July 3, 2016
One time passwords, or OTPs as they are popularly called, have become the authentication factor of choice for most of the payment service providers in India. The use of OTPs extends to non-financial transactions as well, for instance, logging a customer to a smartphone application. Currently, all banks and mobile wallet companies in India use OTP as a method to either authenticate their consumers or the consumer’s transactions.
There are two steps which happen prior to the actual usage of OTP for authentication: Generation and Delivery.
OTPs can be generated in multiple ways. One of the frequently used methods is the time-based generation of OTP. In this method, a ‘token’ is used to generate the OTP. This generation has time as one of the inputs. This time on the generation device is perfectly synced to the authentication server. The other method of generation is to invoke a mathematical function which gives the OTP as an output.
The delivery of OTP to the consumer can also happen in various ways. The most popular method in India is delivery via text messages. A notification on smartphone ...