What do FIDO2, Webauthn, U2F, OTP, OPEN PGP, and OATH TOTP mean?

789 views
0

What is the difference between all those features for security and why do distinct features like each one even exist?? if you can explain each one that would be great. I guess I am framing my question in terms of hardware security keys if that matters.

In: Technology

Type “explain <then one of those terms>” into google or YouTube, your answer will appear. Be amazed!

OTP is – One Time Password. Usually used in 2-factor authentication. It’s a derived value based on a shared secret. THey are good because they are easy to use but have short lifespans.

TOTP – is an algorithm for generating OTPs Stands for TimeBased One Time Password. Using a shared secret (a long string of junk) A device like your phone can generate a numerical Password (usually 6 digits) based on the time. Because it’s calculated an external service (like a web page you wish to authenticate to) can also generate the same 6 digit code thus proving your identity. The code is easy to type only 6 digits but nearly impossible to brute force since any given 6 digit number is only valid for a 30 second window (or less). there is another OTP pattern called HOTP that generates codes in sequence instead of based on the current time.

PGP – stands for Pretty Good Privacy. It’s an encryption algorithm. In a nutshell it makes it easy to generate keypairs to encrypt stuff, Open PGP is just an open source implementation of the algorithm. Encryption is importent to keep things safe both at rest (sitting on your computer) as well as in transit (like emailing a sensitive document)

FIDO2 and WebauthN are authentication protocols, the latter may be a good way to replace passwords in the future.

U2F – universal 2 factor is usually a hardware device that implements an auth protocol like FIDO and is usually used as an alternative 2-factor compared to OTPs