One time passwords are system generated alpha-numeric or most of the times only numeric codes used for authentication. Used mostly for Login or transaction purposes they are used as security devices. Which is why the popularity of OTP service providers in India has increased considering the number of companies using it.
OTP is safer as compared to other methods of security. They provide good authentication when buying, logging in and transacting money. They usually are used as the second stage of two-step verification in many instances.
OTPs are most Commonly used in the banking sector during credit or debit card transactions or during other net-banking transaction events. They are also used by Google as a way to authenticate the user. They are used by many apps and websites so ensure that a user is a real person and in fact not a bot.
Why do we need OTP?
Do you remember how many times you forget your password? Or how many login passwords have you written down. The chances of a security breach at such an instance are very high. Imagine if your banks didn’t have OTP, how would you have functioned otherwise?
OTP offers 2-factor authentication (2FA) to ensure all the security protocols are double-checked. Also, they are only triggered via the communication only you have provided so the OTP is sent on your devices in your hand. In case of an instance where you did not trigger the event, you will come to know about it on your device.
Whereas, with normal login methods, you can never figure out if someone has hacked your data and is trying to login. Of course, you will find out about it someday, but it will be pretty late by then.
How do you receive an OTP?
OTPs are event-triggered i.e. they only will be generated if YOU only have triggered action. OTPs are triggers designed in such a way that triggering an OTP would be consensual and not without your knowledge. OTPs are usually sent across different channels of communication.
- SMS: OTPs sent via SMS are usually sent on SMS as they are less hackable. The OTP sent via SMS are more reliable as they include network services.
- Email: OTPs sent via email are mostly alpha-numeric. They usually end up in your spam folder, so make sure while receiving an OTP that you check all your email folders.
- Both: Many websites require two-step verifications and hence will send 2 different OTPs on your phone and your email.
- Tokens: This type of authentication is very rarely used since generating OTP on a hardware device can have many hindrances like a battery, network etc. Many companies are developing technologies where you can overcome these problems.
Once you receive this email/SMS conveying your OTP, you just need to enter it in the space given by the website.
How are OTPs generated?
OTPs are unique. They are generated by random numbers and alphabets. Now to make sure the permutation and combination of these never repeat, there are several systems assigned so as to create unique OTPs.
There are two ways you can create OTPs 1) Computer algorithm-generated 2) Time synchronized. Let us look at both one by one.
- Computer Algorithm Generated.
The most popular algorithm used by companies to generate OTP is Leslie Lamport. The OTP generated by this method has the following sequence.
- Seed (s)
- Hash function f(s)
To have even less duplication one more counter is added at the end.
This is a tough algorithm to copy or breach and many companies use it.
Many companies use this. It works on time-based algorithms that are different for different companies.
As we saw in the Leslie Lamport Algorithm above, there was not a function of time (like f(t)) but the time-synchronized algorithm has a very important aspect “Time”.
Now, time-synchronized devices can be microprocessor-based LED displays, mobile, tablet or any hardware device. You will see numbers flashing on these devices. These are all time-based numbers.
Different companies have their proprietary technology to come up with the OTP.
Things to keep in mind!
OTPs are good for security reasons but there are certain things you need to keep in mind before you handle OTP.
- NEVER reveal your OTP over a phone call or a stranger.
- Beware when people ask you for some number sent on your device, could possibly be an OTP
- Use them immediately
- Avoid using public Wi-Fi
- Could lock you out of your accounts if too many incorrect attempts
- Can be costly if you consider from the company standpoint
- Can on some occasion be engineered
OTP service providers are available in India as well as out of India. They are meant for security. If used wisely they can save the day. Anyone can improve security using this type of verification.