The token property
countin privacyIDEA is used to calculate the OTP Value using the HMAC-type algorithms HOTP or TOTP.
- OTP PIN¶
The OTP PIN is the secret password with which the user authenticates against privacyIDEA. The policy action otppin sets the type of password. With this password privacyIDEA will identify the tokens for which further actions are taken (trigger a challenge or check a given OTP Value). In terms of two factor authentication the OTP PIN is the first factor, the knowledge.
- OTP Value¶
A one-time password, which is generated by some mathematical algorithm, usually HMAC, based on a seed. The term OTP value is used frequently by privacyIDEA to distinguish the changing value from the OTP PIN. In terms of two factor authentication the OTP Value is actually the 2nd factor, the possion factor, since it is usually only possible to calculage, if the user is in the possession of the smartphone app or a hardware token. The OTP Value is calculated using the secret cryptographic Seed.
The seed is a cryptographic secret which is shared between the privacyIDEA server and the client like the smartphone app or a hardware token. One-time passwords are calculated based on the seed.