A One-Time Password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates a user for a single transaction or login session. It acts as a second factor of authentication, typically delivered via SMS messaging or email. For example, upon attempting to log into an online banking account, a user might receive a unique six-digit code on their mobile phone that they must enter to complete the login process.
The utilization of this security measure significantly enhances online security by providing an additional layer of protection against unauthorized access. Its transient nature, valid for only a limited time, mitigates the risk associated with compromised passwords. Historically, reliance on static passwords alone presented a vulnerability exploited by phishing and credential stuffing attacks; this approach reduces that vulnerability substantially.
