One Time Password
Todos eCode includes generation of an OTP – One Time Password. The OTP can be generated on a smart card (presented by an eCode device), token, mobile phone or sent by text message. The OTP is entered by the end user and verified by the Todos eCode Central System.
OTP prevents the following attacks: Key logging1, Screen logging and Shoulder-Surfing. By the time the attacker sees the OTP being entered, it is already too late, since the OTP is already used and not valid anymore. If the OTP is logged or recorded in any way, it is of no value to the attacker since it is only valid once and only at the time it is used. OTP combined with a password and/or a PIN is one way obtaining Two-Factor Authentication.