If an OTP is going to give you access to a computer system, the non reusable password you have in your hand definitely has to match the password that computer has in its memory, just like a traditional password. The only problem is, the password varies every time you use it. This means there has to be some kind of synchronization that permits both you and the computer system to use the same, ever-changing password, without the computer having to convey it to you every time by some timid method like email.

You can find out how this will work with a cellphone-based system: the computer system would produce the OTP, send it to you in an SMS form with the help of bulk SMS API, and then allow you a definite time period to type it in prior to the password is expired. A mail-based system works in basically the same way, but the password would have to be valid for long time to allocate for delays in transit.

But, how does the synchronization work if you have something like a security token producing OTPs for you? One method, known as time synchronization, includes the token and the computer system both producing new one-time passwords on the basis of a numeric version of the present time. They might take some time to turn it into a numerical code, and then run it via a code generator and an algorithm called a hash function to produce an exclusive 10-digit code, which turns out to be your one-time password.

Only if the token and the computer system have their clocks synchronized, the token will always create a one time password that goes with the one the computer is looking for. But, if the clocks get out of the way, the token would not produce right passwords anymore and will require being reset.

#OTP #SMSAPI #bulksms