shared secret

A shared secret is data known to only the entities involved in a communication so that any party's possession of that data can be provided as proof of identity for authentication.

The simplest form of a shared secret is a password. Other examples include private keys, long strings of characters and random numbers. Shared secrets are used in most types of user authentication, from the simple and familiar user name and password combination to complex multifactor authentication (MFA) schemes.

For Google Authenticator's two-factor authentication (2FA) system, for example, a shared secret is established between the server and client to authorize the generation of one-time passwords (OTP) through either the time-based OTP or hash-based message authentication code (HMAC) OTP algorithm. Typically, the shared secret is initially presented to the user as a QR code on a smartphone and then saved locally. 


This was last updated in December 2014

Continue Reading About shared secret

Dig Deeper on Identity and access management

Enterprise Desktop
Cloud Computing