What is an OTP?

OTP​ is a string of characters or numbers automatically generated to be used for one single login attempt. OTP, One Time Passwords in full, can be sent to the user’s phone via SMS or Push messaging and is used to protect web-based services, private credentials and data. OTP’s will minimize the risk of fraudulent login attempts and thus the risk of stolen data. OTP’s come in all shapes and sizes, but always add an extra layer of authentication. Which type of OTP best suits you?

Authenticator OTP login

The general idea of a One Time Password is to add a second layer of authentication in order to stay ahead of cybercrime and protect your organisation against catastrophic effects of fraud on your business. The risk of fraud is drastically reduced if the user doesn’t only have to fill in his user name and password (something he knows) but also needs something he “has” to complete the login. This ‘something’ can be the user’s phone. This means you’ll need the user’s mobile number, but also reliable messaging routes.                                                                                           

OTP is an SMS message

Originally, most OTP’s were sent as SMS messages. This means you’ll need reliable high quality SMS routes. Once the user has begun his login attempt, filling in his username and the correct password, an SMS with the OTP is sent to the mobile number connected to his account. The user then enters this code shown on this phone in the login screen, completing the authentication process. 

OTP is a Push notification

The Two-factor Authentication process using One Time Passwords via Push is similar to SMS OTP. In the login procedure to your online environment, an automated generated code is sent as a push notification to your App in the user’s phone. Then the user has to copy that code to the login screen to verify his identity. This does mean you’ll need a dedicated app. 

OTP is the best of both worlds

Using our Hybrid solution, you’ll combine the strengths of SMS and push messaging. Sending OTP’s through the Hybrid platform, the password initially will be sent as a cost-effective Push notification. If the user doesn’t have your app installed or is offline, the password will be sent via SMS. As an extra fall back, you can even have the password delivered using Voice. You’ll save costs on your phone bill while generating more app engagement and faster delivery. 

OTP is more user friendly with Authenticator

Two-factor Authentication in the form of One Time Passwords is essential to keep your company and all your company data protected from cybercrime and fraud. However, there is another way to add this layer of authentication without your user having to type the code. With the CM Authenticator app, your user can simply verify or decline any login attempt via his mobile phone. This is what we call “instant authentication” as the push notification triggering an action is linked to the CM servers real-time. These servers instantly tell the web-service that the login session is legitimate thus granting access. (Update: the CM Authenticator app was discontinued at the end of '19).

OTP and Authenticator are just a few of our solutions to help you protect your company from cybercrime. Find out more about our Access solutions or contact our specialist Sandor Incze directly. 

Start sending OTPs

Read more
Read more

Related articles

Is this region a better fit for you?