AAPT Home > Support Information > Web Hosting > One Time Passwords
AAPT's UNIX hosting services use a one-time password system. Unlike traditional passwords, where the same password is used multiple times, you use a different password every time you log in.
One-time passwords consist of a randomly generated string of three or four letter words that are provided in a sequential list. The passwords must be used in order, from password number 499 down to password number 1, and each password may be used only once.
This system provides better security for your service and data because even if a password is seen or intercepted it will not work again and the randomly generated passwords can not be guessed. To maintain security, you MUST ensure your current password list is stored securely.
You are provided with a list of 10 passwords, numbered from 490 to 499, when you receive your account information. Use these for the first 10 connections to your account starting from password number 499. The system keeps track of the passwords and provides a prompt identifying the next password required from the sequence.
Use your initiator sequence in the online systems to generate more passwords when you have finished these. You do not need to be logged in to your host machine to get more passwords.
The initiator sequence is the key to your password supply. It is the code that allows you to generate further one-time passwords for your account, just as your bank PIN allows you to access your bank accounts.
For example:
PICK BOX GUM FRED WOLF TONE
You must protect the initiator sequence as you would a bank account PIN. Do not let other people see the initiator sequence because it provides access to all the one-time passwords for your account. If you believe anyone else has obtained or seen your initiator sequence please contact AAPT immediately and upon proof of your identity we will issue you with a new initiator sequence.
Take care to type the initiator sequence exactly because the system generates a list of passwords even if an incorrect initiator sequence is used. Passwords generated using an incorrect initiator sequence will not work.
If you are unsure of which password you are up to, telnet to your
account. The prompt
otp-md5 xxx ssssss
is displayed after you enter your login name where xxx is a
three digit number between 001 and 499 indicating which password
string to use next from your list of passwords.
A database containing 500 one-time passwords is set up for each account. There are three ways to generate passwords from this database:
The easiest method of generating more passwords is using the Web form on your host machine, which generates passwords from the password database.
Please note that although this form uses a secure http session
to generate your passwords you should not use it unless you have
a secure data path to our web service, for example you are using
a AAPT dialup service or via your own permanent link.
To generate new passwords:
You can print out the list but make sure you store it safely.
Opie is a UNIX engine for generating passwords. The online form provides a user-friendly interface to this facility but you can also access it directly via telnet. Be aware, however, that you should not use Opie to generate passwords via telnet unless you have a secure connection.
To generate passwords using Opie:
A list of the requested number of passwords is generated.
UNIX(r) System V Release 4.0 (hosting0) login: testperson otp-md5 399 bu5524 Response: DIET PRY RITE TILT MOON BUST Last login: Thu Oct 24 09:42:59 from kalla.off.connec $ opiekey usage: opiekey [-v] [-h] [-4 | -5] [-a] [-n count] sequence_number seed $ opiekey -n 20 399 bu5524 Using MD5 algorithm to compute response. Reminder: Don't use opiekey from telnet or dial-in sessions. Enter secret pass phrase: $
Above: A sample session using opiekey to generate 20 passwords.
You can generate a postscript file of 100 passwords which can be printed, cut, and folded to credit card size to fit in your wallet or purse alongside other important cards.
While this is often more convenient, please note that it is less secure than generating passwords using the online form or opiekey from your own computer. But if you guard the list of passwords as you do your credit card or bank account PIN the risk is minimal.
To generate a printable list of passwords:
A postscript file called mylist.ps is generated and saved in the home directory (home/login) of your account. To check the command has been successful type "ls" at the prompt to list the contents of your directory.
Use ftp to copy or move the file to your local computer for printing.
Keep track of which password you are up to. When you have used around 400 passwords and are down to only 100, send a fax on company letterhead to AAPT support on (03) 8687 5998 to request a new initiator sequence.
| Copyright © AAPT Limited |
|