Skip to content

OTP Seed

Service Name: One-Time Password Authentication

Service Description: OTP (One-Time Password) seeds are secret keys used to generate time-based or counter-based one-time passwords for multi-factor authentication. These seeds are used by authenticator apps like Google Authenticator, Microsoft Authenticator, Authy, and others to generate temporary codes that expire after a short period.

Service Address: Various (depends on the service implementing OTP)

Validation Type: Unavailable

IP Allow list: Does not exist

Secret Access Scope: Grants ability to generate valid one-time passwords for authentication to a specific account or service.

Secret Revokement URL: Varies by service (typically requires disabling and re-enabling 2FA on the specific service)

Secret Example: JBSWY3DPEHPK3PXP

Suspicious Activity Investigation Instructions:

  • Review authentication logs for unauthorized successful logins using OTP.
  • Check for unexpected changes to MFA settings on the affected account.
  • Monitor for login attempts from unusual geographic locations or IP addresses.
  • Verify if additional authentication methods have been added without authorization.

Mitigation Instructions:

  • Immediately disable and re-enable multi-factor authentication on the affected account.
  • Generate a new OTP seed through the service's security settings.
  • Scan the new QR code or enter the new seed into your authenticator app.
  • Review and revoke any active sessions on the affected account.
  • Change the account password as an additional precaution.
  • Review account recovery options to ensure they haven't been compromised.