The general idea of a One Time Password is to add a second layer of authentication in order to stay ahead of cybercrime and protect your organisation against catastrophic effects of fraud on your business. The risk of fraud is drastically reduced if the user doesn’t only have to fill in his user name and password (something he knows) but also needs something he “has” to complete the login. This ‘something’ can be the user’s phone. This means you’ll need the user’s mobile number, but also reliable messaging routes.
OTP is an SMS message
Originally, most OTP’s were sent as SMS messages. This means you’ll need reliable high quality SMS routes. Once the user has begun his login attempt, filling in his username and the correct password, an SMS with the OTP is sent to the mobile number connected to his account. The user then enters this code shown on this phone in the login screen, completing the authentication process.
OTP is a Push notification
The Two-factor Authentication process using One Time Passwords via Push is similar to SMS OTP. In the login procedure to your online environment, an automated generated code is sent as a push notification to your App in the user’s phone. Then the user has to copy that code to the login screen to verify his identity. This does mean you’ll need a dedicated app.
OTP is the best of both worlds
Using our Hybrid solution, you’ll combine the strengths of SMS and push messaging. Sending OTP’s through the Hybrid platform, the password initially will be sent as a cost-effective Push notification. If the user doesn’t have your app installed or is offline, the password will be sent via SMS. As an extra fall back, you can even have the password delivered using Voice. You’ll save costs on your phone bill while generating more app engagement and faster delivery.
OTP is more user friendly with Authenticator
Two-factor Authentication in the form of One Time Passwords is essential to keep your company and all your company data protected from cybercrime and fraud. However, there is another way to add this layer of authentication without your user having to type the code. With the CM Authenticator app, your user can simply verify or decline any login attempt via his mobile phone. This is what we call “instant authentication” as the push notification triggering an action is linked to the CM servers real-time. These servers instantly tell the web-service that the login session is legitimate thus granting access. (Update: the CM Authenticator app was discontinued at the end of '19).
OTP and Authenticator are just a few of our solutions to help you protect your company from cybercrime. Find out more about our Access solutions or contact our specialist Sandor Incze directly.