Passwords are the first line of defence in protecting our personal and professional information. From bank accounts and emails to social media profiles, they are the key to protecting access to our privacy. However, cyber-attacks are becoming more sophisticated and scams more difficult to detect. Moreover, it has been shown that a combination of characters is not enough to keep our identity safe.
Strong and complex passwords, alternating uppercase, lowercase and special characters such as !@-)^*, do not guarantee full protection. Cybercriminals have developed advanced techniques such as phishing or cracking that can compromise even the most secure passwords. It is therefore very important to strengthen these passwords with additional authentication methods that offer an extra layer of security.
One of these advanced solutions are OTP (One-Time Password), TOTP (Time Based One-Time Password) and HOTP (HMAC-Based One-Time Password). In this article we tell you what the concepts of OTP, TOTP and HOTP are, their differences and what each of them contribute.
What are OTP codes and how do they work?
The acronym may sound a bit strange, so the first thing to do is to define what OTP is. These are one-time passwords with security codes that can only be used once before they are reset. Static passwords, which are the ones we are used to using, are easy to crack and even more so if we do not change them regularly.
OTP codes involve generating a unique algorithm-based code. They are generated for one-time use and have a very short lifespan, making them difficult to predict and use. Each OTP is unique and is a combination of letters and numbers that is sent to the user via SMS, authentication app or email.
Types of one-time passwords (OTP)
There are two main types of one-time passwords (OTP): TOTP and HOTP. Both provide an additional level of security by generating unique temporary codes, but there are some differences in how they are generated and how they are used.
TOTP: Time-based one-time passwords
TOTP codes are time-based one-time passwords. They expire after a certain period of time, usually between 15 and 50 seconds. Once this time has elapsed, the algorithm re-creates a new code, reducing the risk of unauthorised use. This puts an end to the ease of leaking static passwords.
TOTP codes are common in applications that offer a second factor of authentication and authorisation such as TU Latchan innovative app that acts as a authorization control platform offering an additional layer of protection for your online accounts and services. You can use Latch TOTP codes on as many services as you want, such as your Instagram, Facebook, Gmail or Amazon accounts.
HOTP: HMAC-based one-time passwords
Subscribe to our newsletter!
Find out about our offers and news before anyone else
HOTP passwords are generated using a counter that increments each time a new code is requested. This method allows the code to remain valid until it is used. For example, when you make a transaction at the bank, once you authorise it with your password, you receive an additional security code on your mobile phone to complete it.
TOTP vs HOTP: differences and advantages
Although HOTPs are less common than TOTPs, both secure password generators increase account protection by ensuring that each code is unique and difficult to predict.
The first difference between the two is their date of development: HOTP in 2005 and TOTP in 2008. So we see that the latter is the evolution of the former, even though the two coexist today.
The big difference between HOTP vs TOTP, and what makes TOTP more secure, is the time factor. It is more difficult to hack a code that lasts for a few seconds versus one that can go unused for minutes. However, TOTPs are problematic on slow devices or devices that do not have a lot of connectivity.
Another difference is accessibility. The speed with which TOTP codes are updated can sometimes be a challenge, because it is often defaulted by the app, and you have to be nimble to enter the password before it is updated. This especially affects older people or those with difficulties. HOTPs are more accessible because there is no time limit, so the user can take it easy.
You can see that, although they are very similar and offer more security to your accounts, there are some differences. TOTP codes are an improved version, although personal needs may lead you to choose one or the other.
Improve security with TU Latch: access functionality with TOTP
Earlier we talked about Latch as an app that integrates TOTP security codes. It is a service offered by TU.com, to provide a second factor of authorisation (2FA) when managing digital identities in different online services.
From the “Logins” functionality you can integrate as many accounts as you want. Just go to the service you want to protect such as Instagram, Amazon or Microsoft. Then, although it may vary according to each domain, you have to go to the “Settings and Privacy” section, then to the “Security” section which shows “Two-factor authentication” and inside the “Authentication App” option. Once the Latch app is open, from within “Logins” click on the “Add account” button and enter the code you see, and the chosen service will be automatically integrated to the home screen.
Latch is an app that offers everything you need to protect your digital services, with the latest cybersecurity technology. It is free and very intuitive to use.
Graduado en Comunicación Audiovisual y en un máster en Dirección de Marketing, interesado en la innovación y en cómo conectar las marcas con las personas. Madrileño con tintes pamplonicas y seguidor del Atlético de Madrid. Actualmente aprendo en el equipo de marketing de Telefónica Innovación Digital.