OTP

Jan 1, 0001

Definition

OTP, or One-Time Password, is a security mechanism used to authenticate a user by generating a unique password for each login or transaction. This password is valid for only one session or transaction, significantly reducing the risk of unauthorized access. OTPs are often delivered via SMS, email, or through dedicated authenticator apps, providing an additional layer of security beyond traditional static passwords.

Secure Settings Example

# Example configuration for an OTP system using an authenticator app
otp:
  enabled: true
  delivery_method: "authenticator_app"
  length: 6
  expiration_time: 30  # OTP expires in 30 seconds
  hash_algorithm: "SHA-256"

Insecure Settings Example

# Insecure OTP configuration example
otp:
  enabled: true
  delivery_method: "email"
  length: 4
  expiration_time: 300  # OTP expires in 5 minutes, increasing risk of interception
  hash_algorithm: "MD5"  # Weak hash algorithm

OTP

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter