OTP Tokens

MiniOTP | Digipass Go6 | Freja Mobile Client | Digipass 261 | Pocket OTP Token | YubiKey USB Key | SMS OTP

There are many different types of OTP tokens on the market. These can be divided into two main categories: those with PIN protection, and those without PIN protection. In general, OTP devices that comply to OATH are less expensive than their proprietary counterparts.

OTP Tokens without PIN protection

These tokens generate a new password every time the button is pressed. Without PIN protection a token is vulnerable to unauthorized use. It is possible to increase the security of these tokens by combining the one time password with a fixed PIN or even a traditional password. By combining the OTP with a fixed PIN the solution is arguably almost as secure as a true two-factor solution (see below).

  • miniotp

    MiniOTP

    Manufacturer: ActivIdentity
    Keyboard: NO

    The Mini OTP Token is designed for high-volume token deployments in consumer and employee authentication. The Mini OTP Token is waterproof and has options for customized logos and case colors.

  • Digipass Go6

    Digipass Go6

    Manufacturer: Vasco
    Keyboard: NO

    DIGIPASS GO 6 is a 'one-button' authenticator, based on VASCO's proven DIGIPASS technology. Banks and other organizations can effectively combat internet fraud by replacing static or paper based password systems, using DIGIPASS GO 6.

Back to top

Mobile OATH Token

A mobile client emulating a physical token with keyboard is an option available for most mobile phones on the market today. The security of these mobile tokens is equivalent to the OTP tokens with PIN protection described above. The user is required to enter a PIN to access the application, and can then generate passwords and access the protected system.

Mobile clients have the advantage of being installed on existing devices, which removes the need for carrying multiple devices. Drawbacks of mobile clients include the fact that mobile phones are increasingly connected and unlike tokens more susceptible to attacks.

  • mobile phone

    Freja Mobile Client

    Manufacturer: Verisec
    Keyboard: NO

    Freja Mobile Client is a mobile client used to generate one-time passwords based on the OATH algorithm. Freja Mobile Client turns your mobile device into a security token and it is available for most platforms.

Back to top

OTP Tokens with PIN protection - Two-factor Authentication

Two-factor authentication (2FA) provides a higher level of security than a token without PIN protection. It is still a one-time password, but the generation of the password takes place after the user has entered a PIN on the token keyboard. Since the PIN is required to generate the password, the solution is called two-factor, i.e. a knowledge factor (the PIN) and a physical factor (the token itself) are required in combination. Just having the token in your possession is not enough to generate a password.

  • digipass 261

    Digipass 261

    Manufacturer: Vasco
    Keyboard: YES

    DIGIPASS 261 is an all-in-one device for user authentication and e-signatures. The use of one-time passwords (OTP) at log-on and e-signatures for high-risk transaction validation, effectively combats financial fraud for organizations in need of a cost-efficient solution for massive rollouts.

  • pocket otp

    Pocket OTP Token

    Manufacturer: ActivIdentity
    Keyboard: YES

    The ActivIdentity Pocket OTP Token is a portable, durable device for strong authentication. It is designed for highly mobile users.

Back to top

OATH OTP USB

The advantage of a USB unit is that they require no battery, which is environmentally friendly and increases the life expectancy of the device. Security is equivalent to the OTP tokens without PIN protection described above.

By pressing the button on the OATH OTP token, a one-time password is sent to the login window automatically. From a user perspective this means that no password needs to be typed in the password field of the login window, which makes the unit more user friendly.

A USB device typically emulates a HID (human interface device) such as a keyboard. Most operating systems will immediately recognize the OTP device as a keyboard, thereby removing the need for an installation.

  • yubikey

    YubiKey USB Key

    Manufacturer: Yubico
    Keyboard: NO

    A unique USB-key for instant and strong authentication to networks and services. With a simple touch on the YubiKey, it automatically sends the user’s identity and a secure one time pass code. It works from any computer for any number of applications with no client software needed.

SMS OTP

A popular new authentication method is to have one time passwords issued via SMS. This is arguably one of the most secure authentication mechanisms because it is not exposed to online attacks in the same way as a mobile client is. Also, many customers use this method to enhance the inherent security of 2FA by adding a second channel of communication, thereby reducing the risk of a successful attack. Dual channel communications means that an assailant would have to be able to intercept both the data traffic and the telecommunications traffic in order to mount an attack, a complex and highly unlikely scenario.

  • mobile sms

    SMS OTP

    Support for SMS and e-mail authentication is built into the Freja authentication platform. When a user wishes to login, a SMS or e-mail is sent to a pre-defined number or e-mail address. Based on this message the user can then complete the login procedure. SMS and e-mail authentication does not in itself constitute strong authentication, but allows for a flexible and cost efficient one-time password solution.

Back to top

Learn more Password tokens and mobile tokens supported by OATH (pdf 174kb)

Contact us

+46 8 723 09 00, or

0800 917 8815 (UK toll-free)

info@verisec.com