One-Time Password Authentication - How It Works

Last Updated: 04/03/2017

Help - How It Works

Logging In

To use the device, the customer begins a typical login process where the target system requests a username and password.

Instead of the typical username and password entry,  the customer enters their username and then presses the button on their authenticator.  For the password, the customer inputs their secret four digit PIN code followed by the six digit number displayed on the authenticator (without any dashes, spaces or pressing of the 'enter' key.)

Visual for the authenticator

For example, customer 'buffalor' has set a pin of 1111.  When the customer is ready to log onto a system using OTP, the customer presses the  button on the authenticator and the display reads '257324.'  The customer would log in with:

  • Username: buffalor
  • Password: 1111234567

Note: a PIN of 1111 is an unwise choice and just used here for clearer documentation.

Stale Passwords

If the customer waits too long to complete this action, the '257324' number may get 'stale' and stop working.  This most often happens when the number is already a bit stale when the button is first pressed and the user is slow typing it in. In that case, the login is refused and the customer must repeat the process, pressing the authenticator button again and getting a new number.

Some people find it easier to get their username and PIN entered, and then getting the number from the authenticator to maximize the time you have to complete that action.

The number changes on the display every 32 seconds but the number is actually valid for a bit longer than that so you have some time to get logged in with any number displayed.