OTP (One Time Password)

 

 

 

One Time Password (OTP) systems are used to enhance the protection of access to systems. OTP’s are usually applied in addition to a password known by a user.  The OTP acts in this case as an additional factor which has only a very limited lifetime and which can only be used once. That results in additional security because a stolen OTP is not of much use for an attacker because of its limited lifetime and one time usage.

Clavid aims to provide OTP methods as free as possible for OpenID usage. Thus, Clavid explored possible OTP generators to be used that do not result in much cost for end users while still providing additional security. Currently, the Clavid IDP supports the methods stated below.

 

 

Mobile-OTP

 

mobile OTP

 

Mobile-OTP is an open source project that provides source code, links and information on the Source-Forge project site

 

OATH-HOTP (RFC 4226) specified by the Initiative for Open Authentication

 

OATH-HOTP

 

The «Initiative for Open Authentication» is a working group which is well known as OATH. The working group tries to standardize strong authentication methods such as OATH HOTP and published its information at their web site
•    http://www.openauthentication.org/

 

Additional information on RFC 4226 is available at the IETF web site:
•    http://tools.ietf.org/html/rfc4226

 

OATH-TOTP (RFC 6238) specified by the Initiative for Open Authentication

 

OATH-HOTP

 

The «Initiative for Open Authentication» is a working group which is well known as OATH. The working group tries to standardize strong authentication methods such as OATH TOTP and published its information at their web site
•    http://www.openauthentication.org/

 

Additional information on RFC 6238 is available at the IETF web site:
•   http://tools.ietf.org/html/rfc6238

 

Challenge / Response OTP based on RFC 2289

 

RFC2289

 

RFC 2289 is a one time password systems specified back in 1998. The standard is still in use and supported by various clients. Additional information on RFC 2289 is available at the IETF web site
•    http://tools.ietf.org/html/rfc2289

 

SMS Mobile

 

SMS Mobile

 

SMS Mobile delivers OTP via SMS (Short Messaging System) straight to your mobile phone. Due that sending SMS to mobile phones implies payment of costs of the telecommunication providers, this method is currently with costs. Please also consider the use of other OTP methods that can be fully provided for free by Clavid.

 

Configuration

 

The configuration for the following OTP devices is described in the manual below the list.

 

Logo

 

Name

Method

Platform

Info Link

Google Authenticator

 

Google Authenticator

 

OATH-TOTP/HOTP

 

iPhone

 

App Store

Google Authenticator

 

Google Authenticator

 

OATH-TOTP/HOTP

 

Android

 

App Store

mOTP

 

mOTP

 

Mobile-OTP

 

iPhone

 

App Store

iOTP

 

iOTP

 

Mobile-OTP

 

iPhone

 

App Store

mobile otp

 

mobile otp

 

Mobile-OTP

 

iPhone

 

App Store

DroidOTP

 

DroidOTP

 

Mobile-OTP

 

Android

 

App Store

iOATH Lite

 

iOATH Lite

 

RFC 4226 (OATH-HOTP)

 

iPhone

 

App Store

Pledge

 

Pledge

 

RFC 4226 (OATH-HOTP)

 

iPhone

 

App Store

YubiKey 2.1

 

YubiKey 2.1 OATH

 

RFC 4226 (OATH-HOTP)

 

YubiKey

 

Yubico

1Key

 

1Key

 

RFC 2289

 

iPhone

 

App Store

SMS Mobile

 

SMS

 

SMS

 

Mobile

 

 

Download: Clavid OTP Configuration Manual (PDF)

 

Please contact us if you want to provide configuration manuals for other OTP devices.

 

Top

 

Back