A password given to the user for one login session only and that must be used within a certain amount of time. One-time passwords are sent from tech support to people who need help registering or logging into a website. As soon as the one-time password (OTP) enables access to the site, it is no longer valid, and users must create a permanent password. OTPs are also created for physical authentication devices (see authentication token), and they are sometimes used as a second means of authentication if a person logs in from a new computer (see two-factor authentication).
One-time passwords can be used for only one authentication process in order to gain access to a system. By using one-time passwords, the probability of an attack relying on the interception and replay of network traffic is lessened because a previously valid password will not be accepted on a second or following round. One-time passwords are typically used in security-critical environments in which clear-text passwords continue to be used.