What is a One Time Password?
OTP is the abbreviation of One Time Password and is a string of characters or numbers automatically generated to be used for one single login attempt. These can be sent to the user’s phone via SMS or Push messaging. OTP’s will minimise the risk of fraudulent login attempts.
Why Would You Use One Time Passwords?
The general idea of a One Time Password is to add a second layer of authentication to stay ahead of cybercrime and protect your organisation against catastrophic effects of fraud on your business.
The risk of fraud is drastically reduced if the user doesn’t only have to fill in his username and password (something he knows) but also needs something he “has” to complete the login. This ‘something’ can be the user’s phone. OTP’s come in all shapes and sizes, but always add an extra layer of authentication.
One Time Password Examples
One Time Password as SMS Message
Originally, most OTP’s were sent as SMS messages. Once the user has begun his login attempt, filling in his username and the correct password, an SMS OTP is sent to the mobile number connected to his account. The user then enters this code shown on this phone in the login screen, completing the authentication process.
One Time Password as Voice Message
An alternative to a One Time Password via SMS is Voice. With Voice, the spoken password is received as a phone call on the user's mobile. The password will not be stored on the user's phone and Voice allows you to reach users with limited sight. You can also implement Voice as a back-up in case your SMS is not delivered.
One Time Password as Push Notification
The Two-factor Authentication process using One Time Passwords via Push is similar to SMS OTP. In the login procedure to your online environment, an automated generated code is sent as a push notification to your App on the user’s phone. Then the user has to copy that code to the login screen to verify his identity. This does mean you’ll need a dedicated app.
Industries that Benefit From One Time Passwords
One Time Passwords are used by businesses who are seeking to secure their data against remote attacks where credentials can be exploited such as:
Banking and finance
Government
Defence
Consumer electronics
Commercial security
Travel and immigration
Healthcare