Skip to main content
Denwa

One-Time Password

A one-time password (OTP) is a single-use code that expires after a set time. Unlike fixed passwords, OTPs generate different codes each time, preventing reuse if intercepted. They serve as the "possession factor" in two-factor authentication.

Three main delivery methods exist. First, SMS sends 4-6 digit codes, the most common method for banks and online services. Second, authenticator apps (Google Authenticator, Microsoft Authenticator) generate new TOTP (Time-based OTP) codes every 30 seconds. Third, dedicated hardware tokens display codes on keychain-sized devices.

SMS OTP has vulnerabilities. SIM swap attacks that hijack phone numbers redirect OTPs to attackers. "Real-time phishing" via smishing relays user-entered OTPs to attackers instantly. Authenticator apps are more secure than SMS OTP.

Watch for OTP-exploiting scams: "This is bank security. Please read back the number we just sent." Legitimate banks never ask for OTPs by phone. See two-factor auth phone risks for detailed analysis.

Was this article helpful?

XHatena

Related Terms

Two-Factor Authentication (2FA)

A security method that verifies identity using a second factor such as an SMS code in addition to a password.

SMS (Short Message Service)

A service for sending and receiving short text messages to phone numbers.

SIM Swap

An attack technique that fraudulently transfers someone's phone number to the attacker's SIM.

Smishing

Phishing fraud via SMS. Directs victims to fake websites to steal personal information.

Phishing

A fraud technique that steals personal information using fake websites and messages.

Mobile Phone Number

An 11-digit phone number starting with 090, 080, or 070. Approximately 190 million lines are in use.

Related Articles

Risks of Phone-Based Two-Factor Authentication and Safer AlternativesHow to Spot SMS Scam Messages - 5 Checkpoints Even Teens Can UseProtecting Your Phone Number - How to Prevent Number Leaks
Back to Glossary