A one-time password or passcode (OTP) is a string of characters or numbers that authenticates a user for a single login attempt or transaction. An algorithm generates a unique value for each one-time password by factoring in contextual information, like time-based data or previous login events. Tech support teams typically administer OTPs to people who’ve forgotten their login credentials to an account or website, or when the resource in question requires additional protection from unwanted access attempts. OTPs can also add a second layer of authentication that an unverified user will need to pass before they can access an account. When authenticating users, companies have to keep three independent factors to keep in mind: Knowledge. Things the user knows, like a password, PIN, or security question answer. Possession. Things the user has, such as a token, credit card, or phone. Biometric. Things that identify the user uniquely.