A dynamic password, also known as a one-time password (OTP), is a password that is valid for only one login session or transaction, on a computer system or other digital device. Dynamic passwords are used to solve traditional problems that occur when static password authentication cannot cope with eavesdropping, replaying, guessing, and other security issues. Dynamic passwords are generated using various approaches, including time-synchronization between the authentication server and the client providing the password, mathematical algorithms to generate a new password based on the previous password, and mathematical algorithms where the new password is based on a challenge and/or a counter.
Dynamic passwords are used to enhance traditional password approaches by using the processing capability of smart cards to create multiple passwords for each authentication attempt. The smart card creates new passcodes several times a day, and the host implements the same algorithm as the smart card, so it knows the password tokens current valid password at any given time. During authentication, the password token shows the current password, which is sent to the host. The verifier compares the password received to the normal value. The host accepts the card if the identifiers connect. This method provides card authenticity, due to the lifetime of each password is short and the algorithm is variable with.
Dynamic passwords are used to prevent replay attacks and solve the issues that the static password is likely to be stolen in transmission and database. The dynamic password method enhances the security of information in the procedure of lodging to make authentication information different every time, which can enhance the security of information in the procedure of lodging. The dynamic password for online payment is a unique password for each payment, which the client receives via an electronic channel during the payment process.
