I recently came across references to OATH standards, specifically OCRA and EVV. I realized that I had heard about them in passing, but had never dug deeper. We are currently developing an internal transaction confirmation system and want to make everything as reliable as possible. I have read about OTP, everything seems clear, but OCRA - for challenge-response - sounds interesting, but there is almost no information. Maybe someone has already implemented something like this or has at least looked into it?
top of page
bottom of page
It is interesting to read such discussions - I never thought before that there are so many varieties of disposable codes. Usually everyone is limited to TOTP, maximum HOTP, but here is a whole world of standards. Thanks for the topic, I've taken a note of it, maybe it will come in handy someday.