One-Time Password (OTP) is a temporary numeric or alphanumeric code used for authentication and verification purposes. OTPs are widely used in login systems, banking applications, payment gateways, password reset functionality, and two-factor authentication (2FA).
Generating an OTP in C# is simple, but it is important to understand the correct and secure way to do it. In this article, we will learn how to generate OTP in C# using two commonly used approaches — a basic method and a more secure method suitable for production applications.
What Is an OTP?
An OTP (One-Time Password):
Is valid for one session or transaction
Expires after a short period
Adds an extra layer of security
Prevents unauthorized access
For example:
Typically, OTPs are 4 to 6 digits long, but they can also include letters.
Method 1: Generate OTP Using Random Class (Simple Method)
The easiest way to generate a numeric OTP in C# is by using the built-in Random class.
Here is a simple example that generates a Digital OTP:
using System;
class Program
{
static void Main()
{
Random random = new Random();
int otp = random.Next(100000, 999999);
Console.WriteLine("Generated OTP: " + otp);
}
}
How This Works
Random() creates a random number generator.
Next(100000, 999999) ensures the OTP is always 6 digits.
The number generated is displayed as the OTP.
When to Use This Method
Learning purposes
Basic applications
Non-security-critical systems
⚠ Important Note:
The Random class is not cryptographically secure. It should not be used in high-security systems like banking or financial applications.
Method 2: Generate Secure OTP Using RNGCryptoServiceProvider (Recommended)
For secure applications, we should use a cryptographically secure random number generator. In modern .NET, this can be done using RandomNumberGenerator.
Here is a secure way to generate a 6-digit OTP:
using System;
using System.Security.Cryptography;
class Program
{
static void Main()
{
byte[] bytes = new byte[4];
RandomNumberGenerator.Fill(bytes);
int value = BitConverter.ToInt32(bytes, 0);
int otp = Math.Abs(value % 1000000);
Console.WriteLine("Secure OTP: " + otp.ToString("D6"));
}
}
How This Works
RandomNumberGenerator.Fill() generates cryptographically secure random bytes.
BitConverter.ToInt32() converts bytes into an integer.
% 1000000 ensures the number stays within 6 digits.
"D6" formatting guarantees leading zeros if needed.
Why This Method Is Better
More secure
Suitable for authentication systems
Used in production-level applications
Prevents predictable OTP generation
This method is recommended for real-world systems that require security.
Important Considerations for OTP Systems
Generating an OTP is only part of the process. In real-world applications, you should also:
Set OTP expiration time (e.g., 5 minutes)
Store OTP securely (database or cache)
Limit retry attempts
Prevent OTP reuse
Use HTTPS for transmission
Log verification attempts
Security does not depend only on generation — it depends on full implementation.
Real-World Use Cases
OTP generation is commonly used in:
Two-factor authentication (2FA)
Password reset functionality
Mobile number verification
Email verification
Payment confirmation systems
Banking applications
Because authentication is universal in modern applications, this topic has very high search demand.
Common Interview Questions
What is an OTP?
How do you generate a random number in C#?
What is the difference between Random and Random number generator?
Why is Random not secure?
How would you implement OTP expiration?
These questions are frequently asked in backend and full-stack interviews.
Conclusion
Generating OTP in C# is simple but choosing the correct method is important. The two main approaches are:
Using Random class (simple but not secure)
Using Random number generator (secure and recommended)
For learning or basic applications, the Random class works fine. However, for authentication systems and production environments, always use a secure random number generator.
Understanding OTP generation is essential for building secure login and verification systems in modern applications.