About OTP
OTP (One-Time Password) is a password that can only be used once. When using OTP, the user needs to enter a password generated by the token, which will become invalid the next time it is used. OTP is a secure method of verification because it is one-time use. Even if the password is intercepted, the attacker cannot use it again. This method is more secure than traditional password verification.
Type of OTP
There are two types of OTP: time-based TOTP (Time-based OTP) and counter-based HOTP (HMAC-based OTP). Of course, there are also other types of OTP, such as Mobile-OTP, as well as self-owned OTP developed by platforms such as Steam and Yandex.
TOTP
TOTP is a timestamp-based OTP that has become the RFC6238 standard. It uses a timestamp and a key to generate a one-time code that is valid for a certain period of time and then expires. The TOTP interval is usually 30 seconds.
HOTP
HOTP is a counter-based OTP that has become the RFC4226 standard. It uses a counter and key to generate a one-time code that increments the counter after use.
Mobile-OTP
Mobile-OTP, referred to as MOTP, is developed by the mOTP project. It requires generating a one-time code based on the key and PIN code.
Steam
Steam is similar to TOTP and is also generated based on timestamps, but its algorithm is different and the one-time code it generates is 5 digits or letters.
Yandex
Yandex is similar to Steam, the algorithm is also different, and the one-time code generated is 8 digits or letters.