A one-time password (OTP) is a temporary, secure PIN-code or password that is valid for only one login session or transaction. OTPs are generated automatically and can be numeric or alphanumeric strings of characters. OTPs are more secure than static passwords, especially user-created passwords, which can be weak and/or reused across multiple accounts. OTPs may replace authentication login information or may be used in addition to it to add another layer of security. OTPs can be implemented using hardware, software, or on demand. OTPs are used to prevent some forms of identity theft by making sure that a captured username/password pair cannot be used a second time. OTPs are commonly used in two-factor authentication (2FA) to provide much better protection to eBanking, corporate networks, and other systems containing sensitive data. OTPs can be sent via SMS, email, voice, or push message. OTPs can be generated using a variety of methods, including security tokens, mobile device apps, and one-time password algorithms. The same number and algorithm are used by the security token on the smart card or device to match and validate. OTPs are valid for only one transaction or login session, unlike traditional passwords that remain static or expire every 30 to 60 days.