1 article with this tag
A one-time password (OTP) is a short-lived, single-use code that becomes invalid once used. Types: authenticator-app TOTP (time-based), HOTP (counter-based), and SMS-OTP. It's strong against leaked and reused passwords and is commonly the 'something you have' factor in 2FA. But it has a limit: adversary-in-the-middle (AiTM) phishing can relay an OTP through a fake site and still get in. True phishing resistance comes from a domain-bound passkey. OTP is 'much better than nothing, but not the finish line.'