We support hardware keys that generate a token (not biometric based), or a One-Time Password (OTP). Or more precisely, hardware keys that are either TOTP or HOTP based.
What is OTP?
OTP or One-Time Password is often used in combination with a regular user account and password as an additional security layer for authentication.
An OTP can be retrieved by a mobile (smartphone) application, such as the Evo Secure Login app. A user can also retrieve an OTP from a hardware key, or key fob.
SHA-1 is just one industry standard algorithm that is used to generate an OTP. No matter which algorithm is used, they all require two inputs to generate an OTP code (1) a seed, (2) a moving factor.
The seed is a static value, or secret key, that gets created when you establish a new account with an authentication server. Although the seed doesn’t change, as it is tied to your user. The moving factor will change each time a new OTP is requested.
What is TOTP?
TOTP or Time-Based One-Time Password, uses a seed that is static, and as you’d expect from the name the moving factor for a TOTP is time-based.
The amount of time a TOTP is valid is based on the timestep, which is commonly 30 seconds long. If the password is not used within the time window, a new password must be requested.
What is HOTP?
HOTP or Hash-based Message Authentication Code (HMAC)-based One-Time Password is an event-based OTP.
Each time a HOTP code is requested, and validated the moving factor is incremented based on a counter. The code generated for HOTP is valid until a new code is requested and has been validated by the server.
Based on this, the hardware key generator and server are synced each time a code is requested and validated.
What current Hardware Keys does Evo Support?
We currently support Yubikey (5 series) and FEITIAN (30-second TOTP) keys. Please refer to the following articles for information about those keys and which models have been tested to work: