A Comparative Analysis of HOTP and TOTP Authentication Algorithms. Which one to choose?

Abstract

Giving the right access, limiting resources, and recognizing a user’s identity are important steps that need to be taken into consideration before entering a certain network. These steps are executed by authentication and authorization. In this paper, we put our focus on authentication algorithms HOTP and TOTP as two algorithms for generating one-time passwords. A one-time password is an automatically generated string of characters - a password that is meant to be used only once. This password is only valid for one login session or transaction. Due to its randomness and usage (only once), it leads to higher security outputs, and that is why this type of password is used in authentication algorithms. We will analyse both algorithms and their working way and will present the obtained results and their usage in practice. The main characteristic is that the HOTP algorithm uses only hash functions and the TOTP algorithm uses time above the hash. To check when each algorithm is better to use, we need to know the given environment and circumstances. In this paper, we will try to answer the question” Which one is better at a particular time?”. Depending on many factors that we analyse through the sections, we are going to make conclusions that will be useful for future planning of good security passwords.