The new passwords are generated by the system using a one-way hash function (Bhaiji, 2009).
Challenge/response: This type also uses mathematical algorithm, but with a challenge function. In this type, the user needs to generate a one-time password by entering a challenge (a random number or secret key), received at the time of login, into the password-generating token/software. Since new passwords are based on a challenge mechanism instead of being based on previous password, this type offers more security as compared to mathematical algorithm type (Bhaiji, 2009).
Time-synchronized: In this type, passwords are generated by the system using a physical hardware token that has an accurate clock synchronized with the clock on the authentication server (Bhaiji, 2009).
OTP technology is a type of multifactor (two-factor) authentication access control which provides strong user authentication for secure access. Two-factor authentication refers to the combination of any two of the three basic forms of one-factor authentication mechanism: something the user knows such as a password, pass phrase or PIN (personal identification number), something the user possesses such as a smart card or access token (hardware or software), and something physically unique about the user such as a fingerprint, voice, retina or iris scan, or DNA sequence (Samuelle, 2008).
If the intruder is able to guess a randomly generated OTP somehow, he will be able to access the system only once because subsequent access would require him to get lucky again guessing a randomly generated OTP.
The major problem of OTPs is that no user can ever able to remember them because they are generated in bulk and stored in a file on a system. Therefore, OTPs are vulnerable to eavesdropping because if someone knows that the passwords are stored in the file, and then he can gain unauthorized access to the user’s account where he can then install keystroke-capturing