New Developments in OTP Authentication Hardware

Nick Smith | 19 January 2017 | One-time Password OTP Authentication

Despite the emergence of mobile-based authentication technologies and the convenience they offer, organisations concerned with security continue to embrace the humble One-Time Password (OTP) token and the security it brings.

The last few years have seen big moves in the digital security sector. While much focus has been placed on new, often mobile-based, authentication mechanisms, the traditional One-Time Password token (OTP token) is still proving itself to be a mainstay of the strong authentication market.

Credit card sized One Time Pasword OTP token

OTP card - Credit card sized OTP token perfect for keeping in a wallet or purse

One Time Password OTP token key fob

OTP key fob token

The convenience of software authentication apps, including OTP generators such as Google Authenticator, is obvious. Having an authentication app on the device you already carry avoids the need to carry extra hardware around with you. If you were to lose your phone chances are you will notice quite quickly.

But smartphones are open to numerous vulnerablites and attack vectors. Apps must store keying data locally and that can be compromised by devices becoming infected with malware, jailbroken or rooted.

You might be thinking at this point, "so what about SMS delivery of OTP codes?" Well, as documented in summer 2016, NIST no longer considers SMS a secure delivery mechanism for OTP codes due to the ease with which SMS messages can be captured.

These issues go a long way to explain why dedicated hardware OTP tokens are still in demand and why the industry is still buying them at pace.

With continued demand comes innovation. The newest development in the OTP world is the OTP card - an OATH-compliant credit card sized token that is perfect for carrying in your wallet or purse. These cards feature either a traditional LCD screen or a high-contrast eInk display, commonly found on e-readers such as the Amazon Kindle. In addition to this the new cards default to using SHA-256 in the HOTP/TOTP algorithms over the default SHA-1 used by older tokens. OTP cards are available in both event-based (HOTP) and time-based (TOTP) variants.

Microcosm is pleased to announce the addition of these excellent OTP cards to our range as of January 2017.