« Back to Glossary Index

HMAC based one time password. The event based standard algorithm, which is used by many hardware tokens and smartphone Apps.

THe HOTP algorithm uses a counter and a secret key (seed) to calculate one time passwords. The secret key is stored in the token and in the server backend and must not get known to any third party, as an attacker can reproduce OTP values with this key.

Tokens, that can be initialized with a new secret key (like the eToken NG OTP, eToken PASS and Yubikey) assure that only your system knows the key.

The HOTP algorithm is defined in RFC 4226.

« Back to Glossary Index