How is the One Time Password sent to the User?
With a static password the user generally has to remember what value they set (and request a reminder email if they forget) – One Time Passwords can be sent by email but increasingly they are sent as an SMS to the user’s mobile phone, replacing the need for a physical token solution. With
multi factor authentication in place there is an additional layer of complexity and using tokens can result in more calls requesting replacements due to loss or other issues. It is important that using a One Time Password solution is easy to manage and easy to set up, by employing the users mobile phone this can make it easier – especially when setting and administering users on the system.
Why use One Time Password Technology?
Historically users on a network fail to change their static passwords regularly, store them on the computer in an unencrypted file, share them with others or leave the password cached on their machine – any of these makes it easy for someone to gain password details. The fastest and easiest way to stop replay attacks in a bid to gain unauthorised access is to use One Time Passwords. By only allowing one attempt at authentication OTP prevents repeat access to the network therefore helping to stop unwanted intruders gain access.
How Easy to use and deploy?
By using One Time Passwords on a mobile phone – commonly by way of an app – a user is able to request a new password each time they wish to access the network. This makes using two factor authentication extremely easy for users as they only have to open their smartphone OTP app and generate a new password. A good multi factor authentication system should also be easy to deploy to new users and with smartphone technology the one time password generator should initialise itself and work the very first time a user wishes to authenticate.