One-Time Password Specifications (OTPS) are a set of open specifications being developed by RSA's RSA® Laboratories for the use of one-time passwords (OTP). One-time passwords are difficult to guess because their lifetimes are so short. In addition, they protect against a related threat called replay. With traditional passwords, if the authentication handshake is recorded, it can be replayed by someone who shouldn’t have access. If the password can only be used once, this is not possible.
The six proposed standards are published on RSA’s web site for review and comment. The specifications will be developed further through mailing list discussions and workshops and will be submitted to standards bodies as appropriate.
The standards deal with one-time password provisioning and retrieval as well as their transport and validation over a network. The development and adoption of these standards will make one time passwords easier and less expensive for developers to use. They cover both the traditional tokens, where a one-time password is displayed for the user to type into the computer and hardware tokens that are plugged directly into the computer, usually the USB port.