What is OTP/2FA/MFA?
Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) is a security system that requires more than one method of authentication to verify user's identity for a login or other transaction.
MFA is used to create a layered defense and make it more difficult for an unauthorized person to access a network or database.
MFA combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification).
Examples of MFA are: being requested to enter an additional one-time password (OTP) that has been sent to the requester's phone or email address, and MFA's subset two-factor authentication (2FA).
One-Time Password (OTP)
A one-time password (OTP) is an automatically generated numeric or alphanumeric string of characters that authenticates the user for a single transaction or session.
OTPs may replace authentication login information or may be used in addition to it, to add another layer of security.
OTP can be a pocket-size token or a mobile app.
The different types of OTP are: HMAC-based One-Time Password (HOTP) and Time-Based One-Time Password (TOTP).
HOTP is a simple counter that increments each time an OTP is generated, while with TOTP a new OTP is generated by the device every 30 seconds.
The TOTP password is short-lived while the HOTP password may be valid for an unknown amount of time, therefore TOTP is generally considered the more secure One-Time Password solution.
Two-Factor Authentication (2FA)
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security process in which two different authentication factors are used to verify user's identity for a login or other transaction.
Two-factor authentication provides a higher level of assurance than authentication methods that depend only on a password or passcode.
2FA methods rely on users providing a password as well as a second factor, usually either a security token or a biometric factor like a fingerprint.
All two-factor authentication is Multi-factor authentication (MFA), but not all MFA is a 2FA.