08 Apr, 2015 by Vyshnavi Dabbir
Bulk SMS OTP (One time Password) is secured & reliable
Ensuring precise network security solutions for today’s ‘wired’ world is no easy task. Security professionals are faced with new challenges to stay a step ahead of the hackers to safeguard all access points of the networks. If a username and a password are all that is required to access a network, there are chances of unauthorized access regardless of the security policies in place. The traditional password is a static password that is changed only when necessary and is mostly based on subjects close to the user – birthdays, children’s names, and the likes. These passwords get cached on hard drives and can also be easily picked up by malware / spyware, therefore permitting unauthorized access to the network and applications.
Landscape of One Time Password (OTP)
The technology of One-Time Password (OTP) offers a comprehensive solution to overcome such drawbacks of single-factor authentication systems. It enables safe and secure network access by provides an added layer of security. Solutions Infini’s InfiNeo is a banking communication platform that takes care of sending OTPs to authenticate online banking transactions. InfiNeo’s OTP solutions offer two-factor authentication (2FA), using something that the user owns and something that the user has, to generate a dynamic password that is valid only for only one transaction or one login session and expires thereafter. The 2FA system typically requires the user to evidence his identity twice, first with his password and then with the OTP. The OTP principle highlights that every time the user tries to log on, an algorithm generates a pseudorandom output, valid for a single login, thus improving the security. The OTP generated is random to the maximum extent, irreversible and unpredictable.
OTPs, however, are not easy to memorize and hence requires additional technology for support. An OTP is generated using one of these three methods.
- Based on the previous password using a mathematical algorithm
- Based on a random number generated by the authentication server using an algorithm or
- Based on time-synchronization between the server that authenticates and the user who provides the password.
How secure is SMS One Time Password (OTP)?
The distribution of OTPs is generally done using text messages through the gateway using short messaging system (SMS) after they are generated at the server side. Other means of distribution include proprietary tokens, secure code devices, grid files and web based methods. When tokens and smart cards are pricey to implement, the ubiquitous channel of SMS bears low total cost of ownership. OTP SMS messages from the web application, a bank for instance, passes through the GSM network, an out-of-band channel independent of the internet. The security of this transmission is reinforced by the fact that both the user’s platform, as well as mobile phone, are not possibly vulnerable to software attacks at the same time. Listed are some of the features that make SMS OTP unmatched.
- OTPs are not vulnerable to replay attacks as they are valid just for a single login.
- OTPs are generated at random and are valid only for a specific period of time, thus ensuring utmost security.
- SMS is the cheapest option to distribute OTP to the user.
- OTP through SMS effectively eliminates the need for users to create and maintain passwords and fails password-cracking efforts by phishers.
- Delivering OTP to mobile phone is simple and secure, as the user carries the mobile phone at all times.
- There is no need for the user to carry an extra device, say a token, to view the OTP.
- SMS is familiar, has huge customer base and can reach almost every single user.
- SMS is available in all kinds of handsets.
However, SMS OTPs do have a few limitations owing to wireless interception, messaging delays and hacking of the GSM (Global System for Mobile communications) system. This situation emphasizes that there is a need to innovate new technologies that enhance the application of SMS OTPs and make them totally reliable as well.