One-Time Passwords
Posted by davitb on 2nd October 2009
I decided to continue the series of “user authentication” related articles (which I started with article Conventional Website Authentication Model and its Weaknesses) and bring more details about one-time passwords.
In this article I will overview the following topics:
- Basic ideas behind OTP
- OTP Types
- Vulnerabilities
- Standards and Applications
To make the illustration of OTP more practical we will implement a web server with authentication from scratch by trying to integrate an OTP scheme.
Tags: authentication, challenge-response, HMAC, HTTPS, man-in-the-middle, OATH, OCRA, one time passwords, RSA SecureID, SSL
Posted in authentication | No Comments »