Talk:One-time password

Transaction authentication number
Isn't transaction authentication number basically a form of one-time passwords? Shouldn't this be described in both articles? --ZeroOne 13:00, 13 September 2006 (UTC)


 * ✅. Thank you for pointing that out omission. I've added a (possibly too brief) mention of TAN, and linked to the TAN article; and linked the TAN article here. --68.0.124.33 (talk) 01:11, 20 January 2009 (UTC)

Removed link
I added https://passkeeping.com but it was immediately removed. I think the website is relevant (it helps the users to use one-time-passwords). Well, I understand this is Wikipedia; anyone can add, anyone can remove. —Preceding unsigned comment added by 202.143.96.19 (talk) 13:49, August 27, 2007 (UTC) I added http://grc.com/ppp.htm and it was removed, also! I wonder why... - /dev/null 13:39, 8 November 2007 (UTC)

Another removed link
I added a link to Aveso Displays (http://www.avesodisplays.com/products/index.html) which was also promptly (and rather rudely) removed by "Oli Filth" (fitting name). Now, perhaps I added the link in the wrong manner; it wasn't meant to be a commercial endorsement or product promotion. The company has a flexible display module technology applicable to smart cards and one-time password applications that is unique and adds information to this article. If there is a more appropriate way for me to link to this information -- someone please let me know! Tomcat66 g500 21:39, 8 November 2007 (UTC)


 * Apologies if "rv spam" seemed rude; the link appeared to be spam-like in nature, and its addition "drive-by" in nature.


 * Just because a particular product happens to be usable for the subject of the article, it doesn't in any way follow that it's relevant to the article; what extra information does it offer the reader? We wouldn't add links to a can-opener manufacturer's website on the Baked beans article!  Oli Filth(talk) 22:03, 8 November 2007 (UTC)

How does it work?
The article doesn't describe how OTPs work from the point of view of the user. How does one put to use the unique password, in what servers can she use it...? The only hint in this sense is the paragraph about SMS-transmitted passwords, but even then it doesn't explain how to use it. What does a layperson need to know about them? Diego (talk) 13:03, 17 July 2008 (UTC)

Relevant Link in Specific OTP Technologies
To Montco(talk). This is in reference to your One Time Password edit. A lot of the material on the Mobile based OTP and 2FA is written on us. And I do concede it is as commercial as the other entries and just as relevant in many senses. It would be argument 6 in your list. cheers and pleasant edits. Tintinobelisk (talk) 03:25, 2 September 2008 (UTC)


 * __salonee__09 2409:4043:2B90:51B8:9D06:396:CB:38C5 (talk) 23:09, 30 December 2023 (UTC)

patents
This article currently states: "Most good time-synchronized OTP technologies are patented ... many security specialists frown upon the principle Security through obscurity which is often used for the time-synchronized one-time passwords".

That makes no sense to me. Patenting a technology (publishing it for anyone to see) is exactly the opposite of security through obscurity, right? --68.0.124.33 (talk) 01:21, 20 January 2009 (UTC)

visual OTP technology
I am not willing to edit the article again only to have the modifications removed but this page is missing completely the Visual OTP method (http://www.passwindow.com) which is completely different and in many ways is superior to the OTP methods described. —Preceding unsigned comment added by MattAuth (talk • contribs) 04:53, 4 July 2009 (UTC)
 * This looks like a poor mans version of a visual cryptography scheme. While each of the two shares in a visual cryptography scheme do not leak any information about the shared secret, the same does not appear to be the case with this new scheme. It is for example unclear how much information a challenge leaks. The web page does only make claims, there is no real security analysis available. There are no secondary sources confirming any of the claims made by the author. Hence it is much too ealy to put this scheme on wikipedia. 62.203.20.204 (talk) 11:15, 5 July 2009 (UTC)
 * Despite your opinion the method has been independantly researched by cryptologists, found sound, and a whitepaper is available here  —Preceding unsigned comment added by MattAuth (talk • contribs) 09:45, 21 December 2009 (UTC)

Any particular reason to require time synchronization to be proprietary
The article currently says the following: "A time-synchronized OTP is usually related to a piece of hardware called a security token (e.g., each user is given a personal token that generates a one-time password). Inside the token is an accurate clock that has been synchronized with the clock on the proprietary authentication server"

I'm puzzled about the indirect claim that this technique will only work if the authentication server is proprietary (i.e. that the server must be owned). I don't see why someone owning the server would have any effect on the function of the server.--80.167.145.223 (talk) 02:51, 13 July 2010 (UTC)

File:Presentation Image Grid 1 JPG.jpg Nominated for speedy Deletion
An image used in this article,, has been nominated for speedy deletion at Wikimedia Commons for the following reason: Copyright violations Speedy deletions at commons tend to take longer than they do on Wikipedia, so there is no rush to respond. If you feel the deletion can be contested then please do so (commons:COM:SPEEDY has further information). Otherwise consider finding a replacement image for this article before it is deleted.
 * What should I do?

A further notification will be placed when/if the image is deleted. This notification is provided by a Bot, currently under trial --CommonsNotification (talk) 03:25, 6 May 2011 (UTC)

Main article?
In the "OTPs versus other methods of securing data" section, first paragraph, there is a link to "main article." I did not arrive at this page from that article. Can it be updated to reflect the title of that article? — Preceding unsigned comment added by Khatchad (talk • contribs) 16:07, 23 July 2012 (UTC)
 * I simply removed the parenthetical statement, and wikilinked to the relevant page within the sentence. If you have a better idea be bold, I haven't read the article carefully. Skippydo (talk) 21:33, 23 July 2012 (UTC)

OTP vs OTAC
Is One-time authorization code article the same thing? 101.99.31.77 (talk) 05:04, 3 July 2019 (UTC)


 * Hmm, I didn't notice that page existed until now. Yes, I agree, that content could be merged here without loss of generality. Tom Scavo (talk) 10:56, 3 July 2019 (UTC)
 * ✅ Klbrain (talk) 19:46, 28 June 2021 (UTC)

Lead Section on Downfalls
I edited the bottom part of the Lead that talked about the downfalls of OTPs. I found that there was more information on how phishing is still prevalent rather than the OTP being hard to memorize. In the case of a hard token, this also wouldn't apply or make sense. I made sure to add a citation to back it up, but I feel like this could also grow and become its own section. Hiiisparks (talk) 10:29, 21 November 2020 (UTC)

HMAC-based One-Time Passwords (HOTP)
I'm surprised that there is no mention of HOTP on this page. It is definitely different from the Hash Chain that is described, and I believe it is more prevalent in the realm of OTP for 2-Factor Authentication. Is there a reason that HOTP does not belong on this page? Or would it make sense to add it? Nispio (talk) 17:59, 15 February 2021 (UTC)


 * There's a link to HOTP in the article. Tom Scavo (talk) 20:05, 15 February 2021 (UTC)

Citation # 13 question
It references an article on barometric surgery. Is that really correct? 2600:2B00:9245:1D00:D466:3CB:44AB:D1AB (talk) 08:41, 19 September 2023 (UTC)
 * Ref was added here to existing text by a now-blocked user, and it seems to have nothing to do with the associated text. I will remove it and tag the paragraph for sourcing. Thanks for raising the issue. Meters (talk) 00:53, 1 May 2024 (UTC)