Tuesday 07 July 2026 06:12:57 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

One-Time Password (OTP)

A short-lived authentication code that can be relayed by an impostor site if a user enters it manually.

A one-time password is a short-lived authentication code used as a second factor after a username and password. It expires quickly and is meant to prove that the person logging in has access to a trusted channel, such as an authenticator app, SMS message, or hardware token. OTPs improve security compared with passwords alone, but they are not automatically phishing-resistant.

The main risk is relay attacks. If a user types an OTP into a fake login page, an attacker can forward that code to the real service in real time and take over the session before it expires. This is why OTPs are often targeted in phishing campaigns. Defenders reduce this risk by using phishing-resistant MFA such as FIDO2/WebAuthn security keys, limiting legacy OTP methods where possible, and training users to verify the exact login domain before entering any code.

← WIKICROOK index