HOTP Authentication

Token setup must be requested by your supervisor and will be completed by the IT department.
The HOTP device is a one-time purchase managed by IT. Any lost, damaged, or stolen equipment will be the responsibility of the respective department.

What is HOTP?

HOTP, or HMAC-based one-time password, is a type of one-time password (OTP) algorithm that uses a counter to generate a new password for each login or transaction. The “H” in HOTP stands for Hash-based Message Authentication Code (HMAC).

HOTP is a popular choice for improving security across digital platforms because it’s unique, independent of time, and versatile:
  • Unique: Each new password reduces the risk of stolen or compromised passwords.
  • Independent of time: Unlike time-based one-time passwords (TOTPs), HOTP doesn’t require time synchronization between the server and client.
  • Versatile: HOTP can be used for access control for both digital and physical resources. 

HOTPs are often used as a second factor during two-factor authentication and are typically 6 or 8 digits long. A validation server is required to verify the authenticity of HOTPs, and the OTP generator and server are synced each time the code is validated. Yubiko’s Yubikey is an example of an OTP generator that uses HOTP.