OTP Seed
Service Name: One-Time Password Authentication
Service Description: OTP (One-Time Password) seeds are secret keys used to generate time-based or counter-based one-time passwords for multi-factor authentication. These seeds are used by authenticator apps like Google Authenticator, Microsoft Authenticator, Authy, and others to generate temporary codes that expire after a short period.
Service Address: Various (depends on the service implementing OTP)
Validation Type: Unavailable
IP Allow list: Does not exist
Secret Access Scope: Grants ability to generate valid one-time passwords for authentication to a specific account or service.
Secret Revokement URL: Varies by service (typically requires disabling and re-enabling 2FA on the specific service)
Secret Example: JBSWY3DPEHPK3PXP
Suspicious Activity Investigation Instructions:
- Review authentication logs for unauthorized successful logins using OTP.
- Check for unexpected changes to MFA settings on the affected account.
- Monitor for login attempts from unusual geographic locations or IP addresses.
- Verify if additional authentication methods have been added without authorization.
Mitigation Instructions:
- Immediately disable and re-enable multi-factor authentication on the affected account.
- Generate a new OTP seed through the service's security settings.
- Scan the new QR code or enter the new seed into your authenticator app.
- Review and revoke any active sessions on the affected account.
- Change the account password as an additional precaution.
- Review account recovery options to ensure they haven't been compromised.