A one-time password generated by a mobile device for secure authentication.
Description
Handset generated OTP (One-Time Password) refers to a security feature where a unique password is created by a mobile device, typically through an application or built-in capabilities. This OTP is used for authentication purposes, particularly in the context of Non-Human Identities (NHIs) such as automated systems, devices, or bots that require secure access to services. Unlike traditional passwords, an OTP is valid for a single session or transaction, reducing the risk of unauthorized access. Handset generated OTPs are often utilized in two-factor authentication (2FA) processes, enhancing security by requiring users or systems to provide both a knowledge factor (something they know) and a possession factor (something they have, such as their mobile device). This method mitigates risks associated with traditional static passwords and is crucial in environments where automated systems need to securely interact with APIs or other services without human intervention.
Examples
- A banking app generates an OTP for a user to confirm a transaction.
- An IoT device uses an OTP to authenticate itself to a server before sending data.
Additional Information
- Handset generated OTPs are usually time-sensitive and expire after a short duration.
- They can also be delivered via SMS or generated by authentication apps.
References
- What is a Non-Human Identity? - CyberArk
- NIST Special Publication 800-63B
- Security Operations for Non-Human Identities - The Hacker News
- What are Non-Human Identities? - OASIS Security
- Access Risks of Non-Human Identities - SGNL
- A Human's Guide to Non-Human Identities (NHIs) - Aembit
- The Invisible Army of Non-Human Identities - Dark Reading
- The State of Non-Human Identity Security | CSA
- What Are Non-Human Identities? - ConductorOne
- What is a one-time password (OTP)? Definition from SearchSecurity