Sunday, August 22, 2010

Simple tips for OTAC (one time authorization code)   or OTP (one time password) usage

As the Security threats over the Internet Banking and Mobile Banking are on the increase, Banks are rushing to enhance the Security cover for their Internet Banking and Mobile Banking products.

One method which the banks are adopting fast is the strong, two-factor authentication with mobile phones.

This is possible with the OTAC (one time authorization code)   or OTP (one time password). Literally, both are the same.

What are the main features of OTAC/OTP?

--A one-time password (OTP) is a password that is only valid for a single login session or transaction.

--In India, this OTAC/OTP password is normally valid for 2 hours from the moment it is generated.

--This is because, it has been observed, that the user’s do not immediately 
make use of the OTP/OTAC, but login after some time.

-- Hence, if the OTAC/OTP is not valid for at least 2 hrs, than the users tend to re-generate the OTP/OTAC, thereby increasing the load on the bank’s servers.

-- OTPs avoid a number of shortcomings that are associated with traditional (static) passwords.

-- The most important shortcoming that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks.

-- This means that, if a potential intruder manages to record an OTP that was already used to log into a service or to conduct a transaction; he/she will not be able to abuse it since it will be no longer valid.

-- On the downside, OTPs cannot be memorized by human beings. Therefore they require additional technology in order to work.

-- Normally the OTP/OTAC’s are delivered via SMS to the registered phone numbers with the banks.

Hence, it is of paramount importance, that the bank customer’s safeguard their mobiles.
Tips for a safe OTP/OTAC journey:
1) Acquire a dual Sim mobile.
02)Acquire a life time Sim Card, and provide the number to the bank
03)Ideally, use this number only for financial transactions.
04)Do not insert this Sim in your mobile permanently.
05)Only, when executing an internet/mobile banking/financial transaction, insert this Sim.
06)Otherwise, keep this Sim safely in your wallet.
07) One more advantage of this is that in case your mobile is lost/misplace, your Sim is safe.
 Otherwise, it is a big pain, to change the Mobile number with all your banks