Authenticating users through one-time password
The fast development of the Internet helps our lives in various aspects. To a greater extent, business will be accomplished via Internet. Under such situations, proper attention must be provided to the information security, of which the identity verification is one significant problem. In the conventional authentication plan, the user gives the username and static password to service provider, but there are some intrinsic shortcomings of this method-static passwords maybe speculated, overlooked, and snooped. One-Time Password (OTP) is regarded as the powerful authentication plan among all password-based clarifications. In this paper, a novel two-factor authentication plan based OTP is anticipated. The plan does not only convince the reciprocated authentication between the user and service provider, but also shows higher security and lower computational charges than conventional plan based OTPs.
As an increasing number of businesses are accomplished via Internet, more consideration should be given to the safety of information. Identity verification technology is the primary protector and the gateway of network system. In the conventional authentication plan, the user gives the username and stationary password to service provider, which has some intrinsic drawbacks-the stationary password may be speculated, overlooked, stolen and snooped. In order to surmount these inadequacies of stationary passwords, Leslie Lamport anticipated a more secure verification scheme relied on one-time password technology. The theory of the technology improves the security by appending some indefinite factors to make sure the password of each login unique, and increase the security of login process. One-time password is largely employed as the powerful authentication plan amongst all password-based clarifications.
Stationary passwords are best at inconvenience to users as they have to be kept in mind and at nastiest, lying on your front to different types of attacks. There are lots of tools and apparatus present to search passwords off the internet or even from computers not linked to the Internet. If you have an e-commerce website on WHMCS and deliver SMS to your customers via WHMCS SMS notify, then also you require a safe customer verification method. On the whole, the use of only stationary passwords for making your web applications safer radically improves probabilities for identity thefts and fake transactions.
One time passwords lessen the above issues by offering the end-users a provisional password that can be employed only one time. Combined with usual static passwords or digital certificate-based verification method, they give two-factors of authentication that can constantly defend end-users alongside phishing attacks, and other types of identity thefts.
Choices of OTP medium
No password weariness among end users
Implemented as part of a two-factor authentication method to protect against man-in-the-middle attacks
Event based and time based password creation
Economical alternative to costly digital certificates based authentication method, particularly when the stakes are comparatively lower.