A one time password is a password that is applicable for only single login session or transaction on a computer system or different digital devices. OTPs ignore a number of drawbacks that are linked with traditional or static password based authentication; a number of accomplishments also integrate two-factor authentication by making sure that the single-time password needs access to something an individual has as well as something an individual knows.

The most significant benefit that is offered by OTPs is that in distinction to static passwords, they are not susceptible to replay attacks. This means a prospective intruder who deals with recording an OTP that was already employed to log in to a service or to carry out a transaction will not be able to misuse it, as it will be no more valid. A second major benefit is that a user, who uses the same password for several systems, is not made susceptible on all of them, if the password for one of these is obtained by an attacker. A number of OTP systems also intend to make sure that a session cannot simply be intercepted or taken off without knowledge of random data developed during the earlier session, therefore decreasing the attack surface additionally.

OTP generation algorithms in general make use of pseudorandomness or randomness, making forecast of successor OTPs by an attacker hard, and also hash utilities that can be used to derive a value, but are difficult to reverse and thus tough for an attacker to get the data that was used for the hash. This is essential because otherwise it would be simple to guess prospective OTPs by seeing previous ones.

There are also different methods to make the user responsive of the next OTP to use. Some systems use unique electronic security tokens that the user carries and that produce OTPs and show them using a small show. Other systems include software that runs on the user's mobile device. Yet, other systems produce OTPs on the server-side and deliver them to the user using an out-of-band channel like text messaging. Ultimately, in some systems, OTPs are printed on paper that the user is needed to carry.