Web security has become a concern for everyone using internet. Not only software industry, but also hardware industry has been affected by breaches and attempts. Hardware is like human body, software being the soul.
Every industry has security checkups and safeguards for employees and customers.
On employee level, they are authenticated using magnetic ID cards, Biometrics (Retina, Voice, Fingerprint) to provide access to infrastructure. On customer level, physically they do not require any such authentication checks because of role. They visit, buy and leave and the only proof they may require for purchasing is their identification card in form of driver licence, health insurance card etc.
In online world, scenario is not similar to what we have physically for customers. Customers need to require a unique id for a web property in order to authenticate and use services. Many services requires no registration like document compressing, picture cropping, video conversion etc.
Unique id can be differentiated on basis of email, phone number or unique username for that property.
Today websites are using two ways authentication,
One is traditional login, where we have to fill up form first to sign up and use a unique username and password to authenticate to site.
Another is social login. It uses social profile to sign-up and sign-in to a website. Once user is validated from social front, it also gets authenticated to the site.
Social login is very much beneficial than traditional login as it provides extra set of information associated with the profile.
Although the advancements have made authentication almost hack proof but still a fear persists, fear of passwords getting exposed.
OTP authentication came out to be the solution for such fears. It uses OTP as mode of authentication. An OTP is sent on registered mobile number and email. Generally OTP is of 4 digits, but it can be of 6 digits, depending upon usage.
Once the OTP is validated, user gets authenticated without use of passwords.
What makes is safe is randomness of OTP and expiry time of OTP. Even if OTP message is left saved and someone sees it, they won’t be able to use it because the code already had expired. OTP comes with expiry from 30 seconds to 3 minutes.
Hence OTP authentication is the need today not only for security conscious customers but also as another method for securely authenticating to web properties.