Ukraine flag

We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page

What is one time password?

What is Two-Factor Authentication?

Two-factor authentication (2FA) or multi-factor authentication (MFA) is a security mechanism that provides an extra level of protection for online accounts. 2-factor authentication involves using an additional factor, such as a smartphone or a hardware OTP token, to confirm the user’s identity.

Through the requirement of this additional factor, unauthorized individuals are prevented from accessing the account, even if the password has been breached. This provides enhanced security and mitigates the danger of unsanctioned account access.

How Two-Factor Authentication Works?

Once the user tries to sign in to their account, they are prompted to provide their password, as usual. However, instead of immediately gaining access, they must also provide an additional authentication method. This second way to verify identity is a one-time passcode generated with the help of a 2FA app or hardware OTP token. The OTP passcode can also be delivered via a chatbot in a messaging app, SMS, or email.


  1. The user submits the password.
  2. The user provides the one-time code from the hardware OTP token or phone.
  3. The one-time code is sent through the API to Protectimus.
  4. Protectimus verifies the one-time code in real time, and your application instantly receives a positive or a negative response.
  5. If both passwords are correct, the user is granted access to their account.
One time password generator

What Is the Purpose of Using Two-Factor Authentication?

With the increase in online threats such as phishing, social engineering, hacking, and identity theft, relying on passwords alone is no longer sufficient to safeguard confidential data. Hackers often fraudulently access passwords through theft, guessing, or hacking techniques without the user being aware.

This is where two-factor authentication comes in. 2FA adds an extra level of protection, making it much more difficult for unauthorized individuals to gain access to an account even if passwords are compromised. One-time passwords used as a second layer of protection are unique and valid for only a short period, typically 30 seconds.

Moreover, if you use 2FA chatbots in messaging apps, push, email, or SMS as the second authentication factor, users are immediately notified on their phone if an unauthorized login attempt is detected.

What 2-Factor Authentication Methods Do We Support?

We offer several authentication methods, giving you the option to choose the most convenient and reliable for your users.

See the Tokens section for more information.


Authentication algorithm

What Authentication Algorithms Do We Use?

The Protectimus two-factor authentication solution supports all standard Initiative for Open Authentication (OATH) algorithms – HOTP, TOTP, and OCRA. As a coordinating member of the Initiative for Open Authentication and by leveraging OATH standards, we ensure our MFA solution is open, secure, and easy to use.


  • HOTP (HMAC-based One-Time Password) is an event-based algorithm that generates one-time passcodes based on a secret key and a counter.
  • TOTP (Time-based One-Time Password) generates OTP codes based on a secret key and the current time. The TOTP password is valid only for a short period, typically 30 seconds, and a new password is generated automatically after that period.
  • OCRA (OATH Challenge-Response Algorithm) is an algorithm that combines a challenge (a randomly generated value) and a secret key to generate a one-time password. This algorithm is highly versatile and is used for login authentication and transaction verification. The Protectimus Confirm What You See (CWYS) feature is based on the OCRA algorithm. CWYS function allows verifying and signing data and transactions.


How Do I Set It Up?

Preliminary Steps:


  1. Registering in Protectimus Cloud Service or downloading and installing Protectimus On-Prem Platform.
  2. Activating the API in one click.
  3. Adding users or synchronizing the Protectimus 2FA system with AD/LDAP.
  4. Enrolling tokens and assigning tokens to users.
  5. Integrating Protectimus into your infrastructure through existing plugins, libraries for major programming languages, or a well-documented API.

Find more information in the Integrations and Guides sections.

Do you have any questions? Get in touch with our support team, and you will get a quick answer.




Knowledge base

Today, when computer and Internet users are looking for the best way to ensure their data is secure and to prevent their information from being hacked, one time password authentication is the first thing that comes to mind. So, what is OTP password? The ‘OTP’ abbreviation itself stands for ‘one time password’ – an instrument used for implementing stronger authentication algorithms. With the two factor authentication service from Protectimus and a specifically designed token, OTP security enforces your data protection.

Users are naturally asked to create a password as a part of the authentication algorithm on every web-site, where you can keep any data. Many people think that with their unique password all the important information is unconditionally secure. However, users’ passwords unicity is highly questionable. Most passwords are logical: you use dates, numbers, last names to protect your information. Such passwords can be easily overseen, stolen or even guessed. On the contrary, users can utilise one time passwords to keep most important data safe from leakage, as OTP password is only valid once.

Finally, you are on a way to provide your project with the maximum protection by integrating OTP authentication. The only question is how to get one time password. This simple, but efficient tool, operates together with a specially designed companion – an OTP password generator, which is called a ‘token’ and can be either specially designed, or even represented by a gadget that you own. So here are the 3 steps to take to run OTP algorithm: sign up to Protectimus, choose the most suitable token and receive unique OTP whenever you need to be authenticated.

A token, or a one time password generator, is a device or a software program that uses an OTP generation algorithm to generate one time passwords when requested by the user. Normally tokens are a convenient OTP solution as they are stand-alone devices that don’t need access to any network. Hardware tokens used for one time password authentication, can use various algorithms, e.g. time based one time password (TOTP) and others.

Sources to get an OTP for one time password authentication are diverse. However, they are invented to perform one major task – maintain your data protection. Here, diversity implies that the tools you use to get your one time password are different: hardware or software, for basic or advanced tasks, requiring Internet connection or for offline use. Generally, you do not need to be online to get your OTP, if you have a token. At Protectimus, all hardware and software tokens are designed for offline password generation: TWO, SLIM, FLEX, and SMART.

What Exactly Is Meant by a One-Time Password (OTP)?


The Importance of One Time Passwords (OTP) in Securing User Data


How to Get One-Time Passwords?


Understanding Tokens as an OTP Generation Solution


Can I Get One Time Passwords Offline?