本文介绍了基于时间的一次性密码(TOTP)的工作原理及其在2因素身份验证中的作用,强调了它相对于基于SMS方法的优势。TOTP通过智能手机应用程序生成不断变化的一次性密码,提高了用户帐户的安全性。文章还涵盖了HOTP算法和使用QR码进行密钥共享的过程。
基于时间的一次性密码
by Prakash Sharma
通过Prakash Sharma
基于时间的一次性密码的工作方式以及为什么应在应用程序中使用它们。 (How Time-based One-Time Passwords work and why you should use them in your app.)
With the increase in cyber security threats, it has become more and more necessary to upgrade the security standards of your web applications. You need to make sure your users’ accounts are safe.
随着网络安全威胁的增加,升级Web应用程序的安全标准变得越来越必要。 您需要确保您的用户帐户安全。
Nowadays, a lot of online web applications are asking users to add an extra layer of security for their account. They do it by enabling 2-factor authentication. There are various methods of implementing 2-factor authentication, and TOTP (the Time-based One-Time Password algorithm) authentication is one of them.
如今,许多在线Web应用程序都在要求用户为其帐户添加额外的安全层。 他们通过启用2要素身份验证来做到这一点。 实现2要素身份验证的方法很多,TOTP(基于时间的一次性密码算法)身份验证就是其中一种。
This article explains what it is, and how and why to use it. But before understanding that, let’s first briefly take a look at what two-factor authentication means.
本文介绍了它的含义以及使用方法和使用方法。 但是在了解这一点之前,让我们首先简单地看一下两因素身份验证的含义。
什么是两因素身份验证? (What is Two Factor Authentication?)
Two-factor authentication (or multi factor authentication) is just an extra layer of security for a user’s account. That means that, after enabling two factor authentication, the user has to go through one more step to log in successfully. For example, the usual steps for logging in to an account are:
两因素身份验证(或多因素身份验证)只是用户帐户的额外安全层。 这意味着,在启用两因素身份验证之后,用户必须再执行一个步骤才能成功登录。 例如,登录帐户的通常步骤是:
But after enabling 2-factor authentication, the steps look something like this:
但是在启用2因子身份验证后,步骤如下所示:
So this adds one more step to the login process. This method is more secure, because a criminal cannot access the user’s account unless they have access to both the user’s regular password and one time password.
因此,这将使登录过程又增加了一步。 此方法更加安全,因为犯罪分子除非可以访问用户的常规密码和一次性密码,否则无法访问用户的帐户。
Currently, there are two widely used methods to get that one time password:
当前,有两种广泛使用的方法来获得一次密码:
SMS-based: In this method, every time the user logs in, they receive a text message to their registered phone number, which contains a One Time Password.
基于SMS:使用此方法,每次用户登录时,他们都会收到一条短信到其注册的电话号码,其中包含一个一次性密码。
TOTP-based: In this method, while enabling 2-factor authentication, the user is asked to scan a QR image using a specific smartphone application.
基于TOTP:在此方法中,在启用2要素身份验证的同时,要求用户使用特定的智能手机应用程序扫描QR图像。
That application then continuously generates the One Time Password for the user.
然后,该应用程序会连续为用户生成一次密码。
The SMS-based method does not need any explanation. It’s easy, but it has its own problems, like waiting for the SMS on every login attempt, security issues, and so on. The TOTP-based method is becoming popular because of it’s advantages over the SMS-based method. So let’s understand how the TOTP-based method works.
基于SMS的方法不需要任何解释。 这很容易,但是有它自己的问题,例如每次登录时都要等待SMS,安全性问题等等。 由于基于TOTP的方法相对于基于SMS的方法具有优势,因此变得越来越流行。 因此,让我们了解基于TOTP的方法是如何工作的。
最低0.47元/天 解锁文章
889
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
