all-in-one privacy solution":["Proton Unlimited è una soluzione completa per la privacy"],"Black Friday":["Black Friday"],"No ads. Privacy by default.":["Niente pubblicità. La prima regola è la privacy."],"People before profits":["Le persone prima dei profitti"],"Security through transparency":["Più sicurezza grazie alla trasparenza"],"The best Proton Mail ${ BLACK_FRIDAY } deals":["Le migliori offerte di Proton Mail per il ${ BLACK_FRIDAY }"],"The world’s only community- supported email service":["L'unico servizio di posta elettronica al mondo supportato dalla community"]},"specialoffer:limited":{"${ hours } hour":["${ hours } ora","${ hours } ore"],"${ hoursLeft }, ${ minutesLeft } and ${ secondsLeft } left":["Restano ${ hoursLeft }, ${ minutesLeft } e ${ secondsLeft }"],"${ minutes } minute":["${ minutes } minuto","${ minutes } minuti"],"${ seconds } second":["${ seconds } secondo","${ seconds } secondi"],"Limited time offer":["Offerta a tempo limitato"]},"specialoffer:listitem":{"Create multiple addresses":["Crea indirizzi multipli"],"Hide-my-email aliases":["Alias hide-my-email"],"Quickly unsubscribe from newsletters":["Annulla rapidamente l'iscrizione alle newsletter"],"Use your own domain name":["Utilizza il tuo nome di dominio"]},"specialoffer:logos":{"As featured in":["Ne hanno parlato"]},"specialoffer:metadescription":{"Get an encrypted email that protects your privacy":["Scegli un'email cifrata per proteggere la tua privacy"]},"specialoffer:metatitle":{"Proton Mail Black Friday Sale - Up to 40% off":["Offerta Black Friday di Proton Mail - sconti fino al 40%"]},"specialoffer:newmetadescription":{"Get up to 40% off Proton Mail subscriptions this Black Friday. Find great deals on our secure end-to-end encrypted email plans.":["Per questo Black Friday ti offriamo fino al 40% di sconto sugli abbonamenti a Proton Mail. Scopri le straordinarie offerte sui piani di abbonamento alla nostra email dotata di crittografia end-to-end."]},"specialoffer:newmetatitle":{"Proton Mail Black Friday sale | Up to 40% off secure email":["Offerta di Proton Mail per il Black Friday | Fino al 40% di sconto sulla nostra email sicura"]},"specialoffer:note":{"* Billed at ${ TOTAL_SUM } for the first year":["* Addebito di ${ TOTAL_SUM } per il primo anno"],"*Billed at ${ TOTAL_SUM } for the first 2 years":["*Addebito di ${ TOTAL_SUM } per i primi 2 anni"],"30-day money-back guarantee":["Garanzia soddisfatti o rimborsati di 30 giorni"],"Billed at ${ TOTAL_SUM } for the first 2 years":["Addebito di ${ TOTAL_SUM } per i primi 2 anni"],"Billed at ${ TOTAL_SUM } for the first year":["Addebito di ${ TOTAL_SUM } per il primo anno"],"You save ${ SAVE_SUM }":["Risparmi ${ SAVE_SUM }"]},"specialoffer:off":{"${ PERCENT_OFF } off":["−${ PERCENT_OFF }"]},"specialoffer:testimonial":{"I love my ProtonMail":["Adoro ProtonMail"],"My favorite email service":["Il mio servizio email preferito"],"Thanks Proton for keeping us all safe in the complicated internet universe.":["Grazie Proton perché ci proteggi nell'universo complicato di internet."],"You get what you pay for. In the case of big tech, if you pay nothing, you get used. I quit using Gmail and switched to @ProtonMail":["Ottieni quello per cui hai pagato. Nel caso di big tech, se non paghi niente, vieni usato. Ho smesso di usare Gmail e sono passata a @ProtonMail"]},"specialoffer:time":{"Days":["Giorni"],"Hours":["Ore"],"Min":["Min"]},"specialoffer:title":{"And much more":["E molto altro"],"Make your inbox yours":["Personalizza la tua casella di posta"],"Safe from trackers":["Protezione dai tracker"],"Stay organized":["Mantieni tutto organizzato"],"Black Friday email deals":["Offerte email del Black Friday"],"Don’t just take our word for it":["Non lo diciamo solo noi"],"Our story":["La nostra storia"],"Transfer your data from Google in one click":["Trasferisci i tuoi dati da Google con un solo clic"]},"specialoffer:tooltip":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, connect up to 10 devices, access worldwide streaming services, malware and ad-blocker, and more.":["Accedi a contenuti bloccati e naviga in modalità privata. Include oltre ${ TOTAL_VPN_SERVERS } server in più di ${ TOTAL_VPN_COUNTRIES } Paesi, possibilità di connettere fino a 10 dispositivi, accesso a servizi di streaming in tutto il mondo, anti-malware, ad-blocker e altro ancora."],"Easily share your calendar with your family, friends or colleagues, and view external calendars.":["Condividi facilmente il tuo calendario con familiari, amici o colleghi e visualizza calendari esterni."],"Includes support for 1 custom email domain, 10 email addresses, 10 hide-my-email aliases, calendar sharing, and more.":["Include il supporto per 1 dominio email personalizzato, 10 indirizzi email, 10 alias hide-my-email, condivisione del calendario e altro ancora."],"Includes support for 3 custom email domains, 15 email addresses, unlimited hide-my-email aliases, calendar sharing, and more.":["Include il supporto per 3 domini email personalizzati, 15 indirizzi email, alias hide-my-email illimitati, condivisione del calendario e altro ancora."],"Manage up to 25 calendars, mobile apps, secured with end-to-end encryption, 1-click calendar import from Google, and more.":["Gestisci fino a 25 calendari, app per dispositivi mobili, protezione con la crittografia end-to-end, importazione del calendario da Google in un solo clic e altro ancora."]},"Status banner":{"Learn more":["Scopri di più"],"Please note that at the moment we are experiencing issues with the ${ issues[0] } service.":["Attenzione: stiamo riscontrando dei problemi con il servizio di ${ issues[0] }"],"We are experiencing issues with one or more services at the moment.":["Stiamo riscontrando dei problemi con uno o più servizi."]},"Status Banner":{"At the moment we are experiencing issues with the Proton VPN service":["Al momento abbiamo dei problemi con il servizio di Proton VPN"],"Learn more":["Scopri di più"]},"suggestions":{"Suggestions":["Suggerimenti"]},"Support":{"Sub category":["Sottocategoria","Sottocategorie"]},"Support article":{"${ readingTime } min":["${ readingTime } minuto","${ readingTime } minuti"],"Category":["Categoria","Categorie"],"Didn’t find what you were looking for?":["Non hai trovato quello che cercavi?"],"General contact":["Contatti generali"],"Get help":["Ottieni supporto"],"Legal contact":["Contatti legali"],"Media contact":["Contatti per la stampa"],"Partnerships contact":["Contatti per collaborazioni"],"Reading":["Lettura"]},"Support troubleshooting":{"App version":["Versione dell'app"],"Browser":["Browser"],"Check if this helps":["Verifica se questo ti è utile"],"Choose a product":["Scegli un prodotto"],"Did this solve your issue?":["Ha risolto il tuo problema?"],"Faster assistance is just a few clicks away":["Ottieni assistenza più velocemente con pochi clic"],"How can we help?":["Come possiamo aiutarti?"],"No, contact support":["No, contatta il supporto"],"Please fill out one field after another":["Compila un campo dopo l'altro"],"Please make your selections":["Fai la tua selezione"],"Proton account":["Account Proton"],"Proton for Business":["Proton for Business"],"Thank you for your feedback":["Grazie per il feedback"],"What can we help with?":["In cosa possiamo esserti di aiuto?"],"Yes":["Sì"]},"support_modal_search_query":{"Search query":["Query di ricerca"]},"support_search_button":{"Search":["Cerca"]},"support_search_i_am_looking_for":{"I'm looking for":["Sto cercando"]},"SupportForm":{"For a faster resolution, please report the issue from the Bridge app: Help > Report a problem.":["Per una risoluzione più rapida, segnala il problema dall'app Bridge: Aiuto > Segnala un problema."],"Information":["Informazioni"]},"SupportForm:option":{"Account Security":["Sicurezza dell'account"],"Contacts":["Contatti"],"Custom email domain":["Dominio email personalizzato"],"Email delivery and Spam":["Consegna delle email e spam"],"Encryption":["Crittografia"],"Login and password":["Login e password"],"Merge aliases and accounts":["Unione di alias e account"],"Migrate to Proton":["Migrazione a Proton"],"Notifications":["Notifiche"],"Other":["Altro"],"Plans and billing":["Piani e fatturazione"],"Proton for Business":["Proton for Business"],"Sign up":["Iscrizione"],"Storage":["Archiviazione"],"Users, addresses, and identities":["Utenti, indirizzi e identità"]},"SupportForm:optionIntro":{"Select a topic":["Seleziona un argomento"]},"swiss_baseed_feature":{"Swiss based":["Con sede in Svizzera"]},"Testimonial":{"Awards":["Premi"],"Customers":["Clienti"],"Featured":["In evidenza"],"Go to testimonial source":["Vai alle testimonianze"],"Reviews":["Recensioni"],"Videos":["Video"]},"Text":{"If you need help, check out our ${ supportLink }.":["Se ti serve assistenza dai un’occhiata alla nostra ${ supportLink }."],"The page you’re looking for might have been removed, or it could be an\nold link.":["La pagina che stai cercando potrebbe essere stata rimossa, o il link potrebbe essere vecchio."]},"Title":{"On this page":["In questa pagina"],"Related articles":["Articoli correlati"],"Share ${ thisPage }":["Condividi ${ thisPage }"],"Thank you!":["Grazie"],"this page":["questa pagina"]},"Tooltip":{"More information":["Ulteriori informazioni"]},"tooltip_vpn":{"Access blocked content and browse privately. Includes ${ TOTAL_VPN_SERVERS }+ servers in ${ TOTAL_VPN_COUNTRIES }+ countries, highest VPN speed, ${ TOTAL_VPN_CONNECTIONS } VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Accedi a contenuti bloccati e naviga in modalità privata. Include oltre ${ TOTAL_VPN_SERVERS } server in più di ${ TOTAL_VPN_COUNTRIES } Paesi, VPN ad altissima velocità, ${ TOTAL_VPN_CONNECTIONS } connessioni VPN, servizi di streaming in tutto il mondo, anti-malware, ad-blocker e altro ancora."]},"wallet_signup_2024:Action":{"Get Proton Wallet":["Ottieni Proton Wallet"]},"wallet_signup_2024:Homepage hero product link title":{"Wallet":["Wallet"]},"wallet_signup_2024:Homepage product navigation bar":{"Wallet":["Wallet"]},"wallet_signup_2024:menu item":{"Bitcoin guide":["Guida Bitcoin"],"Proton Wallet news":["Novità di Proton Wallet"],"Proton Wallet support":["Supporto di Proton Wallet"]},"wallet_signup_2024:Pricing":{"Includes everything in Proton Unlimited and":["Include tutte le funzionalità di Proton Unlimited e"],"Limited availability":["Disponibilità limitata"],"The easiest way to securely own, send, and receive Bitcoin":["Il modo più semplice di possedere, inviare e ricevere Bitcoin in modo sicuro"]},"wallet_signup_2024:ProductRange":{"Discover Proton Wallet":["Scopri Proton Wallet"],"Store and transact Bitcoin privately with an encrypted self-custody wallet.":["Conserva ed esegui transazioni in Bitcoin in modo privato con un portafoglio a custodia autonoma crittografato."]},"wallet_signup_2024:wallet bitcoin":{"Learn about Bitcoin, the Internet's value network.":["Scopri il Bitcoin, la rete di valore di Internet."]},"wallet_signup_2024:wallet overview":{"Ensure you're always in control of your Bitcoin.":["Assicurati di avere sempre il controllo dei tuoi Bitcoin."]},"wallet_signup_2024:wallet security":{"The encrypted, open-source wallet that puts you in control.":["Il portafoglio crittografato e open source che ti dà il controllo."]}}},"base":"blog","cdn":{"enabledForAssets":true,"enabledForImages":false,"url":"https://pmecdn.protonweb.com/"},"unleashApi":"https://account.proton.me/api"};
window.frameworkContext = frameworkContext;
const context = frameworkContext.base === '' ? '' : `${frameworkContext.base}/`;
window.__toAssetUrl = (filename) => {
if (frameworkContext.cdn !== undefined && frameworkContext.cdn.enabledForAssets === true) {
return `${frameworkContext.cdn.url}${context}${filename}`;
} else {
return `/${context}${filename}`;
}
};
})();
One-time passwords are one of the most common forms of two-factor authentication (2FA). In this blog, we’ll help you understand what a one-time password is, the different types of one-time password you might receive, and how to stay safe when you’re logging into your accounts.
One-time passwords are one of the most popular methods for 2FA and multi-factor authentication (MFA). 2FA involves using two methods of user authentication, and using more than two methods of authentication is known as multi-factor authentication (MFA).
One-time passwords are just one type of many user authentication methods that you can use. The more ways you authenticate your identity, the harder it is for someone to imitate you. The three key methods of user authentication include:
Something you know: This could be a password, a PIN, or the answer to a security question.
Something you are: This could be any biometric data unique to you, like your fingerprint, face ID, or retina scan.
Something you have: This could be either a physical token or a digital token. Physical tokens could include an ID badge or a security key. Digital tokens could include a one-time password sent as an SMS or generated by an authentication app.
A one-time password is a method for logging into an account, similar to a password or touch ID. Often, it’s a randomly generated set of numbers or letters sent to your device to help you log into an account on a one-time basis. You can also receive a one-time password via an authenticator app, a phone call, or a security key.
As the name suggests, you can only use a one-time password once. Most one-time passwords will also expire after a certain amount of time, so they’re an effective method for confirming that you’re using a specific device at a specific time.
They’re compatible with any device and any platform. Users aren’t required to take an action like downloading an app or using a security key to use them. They’re also easy, requiring little to no tech knowledge to use. Think of them as a ring of protection around your account – the more rings you put in place, the harder it is for someone to gain access.
How are one-time passwords created?
You can receive a one-time password in many different ways. Some of the most common one-time password delivery methods include SMS, email, authenticator app, and email. Here are some examples, split into physical and digital.
Physical
Some devices can create one-time passwords to help you access your accounts. These include
USB drives and smartcards that can be inserted into your computer, phone, or tablet to verify your identity.
Smartphones and banking security devices that can generate their own one-time passwords.
Cards or Bluetooth-enabled devices that can also generate one-time passwords as contactless devices.
Digital
Software can also be used to generate one-time passwords:
An authenticator app, such as Google Authenticator, can generate 2FA codes to help you access the apps on your phone.
A business may send you a one-time password via SMS, push notification, phone call, or email to verify that you’re currently using your device.
What is a one-time password used for?
It’s likely you’ve received a one-time password before. Many websites and businesses use them because they can be more secure than traditional (known as ‘static’) passwords, which are more vulnerable to being leaked in data breaches. Since static passwords are user-generated, there’s also no guarantee that they’re strong. A strong password should use a mixture of special characters and numbers and ideally be randomly generated by a password generator so they’re not easily guessable.
Personal logins
Institutions working with sensitive data, such as banks, healthcare providers, and online retailers, often use one-time passwords to help you log in to each session online. They may use risk-based access, where you will only be prompted to enter a one-time password if you’re trying to perform a specific action: for example, if you’re trying to transfer money from your bank account into an account you’ve never interacted with before. In this instance, verifying your identity will protect both you and the bank.
Professional logins
You may also be required to receive one-time passwords to log into your business tools. Businesses work with sensitive data, which is essential to protect with robust user authentication. Many companies have begun enhancing their online security by enforcing 2FA or MFA. In its Cyber Essentials Starter Kit(nuova finestra), the Cybersecurity and Infrastructure Security Agency(nuova finestra), the US government agency charged with cybersecurity, recommends enforcing MFA as one of your first actions as a business leader. Requiring workers to authenticate their identities using one-time passwords is an excellent way to protect a business at every level of the workforce.
Can one-time passwords be exploited?
There is no doubt that using an additional method of authentication is safer than just using a static password. However, no method of authentication is 100% secure.
Passwords sent via SMS and email can be intercepted. By using social engineering, hackers can encourage someone who has received a one-time password to share it. One-time password bots(nuova finestra) can intercept passwords before the intended recipient even receives them. Multiple exploits, including SMS phishing (known as smishing(nuova finestra)) and SMS pumping,(nuova finestra) are available to determined hackers. Sim swapping also allows hackers to gain access to a phone without being anywhere near it.
It’s harder to intercept codes sent from authenticator apps, but it isn’t impossible. In 2020, experts discovered malware installed on Android phones that was able to steal 2FA codes(nuova finestra) generated by Google Authenticator.
Staying safe with one-time passwords
Turning on 2FA or MFA is the best way to protect yourself online. A one-time password is an excellent defense when configured properly. The best way to configure your 2FA? With a password manager. A password manager helps you create as many barriers between bad actors and your accounts as possible without requiring you to be a cybersecurity expert
With Proton Pass, you can generate 2FA codes for your accounts using our integrated authenticator. Everything you store in Proton Pass, including codes you generate, is protected by battle-tested end-to-end encryption. That means it’s only available to you. You can also protect your Proton Pass account using a biometric login, increasing your account’s security.
If you need to send a one-time password to a family member or co-worker, the most secure method is via a secure link. You can limit these links so they can only be accessed a certain number of times and to expire after a chosen amount of time. (It should be noted that you should only share a one-time password if you can verify the identity of the person requesting it – if the request comes via a phone call or an SMS from an unknown sender, take steps to verify their identity.)
You can keep your logins, personal details, and 2FA codes safe in Proton Pass whether you’re using it as an individual or a business. Find out which plan to get started with.
In response to popular demand, our privacy-first AI writing assistant Proton
Scribe is now available for free on our Duo and Family plans, in nine different
languages.
Proton Drive provides private and secure file sharing, document editing, and
cloud storage for businesses of all sizes. Take control of your company's data.