Over the past couple of decades, data breaches have impacted most industries. From large multinational companies to small startups, no one is immune. So even after so many years, security always remains a major concern and everyone have their own method of tackling threats.
One of the methods that has really buffed up secure log-ins and cut down on data breaches is 2-factor authentication or One-Time Password authentications.
And with the explosions of smartphones in the Indian market scene, people are making more mobile purchases. eCommerce has been more of mCommerce lately in India. With this happening, mobile payment has definitely become an area of increased focus for security threats.
Why Two-factor Authentication?
Traditionally speaking Single sign on (SSO) architecture are not well protected nowadays. One report suggests that well-known passwords like 1234, Date of Birth and all other predictable passwords such as “password” and more has lead to 20% hacking activity. And if hackers club this technique with other hacking techniques and tools like keylogger, social engineering, then the chances of penetration increases to 55%.
In order to curb such events, two-factor authentication was one of the solutions that came up and the adoption rate are staggering. Thanks to OTP authentication, access will be only given to the people will authorization rather than risking violation of data by unauthorized users or hackers. Even if the password is stolen, there is a very rare chance that the mobile phone is stolen at the same time. Even though such an event occurs these passwords has one-time use duration and expires under 10-15 minutes after triggering.
So in short, with the use of One-time password authentication you can improve both corporate as well as customer facing security.
Matt Cutts, the head of webspam at Google puts this very well. He says , “Two-factor authentication means “something you know” (like a password) and “something you have,” which can be an object like a phone.”
How is OTP implemented?
OTP came into existence around the mid of the last decade. Due to the rise of feature phones and smartphones, the security analysts at Oracle, Google, Microsoft and other leading industry sought out to find better security options. Thus giving rise to One-time passwords otherwise also known as two-factor authentication.
Implementation of OTP is a fairly simple process. When you start using OTP, what really happens is that when a user enters their login credentials for a web account they have a checkpoint to cross.
In Gmail, when we sign up for 2-factor authentication, it would not allow single sign-on anymore. After you enter your password, it will redirect you to another page saying, “Please enter the 6-digit PIN, that you have received on your mobile phone”. The right OTP will allow you to log into your account.
What really happens is once you enter your password, the servers on the other side register a login and generate a random key that will never be generated again and sends it to the registered cellular number that expires under a given time frame selected by the provider. Once this OTP is entered, the server checks with the record it has and authenticates the user to use the account as usual.
So this adds another layer of security, so even if your primary password is compromised, you don’t have to worry about your accounts being compromised if you have a two-factor authentication.
How to include OTP in your Exotel Call flow?
To include OTP in your Exotel Call flow, you can use our standard SMS API and integrate it with your OTP generating server. Once that is done, you just have to send the SMS going through the server on a high priority and rest assured anytime your clients use a system where they need a 2-factor authentication, Exotel will deliver.
And this is it, you can now increase your customers security in a very simple yet effective manner.
Advantages of using Exotel to implement OTP
- Integrations with your product/app is simple – Exotel API’s makes this integration a breeze
- Cost effective – you can use your existing Exotel account for it. there is no need for additional hardware or software
- Easily scalable – As your customer base grows, you can easily scale with Exotel and pay as you go. No need for any infrastructure updates from your end. We will take care of that.