Authentication on websites is a necessity. The primary purpose of authentication is to secure allow access to visitors with use of login and password. Today authentication has become vulnerable to hacks, exposing authentication credentials during authentication. This is called Man in middle attacks.
To cope up with such attacks new authentication technologies are needed so that user can authenticate securely.
OTP authentication is one of such technologies available to help visitors authenticate securely and seamlessly.
What is OTP authentication?
OTP authentication is the method of authenticating to a site with the help of a one time password.
This one time password is a temporary pin with expiration limit from 30 seconds to 3 minutes.
This password received has to be validated before the time expires. As soon as validation is checked ok, visitor gets the access to the site.
After the time is expired, the pin cannot be used and the chances of same pin to be received is almost nil.
Generally the length of the pin is 4 or 6 digits and does not even vary between this limit.
How OTP authentication works for my site?
As I mentioned above, it uses OTP as method for authentication. For website, OTP is received on registered mobile number for a user. User has to input its mobile number and wait for sms to arrive.
As soon as OTP is received and validated, the user will be authenticated.
In this process, no password is required from user side.
What makes it secure is the OTP generation part. OTP is dynamically generated from service provider so it will be impossible for someone to fetch it during sending request from user side.
It can be seen as a start for a passwordless era. Although it is an alternative to passwordless authentication but it cannot be seen as a replacement for passwords.