diff --git a/README.md b/README.md
index 37f3811a..5b3a3182 100644
--- a/README.md
+++ b/README.md
@@ -57,7 +57,7 @@ AES is recommended for shadowsocks-go. [Intel AES Instruction Set](http://en.wik
 
 ### One Time Auth
 
-Append `-ota` to the encryption method to enable [One Time Auth (OTA)](https://shadowsocks.org/en/spec/one-time-auth.html).
+Append `-auth` to the encryption method to enable [One Time Auth (OTA)](https://shadowsocks.org/en/spec/one-time-auth.html).
 
 - For server: this will **force client use OTA**, non-OTA connection will be dropped. Otherwise, both OTA and non-OTA clients can connect
 - For client: the `-A` command line option can also enable OTA
diff --git a/cmd/shadowsocks-local/local.go b/cmd/shadowsocks-local/local.go
index 17b7762b..1de4262f 100644
--- a/cmd/shadowsocks-local/local.go
+++ b/cmd/shadowsocks-local/local.go
@@ -174,7 +174,7 @@ func parseServerConfig(config *ss.Config) {
 	if len(config.ServerPassword) == 0 {
 		method := config.Method
 		if config.Auth {
-			method += "-ota"
+			method += "-auth"
 		}
 		// only one encryption table
 		cipher, err := ss.NewCipher(method, config.Password)
@@ -381,7 +381,7 @@ func main() {
 	cmdConfig.Server = cmdServer
 	ss.SetDebug(debug)
 
-	if strings.HasSuffix(cmdConfig.Method, "-ota") {
+	if strings.HasSuffix(cmdConfig.Method, "-auth") {
 		cmdConfig.Method = cmdConfig.Method[:len(cmdConfig.Method)-4]
 		cmdConfig.Auth = true
 	}
diff --git a/cmd/shadowsocks-server/server.go b/cmd/shadowsocks-server/server.go
index 19dfc0b2..d2969e90 100644
--- a/cmd/shadowsocks-server/server.go
+++ b/cmd/shadowsocks-server/server.go
@@ -345,7 +345,7 @@ func main() {
 
 	ss.SetDebug(debug)
 
-	if strings.HasSuffix(cmdConfig.Method, "-ota") {
+	if strings.HasSuffix(cmdConfig.Method, "-auth") {
 		cmdConfig.Method = cmdConfig.Method[:len(cmdConfig.Method)-4]
 		cmdConfig.Auth = true
 	}
diff --git a/config.json b/config.json
index 7b783612..35d08271 100644
--- a/config.json
+++ b/config.json
@@ -3,6 +3,6 @@
     "server_port":8388,
     "local_port":1080,
     "password":"barfoo!",
-    "method": "aes-128-cfb-ota",
+    "method": "aes-128-cfb-auth",
     "timeout":600
 }
diff --git a/shadowsocks/config.go b/shadowsocks/config.go
index 88f7c16f..4db50ac2 100644
--- a/shadowsocks/config.go
+++ b/shadowsocks/config.go
@@ -87,8 +87,8 @@ func ParseConfig(path string) (config *Config, err error) {
 		return nil, err
 	}
 	readTimeout = time.Duration(config.Timeout) * time.Second
-	if strings.HasSuffix(strings.ToLower(config.Method), "-ota") {
-		config.Method = config.Method[:len(config.Method)-4]
+	if strings.HasSuffix(strings.ToLower(config.Method), "-auth") {
+		config.Method = config.Method[:len(config.Method)-5]
 		config.Auth = true
 	}
 	return
diff --git a/shadowsocks/encrypt.go b/shadowsocks/encrypt.go
index 45b2eb95..146947d3 100644
--- a/shadowsocks/encrypt.go
+++ b/shadowsocks/encrypt.go
@@ -184,8 +184,8 @@ func NewCipher(method, password string) (c *Cipher, err error) {
 		return nil, errEmptyPassword
 	}
 	var ota bool
-	if strings.HasSuffix(strings.ToLower(method), "-ota") {
-		method = method[:len(method)-4] // len("-ota") = 4
+	if strings.HasSuffix(strings.ToLower(method), "-auth") {
+		method = method[:len(method)-5] // len("-auth") = 5
 		ota = true
 	} else {
 		ota = false