Time for static passwords is over.
Threats to our data & assets are more and more frequent: according to Symantec, the volume of damages caused by on line frauds has reached the unbelievable amount of 290 billions USD, and this is a 2015 figure, growing more and more month by month.
Is it possible that our wife’s birthday could compromise the safety of a company or an end user? Is it possible that stability and prosperity of an organization could collapes because of a Post-it?
Besides company policies, it is more and more clear that “user ID & password” cannot be a safe system.
The growing specialization of informatic criminals make these barries easily surpassable.
This trend is moreover emphasized by the growing adoption of mobile peripherals.
So? There is a solution and it is called “One Time Password”. A One-Time Password (OTP, password used only one time, cfr. Wikipedia) is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid a number of shortcomings that are associated with traditional (static) password-based authentication.
OTP generation algorithms typically make use of pseudorandomness or randomness. We can quote 3 main OTPs generations:
- Based on time-synchronization between the authentication server and the client providing the password (OTPs are valid only for a short period of time);
- Using a mathematical algorithm to generate a new password based on the previous password;
- Using a mathematical algorithm where the new password is based on a challenge (e.g., a random number chosen by the authentication server or transaction details) and/or a counter.
OPTs solve also economic problems: password management is quite expensive, Forrester Research quantify it by 200 USD/person per year.
Ubiquity, Global Messaging Platform active since 1999 in management of mobile services for large accounts, has already developed its own OTP system.
Ubiquity also manages OTP codes. This service can be set up either to generate and manage the whole OTP life cycle or simply to send it to the end user. The OTP service is a secure way to reach customers directly on their mobile phone replacing the token with a text message required by the users when they need it, allowing the company to reach the largest number of contacts at the lowest cost of implementation and execution.
OPT services on mobile are released through “Global Messaging Platform” and can be set up according to the specific needs of each customer and integrated within any IT company system.
Advantages for the adoption of such system are effective and clear:
- High security levels
- Reduced processing and delivery times
- Low cost of implementation and contact
- High number of end users reached
Tag: one time password