An organization has introduced token-based authentication to system administrators due to risk of password compromise. The tokens have a set of numbers that
automatically change every 30 seconds. Which of the following type of authentication mechanism is this?
A.
TOTP
B.
Smart card
C.
CHAP
D.
HOTP
Explanation:
Time-based one-time password (TOTP) tokens are devices or applications that generate passwords at fixed time intervals. In this case, it’s every 30 seconds.
Incorrect Answers:
B: A smart card is sometimes referred to as an identity token containing integrated circuits. It does not generate passwords based on time.
C: The Challenge-Handshake Authentication Protocol (CHAP) is used primarily over dial-up connections to provide a secure transport mechanism for logon
credentials. It does not generate passwords based on time.
D: HMAC-based one-time password (HOTP) tokens are devices that generate passwords based on a nonrepeating one-way function.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 282,283.