One-Time Password (OTP) is a technological mechanism through which a single-use password is generated and sent to the registered mobile number for the user to access the website. It is also known as two-factor authentication. Products like Google for Work, Paytm, and internet banking portals often use the OTP mechanism to ensure the authenticity of the user and prevent identity thefts.
Online identity theft is a severe problem. Statistics from Identity Theft journal reveal that every year around 15 million people in the United States become a victim of identity theft and face a collective loss of $50 billion. Around 100 million Americans become vulnerable due to data thefts from the government or corporate databases.
Adopting the use of sending OTP to verified users to access a specific site improves security, who otherwise could be vulnerable to phishing and keyboard logging activities. OTP lends an additional layer of security to protect the digital identity of the end users.
Steps in the OTP Process
Let us understand this in layman terms. There are as many mobile handsets in the world as the number of human inhabitants. In mobiles, SMS is a core functionality, and a mobile device is assumedly always with the owner.
When users create a digital asset or an account, they are prompted to enable the two-factor authentication system, apart from the usual username and password. Next time when the user tries to login, the system sends the temporary password (either four or six digits) to the registered mobile handset, and the user punches the code into the system. The code is a random series of numeric and alphanumeric characters. These OTP’s are usually valid for a certain number of minutes. The information flow works like this:
- User enters the username and password
- Request sent to backend
- Username and password matched
- User receives OPT via SMS
- User enters OPT and login to the site
Let us go a step ahead and understand the two processes that happen before the OTP is authenticated. These are Generation and Delivery. In the Generation process, the OTP is created either based on time or through a mathematical function. In the time-based generation, the device is in sync with the authentication server to create a time-based OTP.
In the second one, a mathematical function is invoked to generate the OTP. In the Delivery process, SMS is the commonest of ways due to the extensive adoption of mobile phones. If the OTP fails to deliver, the user immediately has the option to receive the code through the auto-generated IVR call.
Implementation of OTP SMS is the best way to protect enterprise data.
Features of OTP
There are three characteristics of OTP, which makes it a viable option for global leaders and tech giants to implement and ensure data safety. These features are secured access, simple infrastructure, and swift delivery. The whole cycle of OTP begins and ends in a couple of seconds. Via OTP SMS, the users receive four or six digit codes. Apart from the SMS system, users also receive the OTP through IVR, or it can be generated by the consumer and delivered via SMS.
The OTP is the prime way of authenticating bank transactions. Whether a user is logging in to access the account or transferring money, an OTP is generated and verified to begin the next step. Banks like ICBC (China), OCBC (China), Commercial Bank of Dubai (UAE), ICICI (India), Standard Chartered and Citibank employ secure OTP SMS protocols. ICBC and OCBC have physical hardware to generate the code, Citibank has both OTP and PIN to perform a transaction, and ICICI uses a combination of OTP and security grid layer on the card of the accountholder to proceed.In countries like Australia, North America, and Europe, the OTP method is used via SMS or IVR to deliver the code.
Does OTP SMS have any Vulnerabilities?
Presently, it is an ultra-secure way because users have complete ownership of their mobile handsets. If users lose the handsets, no transaction can happen unless the SIM is reported and replaced by the telecom provider. BroadNet maintains a secure and safe infrastructure to protect client data from any privacy breaches. The bulk SMS service, and other telecommunication and IT services are protected by strong security protocols.
OTP SMS is a secure way to access and perform online transactions on any enterprise website from any industry.