OATH Initiative for Open Authentication

About OATH

The Initiative for Open Authentication (OATH) is an industry-wide collaboration to define an open reference architecture for strong authentication, using existing and new open standards.

Mission

OATH’s goal is simple: make strong, interoperable authentication available to everyone. We do this by:

  • Publishing open, royalty-free specifications for one-time passwords and related technologies.
  • Defining reference architectures for strong and passwordless authentication.
  • Operating a certification program that promotes interoperability between authenticators and validation servers.
  • Collaborating with other standards bodies and industry initiatives.

Challenges OATH Addresses

Networked systems today face three persistent challenges:

  1. Theft and misuse of credentials leading to account takeover and fraud.
  2. Complex, fragmented authentication stacks that are costly to operate and maintain.
  3. Lack of interoperable frameworks for secure single sign-on and strong customer authentication across platforms.

OATH addresses these challenges by defining common building blocks that can be reused across vendors, platforms, and deployment models.

Key Standards

OATH’s work has resulted in widely adopted standards including:

  • HOTP – HMAC-based One-Time Password (RFC 4226)
  • TOTP – Time-based One-Time Password (RFC 6238)
  • OCRA – OATH Challenge-Response Algorithm (RFC 6287)
  • Contributions to provisioning standards such as PSKC (RFC 6030) and DSKPP (RFC 6063).

View all Standards & RFCs →

Role in the Ecosystem

Together with other industry initiatives and standards bodies, OATH helps evolve the ecosystem from password-centric models towards strong, phishing-resistant and passwordless authentication that is open, interoperable, and vendor-neutral.

OATH does not prescribe a single product or architecture. Instead, it defines interoperable building blocks that vendors and enterprises can adopt in their own solutions.

Get Involved

OATH is driven by participation from vendors, service providers, and enterprises that deploy authentication at scale. You can get involved by:

  • Implementing OATH standards in your products and services.
  • Participating in technical working groups and contributing feedback.
  • Sharing deployment experience and best practices.

For more information, please use the contact details on this site or reach out through your usual OATH channels.