A one-time password, also called OTP, is a password that is valid for one login only. OTPs are often used as part of a two-factor authentication system. For example, when a user logs on to a secure network, they see two prompts: one for a regular password and one for a one-time password. The one-time password can come from sources including a USB security token (shown on the right) or a smartphone application.
Why am I Receiving OTP Messages?
Below is a list of reasons why you may receive an OTP message or code as a text message or e-mail.
You are Trying to Access your Account
When you access your account from a new web browser, device, or location, the service may send you a one-time password as an authentication tool. If so, you can enter the one-time password that was sent to you to verify your identity.
Someone Else is Trying to Access your Account
If someone else is trying to access your account if the service does not recognize the computer, they should specify OTP as the authentication means. If someone with account access isn’t trying to access your account, someone is likely to try to sign in to your account.
Someone Tried to Reset your Password
If part of a forgotten password is used or the password is reset, the service can use OTP to verify the identity of the person.
Someone is Trying to Create an Account with your Email
If you’re receiving OTP messages from a service you’re not using, it’s likely that someone is trying to create an account with your email address or phone number.
Someone Tried to Phishing your Account
The OTP message can be used by phish for user account details. The OTP message may contain links to provide information or to request users to enter their credentials.
OTP Authentication Methods
The OTP Authentication Service can use one or more of the following methods to verify a user’s identity.
Time Synchronization –
The login server knows that the one-time password is valid because the USB key generates a random password based on the current time.
Previous Password –
The logon server keeps a record of the last password entered on the OTP device and uses this information to verify the current one-time password.
The login server can issue a unique USB key prompt for which there is only one unique response.