One-Time-PIN or OTP
July 29, 2021 · Iqbal Abdullah
What is OTP (One-Time Password or PIN)?
A one-time PIN is a code that is created randomly and is valid for only one session or a transaction. This one time PIN are usually sent over the phone as an SMS, but it can also be sent via email or even within a phone call.
Commonly used within 2FA
OTPs are often used in two factor authentication or 2FA to provide an extra layer of security. This layer of security is achieved by adding something else that you “have” (such as a mobile phone), instead of just something that you “know” (which is the PIN itself)
Not vulnerable to re-use
Because one-time-pin are only valid for a single use or login, they are not vulnerable like your normal passwords. If you have used a one-time-pin to login into a service, that one-time-pin is now useless and will not be a security issue even if that one-time-pin was stolen later.
Also, generally one-time-pins can only be used within as certain period of time, so even if someone knows of your one-time-pin before you use it, if the effective time for that one-time-pin has passed, it will not affect the security of your account.
One-time-pins are also not used between different sites, so even in the event where your account is compromised on one service which uses a password, your accounts which you login via one-time-pins are not affected.
Many channels of delivery
There are a number of ways to deliver one-time passwords and pins: The two most common and perhaps secure ways being through physical tokens and mobile phones. Using mobile phones, either via SMS or voice, for delivering OTP’s come as a logical step due to mobile phones being very common nowadays and that nearly all of them can receive either an SMS or a phone call. Nowadays, you can also check your email via your mobile phones, so sending OTPs via email is also becoming a viable option.
Using modern smart-phones to deliver one-time PIN codes benefits both the end-users who are already familiar with their device, while for businesses it also lowers their operational costs because there is no need to supply their customers propriety devices.