all-in-one privacy solution":["Proton Unlimited est une solution tout-en-un respectueuse de la vie privée"],"Black Friday":["Black Friday"],"No ads. Privacy by default.":["Aucune publicité, le respect de la vie privée comme règle absolue"],"People before profits":["Les individus passent avant les profits"],"Security through transparency":["Notre engagement de transparence"],"The best Proton Mail ${ BLACK_FRIDAY } deals":["Les meilleures offres ${ BLACK_FRIDAY } de Proton Mail"],"The world’s only community- supported email service":["La seule messagerie au monde soutenue par la communauté"]},"specialoffer:limited":{"${ hours } hour":["${ hours } heure","${ hours } heures"],"${ hoursLeft }, ${ minutesLeft } and ${ secondsLeft } left":["Temps restant : ${ hoursLeft }, ${ minutesLeft }, ${ secondsLeft }"],"${ minutes } minute":["${ minutes } minute","${ minutes } minutes"],"${ seconds } second":["${ seconds } seconde","${ seconds } secondes"],"Limited time offer":["Offre à durée limitée"]},"specialoffer:listitem":{"Create multiple addresses":["Créez plusieurs adresses"],"Hide-my-email aliases":["Alias « hide-my-email »"],"Quickly unsubscribe from newsletters":["Désabonnez-vous rapidement des newsletters"],"Use your own domain name":["Utilisez votre propre nom de domaine"]},"specialoffer:logos":{"As featured in":["Ils en parlent"]},"specialoffer:metadescription":{"Get an encrypted email that protects your privacy":["Choisissez une messagerie électronique chiffrée qui protège votre vie privée"]},"specialoffer:metatitle":{"Proton Mail Black Friday Sale - Up to 40% off":["Offre Proton Mail Black Friday - Jusqu'à 40 % de réduction"]},"specialoffer:newmetadescription":{"Get up to 40% off Proton Mail subscriptions this Black Friday. Find great deals on our secure end-to-end encrypted email plans.":["Obtenez jusqu'à 40 % de réduction sur les abonnements Proton Mail à l'occasion du Black Friday. Profitez d'offres exceptionnelles sur nos abonnements de messagerie électronique sécurisée et chiffrée de bout en bout."]},"specialoffer:newmetatitle":{"Proton Mail Black Friday sale | Up to 40% off secure email":["Offre Black Friday Proton Mail | Jusqu'à 40 % de réduction"]},"specialoffer:note":{"* Billed at ${ TOTAL_SUM } for the first year":["* Facturé ${ TOTAL_SUM } pour la première année"],"*Billed at ${ TOTAL_SUM } for the first 2 years":["*Facturé ${ TOTAL_SUM } pour les 2 premières années"],"30-day money-back guarantee":["Garantie satisfait ou remboursé pendant 30 jours"],"Billed at ${ TOTAL_SUM } for the first 2 years":["Facturé ${ TOTAL_SUM } pour les 2 premières années"],"Billed at ${ TOTAL_SUM } for the first year":["Facturé ${ TOTAL_SUM } pour la première année"],"You save ${ SAVE_SUM }":["Vous économisez ${ SAVE_SUM }"]},"specialoffer:off":{"${ PERCENT_OFF } off":["-${ PERCENT_OFF }"]},"specialoffer:testimonial":{"I love my ProtonMail":["J'adore mon ProtonMail"],"My favorite email service":["Ma messagerie électronique préférée"],"Thanks Proton for keeping us all safe in the complicated internet universe.":["Merci Proton de nous garder en sécurité dans l'univers complexe d'internet."],"You get what you pay for. In the case of big tech, if you pay nothing, you get used. I quit using Gmail and switched to @ProtonMail":["Vous avez ce pour quoi vous payez. Avec les Big Tech, si vous ne payez rien, vous êtes utilisé. J'ai arrêté d'utiliser Gmail et je suis passée @ProtonMail"]},"specialoffer:time":{"Days":["Jours"],"Hours":["Heures"],"Min":["Min"]},"specialoffer:title":{"And much more":["Avec en plus"],"Make your inbox yours":["Votre boite de réception sur mesure"],"Safe from trackers":["À l'abri des traqueurs"],"Stay organized":["Bien organisé"],"Black Friday email deals":["Offres Black Friday pour la messagerie électronique"],"Don’t just take our word for it":["Ce qu'en disent nos utilisateurs"],"Our story":["Notre histoire"],"Transfer your data from Google in one click":["Transférez vos données depuis Google en un clic"]},"specialoffer:tooltip":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, connect up to 10 devices, access worldwide streaming services, malware and ad-blocker, and more.":["Accédez aux contenus bloqués et naviguez en toute confidentialité. Comprend plus de ${ TOTAL_VPN_SERVERS } serveurs dans plus de ${ TOTAL_VPN_COUNTRIES } pays, la possibilité de connecter jusqu'à 10 appareils, l'accès aux services de streaming dans le monde entier, un bloqueur de logiciels malveillants et de publicités et bien plus encore."],"Easily share your calendar with your family, friends or colleagues, and view external calendars.":["Partagez facilement votre calendrier avec votre famille, vos amis ou collègues et consultez des calendriers externes."],"Includes support for 1 custom email domain, 10 email addresses, 10 hide-my-email aliases, calendar sharing, and more.":["Comprend la prise en charge de 1 domaine de messagerie personnalisé, de 10 adresses e-mail, de 10 alias « hide-my-email », du partage de calendriers et bien d'autres fonctionnalités."],"Includes support for 3 custom email domains, 15 email addresses, unlimited hide-my-email aliases, calendar sharing, and more.":["Comprend la prise en charge de 3 domaines de messagerie personnalisés, de 15 adresses e-mail, d'un nombre illimité d'alias « hide-my-email », du partage de calendriers et bien d'autres fonctionnalités."],"Manage up to 25 calendars, mobile apps, secured with end-to-end encryption, 1-click calendar import from Google, and more.":["Jusqu'à 25 calendriers, des applications mobiles, la sécurité avec le chiffrement de bout en bout, l'importation de calendrier en un clic depuis Google..."]},"Status banner":{"Learn more":["En savoir plus"],"Please note that at the moment we are experiencing issues with the ${ issues[0] } service.":["Nous rencontrons actuellement des problèmes avec le service ${ issues[0] }."],"We are experiencing issues with one or more services at the moment.":["Nous rencontrons actuellement des problèmes avec un ou plusieurs services."]},"Status Banner":{"At the moment we are experiencing issues with the Proton VPN service":["Nous rencontrons actuellement des problèmes avec le service Proton VPN."],"Learn more":["En savoir plus"]},"suggestions":{"Suggestions":["Suggestions"]},"Support":{"Sub category":["Sous-catégorie","Sous-catégories"]},"Support article":{"${ readingTime } min":["${ readingTime } minute","${ readingTime } minutes"],"Category":["Catégorie","Catégories"],"Didn’t find what you were looking for?":["Vous ne trouvez pas ce que vous cherchez ?"],"General contact":["Contact - Général"],"Get help":["Obtenir de l'aide"],"Legal contact":["Contact - Juridique"],"Media contact":["Contact - Média"],"Partnerships contact":["Contact - Partenariats"],"Reading":["Lecture"]},"Support troubleshooting":{"App version":["Version de l'application"],"Browser":["Navigateur"],"Check if this helps":["Vérifiez si cela vous aide."],"Choose a product":["Choisir un produit"],"Did this solve your issue?":["Cela a-t-il résolu votre problème ?"],"Faster assistance is just a few clicks away":["Quelques clics suffisent pour obtenir une assistance plus rapide"],"How can we help?":["Comment pouvons-nous vous aider ?"],"No, contact support":["Non, contacter le support"],"Please fill out one field after another":["Veuillez remplir les champs l'un après l'autre"],"Please make your selections":["Veuillez faire vos sélections"],"Proton account":["Compte Proton"],"Proton for Business":["Proton for Business"],"Thank you for your feedback":["Nous vous remercions pour votre commentaire."],"What can we help with?":["En quoi pouvons-nous vous aider ?"],"Yes":["Oui"]},"support_modal_search_query":{"Search query":["Recherche"]},"support_search_button":{"Search":["Rechercher"]},"support_search_i_am_looking_for":{"I'm looking for":["Je recherche des informations sur..."]},"SupportForm":{"For a faster resolution, please report the issue from the Bridge app: Help > Report a problem.":["Pour que le problème soit résolu plus rapidement, vous pouvez le signaler à partir de l'application Bridge : Aide > Signaler un bug."],"Information":["Informations"]},"SupportForm:option":{"Account Security":["Sécurité du compte"],"Contacts":["Contacts"],"Custom email domain":["Domaine de messagerie personnalisé"],"Email delivery and Spam":["Distribution des messages et indésirables/spam"],"Encryption":["Chiffrement"],"Login and password":["Identifiant et mot de passe"],"Merge aliases and accounts":["Fusion des alias et des comptes"],"Migrate to Proton":["Migration vers Proton"],"Notifications":["Notifications"],"Other":["Autre"],"Plans and billing":["Abonnements et facturation"],"Proton for Business":["Proton for Business"],"Sign up":["Inscription"],"Storage":["Espace de stockage"],"Users, addresses, and identities":["Utilisateurs, adresses et identités"]},"SupportForm:optionIntro":{"Select a topic":["Choisissez un sujet"]},"swiss_baseed_feature":{"Swiss based":["Basé en Suisse"]},"Testimonial":{"Awards":["Récompenses"],"Customers":["Clients"],"Featured":["Ils en parlent"],"Go to testimonial source":["Accéder aux commentaires"],"Reviews":["Avis"],"Videos":["Vidéos"]},"Text":{"If you need help, check out our ${ supportLink }.":["Si vous avez besoin d'aide, consultez notre ${ supportLink }."],"The page you’re looking for might have been removed, or it could be an\nold link.":["La page recherchée a peut-être été retirée ou le lien utilisé n'est plus valide."]},"Title":{"On this page":["Sur cette page"],"Related articles":["Articles similaires"],"Share ${ thisPage }":["Partagez ${ thisPage }"],"Thank you!":["Merci !"],"this page":["cette page"]},"Tooltip":{"More information":["Plus d'informations"]},"tooltip_vpn":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, highest VPN speed, ${ TOTAL_VPN_CONNECTIONS } VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Accédez aux contenus bloqués et naviguez en toute confidentialité. Comprend plus de ${ TOTAL_VPN_SERVERS } serveurs dans plus de ${ TOTAL_VPN_COUNTRIES } pays, la vitesse VPN la plus élevée, ${ TOTAL_VPN_CONNECTIONS } connexions VPN, l'accès aux services de streaming dans le monde entier, un bloqueur de logiciels malveillants et de publicités et bien plus encore."]},"wallet_signup_2024:Action":{"Get Proton Wallet":["Obtenir Proton Wallet"]},"wallet_signup_2024:Homepage hero product link title":{"Wallet":["Wallet"]},"wallet_signup_2024:Homepage product navigation bar":{"Wallet":["Wallet"]},"wallet_signup_2024:menu item":{"Bitcoin guide":["Guide de Bitcoin"],"Proton Wallet news":["Actualités Proton Wallet"],"Proton Wallet support":["Support Proton Wallet"]},"wallet_signup_2024:Pricing":{"Includes everything in Proton Unlimited and":["Comprend tout ce qui est inclus dans Proton Unlimited et"],"Limited availability":["Disponibilité limitée"],"The easiest way to securely own, send, and receive Bitcoin":["Le moyen le plus simple et sécurisé pour détenir et échanger des bitcoins"]},"wallet_signup_2024:ProductRange":{"Discover Proton Wallet":["Découvrez Proton Wallet"],"Store and transact Bitcoin privately with an encrypted self-custody wallet.":["Conservez et échangez des bitcoins en toute sécurité grâce à notre portefeuille chiffré en auto-gestion."]},"wallet_signup_2024:wallet bitcoin":{"Learn about Bitcoin, the Internet's value network.":["Découvrez le monde du Bitcoin, le réseau de valeur sur Internet."]},"wallet_signup_2024:wallet overview":{"Ensure you're always in control of your Bitcoin.":["Restez maître de vos bitcoins en toutes circonstances."]},"wallet_signup_2024:wallet security":{"The encrypted, open-source wallet that puts you in control.":["Contrôlez vos bitcoins de A à Z avec notre portefeuille chiffré open source."]}}},"base":"blog","cdn":{"enabledForAssets":true,"enabledForImages":false,"url":"https://pmecdn.protonweb.com/"},"unleashApi":"https://account.proton.me/api"};
window.frameworkContext = frameworkContext;
const context = frameworkContext.base === '' ? '' : `${frameworkContext.base}/`;
window.__toAssetUrl = (filename) => {
if (frameworkContext.cdn !== undefined && frameworkContext.cdn.enabledForAssets === true) {
return `${frameworkContext.cdn.url}${context}${filename}`;
} else {
return `/${context}${filename}`;
}
};
})();
One-time passwords are one of the most common forms of two-factor authentication (2FA). In this blog, we’ll help you understand what a one-time password is, the different types of one-time password you might receive, and how to stay safe when you’re logging into your accounts.
One-time passwords are one of the most popular methods for 2FA and multi-factor authentication (MFA). 2FA involves using two methods of user authentication, and using more than two methods of authentication is known as multi-factor authentication (MFA).
One-time passwords are just one type of many user authentication methods that you can use. The more ways you authenticate your identity, the harder it is for someone to imitate you. The three key methods of user authentication include:
Something you know: This could be a password, a PIN, or the answer to a security question.
Something you are: This could be any biometric data unique to you, like your fingerprint, face ID, or retina scan.
Something you have: This could be either a physical token or a digital token. Physical tokens could include an ID badge or a security key. Digital tokens could include a one-time password sent as an SMS or generated by an authentication app.
A one-time password is a method for logging into an account, similar to a password or touch ID. Often, it’s a randomly generated set of numbers or letters sent to your device to help you log into an account on a one-time basis. You can also receive a one-time password via an authenticator app, a phone call, or a security key.
As the name suggests, you can only use a one-time password once. Most one-time passwords will also expire after a certain amount of time, so they’re an effective method for confirming that you’re using a specific device at a specific time.
They’re compatible with any device and any platform. Users aren’t required to take an action like downloading an app or using a security key to use them. They’re also easy, requiring little to no tech knowledge to use. Think of them as a ring of protection around your account – the more rings you put in place, the harder it is for someone to gain access.
How are one-time passwords created?
You can receive a one-time password in many different ways. Some of the most common one-time password delivery methods include SMS, email, authenticator app, and email. Here are some examples, split into physical and digital.
Physical
Some devices can create one-time passwords to help you access your accounts. These include
USB drives and smartcards that can be inserted into your computer, phone, or tablet to verify your identity.
Smartphones and banking security devices that can generate their own one-time passwords.
Cards or Bluetooth-enabled devices that can also generate one-time passwords as contactless devices.
Digital
Software can also be used to generate one-time passwords:
An authenticator app, such as Google Authenticator, can generate 2FA codes to help you access the apps on your phone.
A business may send you a one-time password via SMS, push notification, phone call, or email to verify that you’re currently using your device.
What is a one-time password used for?
It’s likely you’ve received a one-time password before. Many websites and businesses use them because they can be more secure than traditional (known as ‘static’) passwords, which are more vulnerable to being leaked in data breaches. Since static passwords are user-generated, there’s also no guarantee that they’re strong. A strong password should use a mixture of special characters and numbers and ideally be randomly generated by a password generator so they’re not easily guessable.
Personal logins
Institutions working with sensitive data, such as banks, healthcare providers, and online retailers, often use one-time passwords to help you log in to each session online. They may use risk-based access, where you will only be prompted to enter a one-time password if you’re trying to perform a specific action: for example, if you’re trying to transfer money from your bank account into an account you’ve never interacted with before. In this instance, verifying your identity will protect both you and the bank.
Professional logins
You may also be required to receive one-time passwords to log into your business tools. Businesses work with sensitive data, which is essential to protect with robust user authentication. Many companies have begun enhancing their online security by enforcing 2FA or MFA. In its Cyber Essentials Starter Kit(nouvelle fenêtre), the Cybersecurity and Infrastructure Security Agency(nouvelle fenêtre), the US government agency charged with cybersecurity, recommends enforcing MFA as one of your first actions as a business leader. Requiring workers to authenticate their identities using one-time passwords is an excellent way to protect a business at every level of the workforce.
Can one-time passwords be exploited?
There is no doubt that using an additional method of authentication is safer than just using a static password. However, no method of authentication is 100% secure.
Passwords sent via SMS and email can be intercepted. By using social engineering, hackers can encourage someone who has received a one-time password to share it. One-time password bots(nouvelle fenêtre) can intercept passwords before the intended recipient even receives them. Multiple exploits, including SMS phishing (known as smishing(nouvelle fenêtre)) and SMS pumping,(nouvelle fenêtre) are available to determined hackers. Sim swapping also allows hackers to gain access to a phone without being anywhere near it.
It’s harder to intercept codes sent from authenticator apps, but it isn’t impossible. In 2020, experts discovered malware installed on Android phones that was able to steal 2FA codes(nouvelle fenêtre) generated by Google Authenticator.
Staying safe with one-time passwords
Turning on 2FA or MFA is the best way to protect yourself online. A one-time password is an excellent defense when configured properly. The best way to configure your 2FA? With a password manager. A password manager helps you create as many barriers between bad actors and your accounts as possible without requiring you to be a cybersecurity expert
With Proton Pass, you can generate 2FA codes for your accounts using our integrated authenticator. Everything you store in Proton Pass, including codes you generate, is protected by battle-tested end-to-end encryption. That means it’s only available to you. You can also protect your Proton Pass account using a biometric login, increasing your account’s security.
If you need to send a one-time password to a family member or co-worker, the most secure method is via a secure link. You can limit these links so they can only be accessed a certain number of times and to expire after a chosen amount of time. (It should be noted that you should only share a one-time password if you can verify the identity of the person requesting it – if the request comes via a phone call or an SMS from an unknown sender, take steps to verify their identity.)
You can keep your logins, personal details, and 2FA codes safe in Proton Pass whether you’re using it as an individual or a business. Find out which plan to get started with.
In response to popular demand, our privacy-first AI writing assistant Proton
Scribe is now available for free on our Duo and Family plans, in nine different
languages.
Proton Drive provides private and secure file sharing, document editing, and
cloud storage for businesses of all sizes. Take control of your company's data.