Talk:One-time password

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing Mid‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles Mid This article has been rated as Mid-importance on the project's importance scale. Cryptography: Computer science Mid‑importance This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles Mid This article has been rated as Mid-importance on the importance scale. This article is supported by WikiProject Computer science (assessed as Mid-importance).

The contents of the One-time authorization code page were merged into One-time password on 28 June 2021. For the contribution history and old versions of the redirected page, please see its history; for the discussion at that location, see its talk page.

Isn't transaction authentication number basically a form of one-time passwords? Shouldn't this be described in both articles? --ZeroOne 13:00, 13 September 2006 (UTC)[reply]

 Done. Thank you for pointing that out omission. I've added a (possibly too brief) mention of TAN, and linked to the TAN article; and linked the TAN article here. --68.0.124.33 (talk) 01:11, 20 January 2009 (UTC)[reply]

I added https://passkeeping.com but it was immediately removed. I think the website is relevant (it helps the users to use one-time-passwords). Well, I understand this is Wikipedia; anyone can add, anyone can remove. —Preceding unsigned comment added by 202.143.96.19 (talk) 13:49, August 27, 2007 (UTC) I added http://grc.com/ppp.htm and it was removed, also! I wonder why... - /dev/null 13:39, 8 November 2007 (UTC)[reply]

I added a link to Aveso Displays (http://www.avesodisplays.com/products/index.html) which was also promptly (and rather rudely) removed by "Oli Filth" (fitting name). Now, perhaps I added the link in the wrong manner; it wasn't meant to be a commercial endorsement or product promotion. The company has a flexible display module technology applicable to smart cards and one-time password applications that is unique and adds information to this article. If there is a more appropriate way for me to link to this information -- someone please let me know! Tomcat66 g500 21:39, 8 November 2007 (UTC)[reply]

Apologies if "rv spam" seemed rude; the link appeared to be spam-like in nature, and its addition "drive-by" in nature.

Just because a particular product happens to be usable for the subject of the article, it doesn't in any way follow that it's relevant to the article; what extra information does it offer the reader? We wouldn't add links to a can-opener manufacturer's website on the Baked beans article! Oli Filth^(talk) 22:03, 8 November 2007 (UTC)[reply]

The article doesn't describe how OTPs work from the point of view of the user. How does one put to use the unique password, in what servers can she use it...? The only hint in this sense is the paragraph about SMS-transmitted passwords, but even then it doesn't explain how to use it. What does a layperson need to know about them? Diego (talk) 13:03, 17 July 2008 (UTC)[reply]

To Montco(talk). This is in reference to your One Time Password edit. A lot of the material on the Mobile based OTP and 2FA is written on us. And I do concede it is as commercial as the other entries and just as relevant in many senses. It would be argument 6 in your list. cheers and pleasant edits. Tintinobelisk (talk) 03:25, 2 September 2008 (UTC)[reply]

__salonee__09 2409:4043:2B90:51B8:9D06:396:CB:38C5 (talk) 23:09, 30 December 2023 (UTC)[reply]

This article currently states: "Most good time-synchronized OTP technologies are patented ... many security specialists frown upon the principle Security through obscurity which is often used for the time-synchronized one-time passwords".

That makes no sense to me. Patenting a technology (publishing it for anyone to see) is exactly the opposite of security through obscurity, right? --68.0.124.33 (talk) 01:21, 20 January 2009 (UTC)[reply]

I am not willing to edit the article again only to have the modifications removed but this page is missing completely the Visual OTP method (http://www.passwindow.com) which is completely different and in many ways is superior to the OTP methods described. —Preceding unsigned comment added by MattAuth (talk • contribs) 04:53, 4 July 2009 (UTC)[reply]

This looks like a poor mans version of a visual cryptography scheme. While each of the two shares in a visual cryptography scheme do not leak any information about the shared secret, the same does not appear to be the case with this new scheme. It is for example unclear how much information a challenge leaks. The web page does only make claims, there is no real security analysis available. There are no secondary sources confirming any of the claims made by the author. Hence it is much too ealy to put this scheme on wikipedia. 62.203.20.204 (talk) 11:15, 5 July 2009 (UTC)[reply]

Despite your opinion the method has been independantly researched by cryptologists, found sound, and a whitepaper is available here [1] —Preceding unsigned comment added by MattAuth (talk • contribs) 09:45, 21 December 2009 (UTC)[reply]

The article currently says the following: "A time-synchronized OTP is usually related to a piece of hardware called a security token (e.g., each user is given a personal token that generates a one-time password). Inside the token is an accurate clock that has been synchronized with the clock on the proprietary authentication server"

I'm puzzled about the indirect claim that this technique will only work if the authentication server is proprietary (i.e. that the server must be owned). I don't see why someone owning the server would have any effect on the function of the server.--80.167.145.223 (talk) 02:51, 13 July 2010 (UTC)[reply]

An image used in this article, File:Presentation Image Grid 1 JPG.jpg, has been nominated for speedy deletion at Wikimedia Commons for the following reason: Copyright violations

What should I do?

Speedy deletions at commons tend to take longer than they do on Wikipedia, so there is no rush to respond. If you feel the deletion can be contested then please do so (commons:COM:SPEEDY has further information). Otherwise consider finding a replacement image for this article before it is deleted.

A further notification will be placed when/if the image is deleted. This notification is provided by a Bot, currently under trial --CommonsNotification (talk) 03:25, 6 May 2011 (UTC)[reply]

An image used in this article, File:Presentation_Image_Grid_1_JPG.jpg, has been nominated for speedy deletion at Wikimedia Commons for the following reason: Copyright violations What should I do?

Speedy deletions at commons tend to take longer than they do on Wikipedia, so there is no rush to respond. If you feel the deletion can be contested then please do so (commons:COM:SPEEDY has further information). Otherwise consider finding a replacement image before deletion occurs. A further notification will be placed when/if the image is deleted. This notification is provided by a Bot, currently under trial --CommonsNotification (talk) 10:42, 6 May 2011 (UTC)[reply]

In the "OTPs versus other methods of securing data" section, first paragraph, there is a link to "main article." I did not arrive at this page from that article. Can it be updated to reflect the title of that article? — Preceding unsigned comment added by Khatchad (talk • contribs) 16:07, 23 July 2012 (UTC)[reply]

I simply removed the parenthetical statement, and wikilinked to the relevant page within the sentence. If you have a better idea be bold, I haven't read the article carefully. Skippydo (talk) 21:33, 23 July 2012 (UTC)[reply]

Is One-time authorization code article the same thing? 101.99.31.77 (talk) 05:04, 3 July 2019 (UTC)[reply]

Hmm, I didn't notice that page existed until now. Yes, I agree, that content could be merged here without loss of generality. Tom Scavo (talk) 10:56, 3 July 2019 (UTC)[reply]

  Y Merger complete. Klbrain (talk) 19:46, 28 June 2021 (UTC)[reply]

I edited the bottom part of the Lead that talked about the downfalls of OTPs. I found that there was more information on how phishing is still prevalent rather than the OTP being hard to memorize. In the case of a hard token, this also wouldn't apply or make sense. I made sure to add a citation to back it up, but I feel like this could also grow and become its own section. Hiiisparks (talk) 10:29, 21 November 2020 (UTC)[reply]

I'm surprised that there is no mention of HOTP on this page. It is definitely different from the Hash Chain that is described, and I believe it is more prevalent in the realm of OTP for 2-Factor Authentication. Is there a reason that HOTP does not belong on this page? Or would it make sense to add it? Nispio (talk) 17:59, 15 February 2021 (UTC)[reply]

There's a link to HOTP in the article. Tom Scavo (talk) 20:05, 15 February 2021 (UTC)[reply]

It references an article on barometric surgery. Is that really correct? 2600:2B00:9245:1D00:D466:3CB:44AB:D1AB (talk) 08:41, 19 September 2023 (UTC)[reply]