OTP (One-Time Passwords)

If your token supports the one-time password (OTP One-Time Password. A password that is valid for only one login session or transaction, used to provide an additional layer of security.) generation function, you can access it from the OTP section in the left navigation pane.

The OTP view with no slots configured.

Configuring One-Time Passwords

OTP Configuration Using QR Code

If you have a one-time password configuration QR code available, displayed on your screen, follow these steps to configure your OTP:

  1. Go to OTP in the left navigation pane and click the Configure button in the top-right corner of the screen.

    The OTP view with no slots configured.

  2. Click the button with the QR code icon in the top-right corner of the dialog to launch the snipping tool.

    The OTP Configuration dialog with the QR code icon highlighted.

  3. Capture the QR code into the clipboard using the snipping tool.

    Note: If you already have a QR code captured in your clipboard, this action will use the content of the clipboard without activating the snipping tool.
  4. Crescendo Manager will automatically read the captured QR code and fill in the necessary details for you.

  5. For Crescendo 4000 family tokens, click the ClosedAccess Control Configuration dropdown to select the default access control behavior for your token when generating OTPs in contact and contactless modes.

    The Access Control Configuration options highlighted

    • Always: No authentication is required for OTP generation.

    • Never: OTP generation is not be allowed.

    • PIN: Authentication with PIN is required for OTP generation.

    • PIN and Touch: Both PIN entry and a button press on the token are required for OTP generation.

  6. Click Submit to finalize the OTP configuration.

  7. The configured OTP will appear as a new tile in the OTP view.

Manual OTP Configuration

To configure your OTP manually:

  1. Go to OTP in the left navigation pane and click the Configure button in the top-right corner of the screen.

    The OTP view with no slots configured.

  2. Select the OTP type:

    The One-Time Password Configuration dialog with the OTP Type field highlighted.

    • HMAC-Based One-Time Password (HOTP): Generates a password based on a cryptographic hash function and a counter that increments each time a new OTP is generated. The password remains valid until it is used.

    • Time-Based One-Time Password (TOTP): Generates a password based on the current time and valid only for a short window of time.

    • OATH Challenge-Response: Generates a response based on a challenge sent by an authentication server, using the configured parameters.

Generating OTPs

Once you have configured an OTP, you can generate it by clicking on the respective slot in the OTP view.

  • A generated HOTP or TOTP will automatically be copied into your clipboard.

  • For an OCRA OTP, you will be prompted to provide a challenge. A password and session data may also be required, if configured.

Viewing OTP Details

To view the OTP details, hover over the information icon in the top-right corner of the OTP tile.

The One-Time Password Details screen tip displayed.

The configuration details will appear in a pop-up.

Deleting Configured OTPs

To delete a configured OTP, click the trash bin icon Trash Bin Iconin the bottom-right corner of the OTP tile in the OTP view.

A dialog will open prompting you to confirm the deletion.