OTP (One Time Password)
One Time Password (OTP) systems are used to enhance the protection of access to systems. OTP’s are usually applied in addition to a password known by a user. The OTP acts in this case as an additional factor which has only a very limited lifetime and which can only be used once. That results in additional security because a stolen OTP is not of much use for an attacker because of its limited lifetime and one time usage.
Clavid aims to provide OTP methods as free as possible for OpenID usage. Thus, Clavid explored possible OTP generators to be used that do not result in much cost for end users while still providing additional security. Currently, the Clavid IDP supports the methods stated below.
Mobile-OTP
Mobile-OTP is an open source project that provides source code, links and information on the Source-Forge project site
OATH-HOTP (RFC 4226) specified by the Initiative for Open Authentication
The «Initiative for Open Authentication» is a working group which is well known as OATH. The working group tries to standardize strong authentication methods such as OATH HOTP and published its information at their web site
• http://www.openauthentication.org/
Additional information on RFC 4226 is available at the IETF web site:
• http://tools.ietf.org/html/rfc4226
OATH-TOTP (RFC 6238) specified by the Initiative for Open Authentication
The «Initiative for Open Authentication» is a working group which is well known as OATH. The working group tries to standardize strong authentication methods such as OATH TOTP and published its information at their web site
• http://www.openauthentication.org/
Additional information on RFC 6238 is available at the IETF web site:
• http://tools.ietf.org/html/rfc6238
Challenge / Response OTP based on RFC 2289
RFC 2289 is a one time password systems specified back in 1998. The standard is still in use and supported by various clients. Additional information on RFC 2289 is available at the IETF web site
• http://tools.ietf.org/html/rfc2289
SMS Mobile
SMS Mobile delivers OTP via SMS (Short Messaging System) straight to your mobile phone. Due that sending SMS to mobile phones implies payment of costs of the telecommunication providers, this method is currently with costs. Please also consider the use of other OTP methods that can be fully provided for free by Clavid.
Configuration
The configuration for the following OTP devices is described in the manual below the list.
|
Logo
|
Name
|
Method
|
Platform
|
Info Link
|
|
|
Google Authenticator
|
OATH-TOTP/HOTP
|
iPhone
|
App Store
|
|
|
Google Authenticator
|
OATH-TOTP/HOTP
|
Android
|
App Store
|
|
|
mOTP
|
Mobile-OTP
|
iPhone
|
App Store
|
|
|
iOTP
|
Mobile-OTP
|
iPhone
|
App Store
|
|
|
mobile otp
|
Mobile-OTP
|
iPhone
|
App Store
|
|
|
DroidOTP
|
Mobile-OTP
|
Android
|
App Store
|
|
|
iOATH Lite
|
RFC 4226 (OATH-HOTP)
|
iPhone
|
App Store
|
|
|
Pledge
|
RFC 4226 (OATH-HOTP)
|
iPhone
|
App Store
|
|
|
YubiKey 2.1 OATH
|
RFC 4226 (OATH-HOTP)
|
YubiKey
|
Yubico
|
|
|
1Key
|
RFC 2289
|
iPhone
|
App Store
|
|
|
SMS
|
SMS
|
Mobile
|
|
Download: Clavid OTP Configuration Manual (PDF)
Please contact us if you want to provide configuration manuals for other OTP devices.
Top
Back
|
