps changing? It's not something you're expected to remember: it's generated automatically and sent to you by some method other than online transmission. It might be sent to your cellphone (mobile phone) as an SMS text message; it could be generated by an app running on your phone or by a dedicated, handheld electronic gadget called a security token; it might even be printed out and mailed to you on paper, the good old-fashioned way.
description
OTP generation
Transcript of OTP
What is two-factor authentication?In the real world of bricks-and-mortar, banks try to secure their valuables by putting them in vaults that have multiple security devices. A safe might need two different sets of keys to open it, for example, with each one held by a different, senior member of staff. Or it might have a timelock that means it opens only between certain hours of the day, whether you have the right keys or not. The online equivalent of this is called multi-factor authentication (MFA) and it means you have to pass distinctly different types of security check to get access to a computer system. In theory, just as you could have a bank vault secured by any number of keys and other security devices, so you could have an online bank or shopping website secured by lots of different security checks. In practice, most online systems that use this extra security currently require you to sign in with a username and password and satisfy one extra security check as well. Since two separate checks are involved instead of the normal one, this is often called two-factor authentication (2FA or TFA).What is a one-time password?So what's the extra check? Where signing into computer systems and websites is concerned, it usually involves entering a disposable password, which is valid only once and changes every time you sign-in. This is called a one-time password (OTP) and a new one is generated fresh each time you access the system. Typically a one-time password is a series of meaningless numbers or characters or it might be a half dozen or so short, random words. How do you know your one-time password if it keeps changing? It's not something you're expected to remember: it's generated automatically and sent to you by some method other than online transmission. It might be sent to your cellphone (mobile phone) as an SMS text message; it could be generated by an app running on your phone or by a dedicated, handheld electronic gadget called a security token; it might even be printed out and mailed to you on paper, the good old-fashioned way.
How are one-time passwords generated?If a one-time password is going to give you access to a computer system, the disposable password you hold in your hand obviously has to match the password the computer has in its memory, just like a conventional password. The only trouble is, the password has got to change every time you use it. This means there has to be some form of synchronization that allows both you and the computer system to use the same, ever-changing password, without the computer having to transmit it to you each time by some insecure method such as email. You can see how this would work with a cellphone-based system: the computer system would generate the one-time password, send it to you in an SMS text message, and then allow you a certain time period to type it in before the password expired. A mail-based system works in essentially the same way, but the password would have to be valid for longer to allow for delays in transit (some banks will mail you a whole printed list of one-time passwords, called transaction authentication numbers or TANs, that you use and then strike out in sequence, matching a list of passwords stored on the computer system).
Its a Web App
Algo
Generating Unique OTP
Linear feedback shift register
DB : MYSQL
How works ?
