Difference between revisions of "One-Time Password Authenticator"

Latest revision as of 10:01, 22 May 2021

Authenticators are devices in the user possession that can generate a one-time password.

Security Dynamics invented and patented the "Time-Based One-Time Password Algorithm" which has since come off-patent and standardized as RFC 6238 in May 2011.

Give users a hand-held device that can generate password for access to secure accounts.
All of the security is in the place that generates the OTP. The seed for the OTP is a very high-value target and has been hacked at is source from the beginning. ^[1]

The original Security Dynamics (later RSA, now Dell) Authenticator was a small hand held device that continually generated a password every (eg 30) seconds that could be sync'd with the server.
Now Microsoft, Google and others offer Authencators as Smart Phone Native Apps.

The following is a list of some of the Authentictors now in use.

↑ Andy Greenberg The Full Story of te Stunning RSA Hack can Finally be Told World (2021-05-20) https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/

@@ Line 7: / Line 7: @@
 ==Problem==
 * Give users a hand-held device that can generate password for access to secure accounts.
-* All of the security is in the place that generates the OTP. The seed for te OTP is a very high-value target and has been hacked at is source from the beginning. <ref>Andy Greenberg ''The Full Story of te Stunning RSA Hack can Finally be Told''  World (2021-05-20) https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/</ref>
+* All of the security is in the place that generates the OTP. The seed for the OTP is a very high-value target and has been hacked at is source from the beginning. <ref>Andy Greenberg ''The Full Story of te Stunning RSA Hack can Finally be Told''  World (2021-05-20) https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/</ref>
 ==Solution==