Identity & Access
One-Time Password (OTP)
Also known as: OTP, Single-use password
Definition
A short numeric code that is valid for only a single login attempt or a brief time window, typically used as a second authentication factor.
Examples
- A six-digit TOTP code displayed in Google Authenticator every 30 seconds.
- An SMS message containing a one-time code to authorize a bank transfer.
Related terms
Time-Based One-Time Password (TOTP)
A one-time password algorithm defined in RFC 6238 that derives a short code from a shared secret and the current time, rotating every 30 seconds.
HMAC-Based One-Time Password (HOTP)
An event-based one-time password algorithm defined in RFC 4226 that derives a short code from a shared secret and a monotonically increasing counter.
Multi-Factor Authentication (MFA)
An authentication method that requires two or more independent factors — typically from different categories — before granting access.
Two-Factor Authentication (2FA)
A specific form of multi-factor authentication that requires exactly two factors — usually a password plus a second factor — to verify identity.
Authentication
The process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access.
Passkey
Passkey — definition coming soon.