A one-time password token (OTP token) is a security hardware device or software capable of generating a one-time password or PIN.
OTP tokens are often used as part of two-factor and multi-factor authentication. The use of one-time password tokens strengthens the traditional system of IDs and passwords by adding another, dynamic accounting.
Depending on the provider, the OTP token will generate the pin synchronously or asynchronously.
Synchronous tokens use a secret key and time to generate a one-time password.
Asynchronous tokens use a challenge-response (CRAM) authentication mechanism.
In the past, OTP security tokens were usually pocket fobs with a small screen that displayed a number.
The number changed every 30 or 60 seconds, depending on how the token was configured and the user entered their username and password, as well as the number displayed on the token.
Today, OTP tokens are often software-based and the password generated by the token is displayed on the user’s smartphone screen.
Software tokens make it easier for mobile users to enter authentication information and eliminate the need to track individual hardware.