What is One Time Password or OTP?

OTP- One Time Password, that four to six-digit code that pops up on your screen every time you use your Debit or Credit Card for an online transaction or a NetBanking transaction. Have you ever wondered what exactly are these numbers and why do they play such an integral role to secure your bank account? 

Through this article, we take you through what is OTP and all that you need to know about it. 

What is OTP Number? 

​​​​​​​OTP also is known as a One Time Password is unsystematically generated and sent to your registered mobile number to validate the specific transaction. It offers an enhanced layer of security for the card and online transactions. It is sent to your mobile number within a couple of seconds of you inputting the details of your transaction and stays on your phone only for 2 minutes.  OTP is automatically generated with a numeric or alphanumeric string of characters that authenticates the user for a single transaction done by Credit Card, Debit Card or login session. This OTP is a secret token that must not be shared with anyone.

An example of an OTP  is when a system administrator, for instance, HDFC Bank sends you an OTP to complete your online purchase. This alphanumeric code which is used to authenticate access to the system changes every 30-60 seconds depends on how the back end system is generated. Most bank’s offer the period from 2 minutes to 10 minutes for the OTP to expire. However, for instance, Mobile device apps such as Google Authenticator bank on the token device and PIN to generate the OTP and offer two-step verification. It is unlike static passwords that expire only after every 30 to 60 days, the OTP is used per transaction or login session only. 


OTP versus Static Password
​​​​​​​

  • Static Password: 

    A static password is a password set up by the user and can be used multiple times. Although the authentication method is suitable, it is not secure as it is susceptible to online identity theft, phishing, keyboard logging, the man in the middle attacks, ATM and POS device skimming. All these theft practices are on the rise. A static password enables you with a single layer of security. 


  • OTP: 

    One Time Password, the added security layer over and above your static password is what today’s robust authentication systems address and topple the limitations of static passwords by incorporating and additional security credential. The OTP aids to protect network access and end-users digital identities.

    Though each of these passwords offers their specific type of security, they work best together. The OTP adds an extra level of protection over and above the static password and makes it an added challenge for unauthorized individuals to access information over networks and through online accounts. 

    We have explained the OTP meaning, now let’s understand how to get a one-time password. 

    When a user logs in to his online banking platform or carries out an online purchase transaction, many banks, for instance, HDFC Bank will send you an OTP through the mode of an SMS on your registered mobile number or your registered email address. 

    They provide you with a temporary that is an OTP passcode for a second authentication factor. In the case when an unauthenticated user attempts to access a system or perform a transaction on a device the bank network server generates a number or a one-time password algorithm to match and validate the one-time password and user. Hence, if the unauthorized user does not have your cell phone, it is challenging to complete the transaction without the one-time password algorithm.

    An OTP  is the second step for two-factor authentication for any online transaction after you have entered your login and password credentials. This must not be shared with any party, even bank officials.

 Benefits of OTP

  • The OTP outweighs all the security hiccups the administrator or the security managers at the back end team of the bank have to face.
  • With the OTP auto-generated algorithm, bad or weak passwords, sharing of credentials, password composition rules or reuse of the same password on multiple accounts and systems are all redundant. 
  • The OTP is valid only for a few minutes; thus, the breach of security is extremely minimal. 
  • As it’s a One Time Password- OTP  prevents attackers from obtaining the secret codes and reusing them. 

How the OTP works? 

Through the OTP based authentication mode, the user’s OTP and the authentication server rely on shared secrets. The numeric or alphanumeric values for the OTP  are generated using the Hashed Message Authentication Code-HMAC algorithm such as time-based information or an event counter. Each OTP will have a timestamp for additional security. The OTP once generated is delivered to a user through numerous channels such as text message via SMS, registered email address or other dedicated applications chosen by the bank.
​​​​​​​

This article has explained in detail what is meant by OTP, how it is generated and the difference between a static password and an OTP. So, the next time you carry out any transaction online, you will know precisely what those six digits mean on your SMS that reads as OTP. To learn more about HDFC Bank Debit and Credit Cards, click here. 


Looking to open a bank account online with HDFC Bank, click here to get started!

Read more about Digital Banking here.


*Terms and conditions apply. The information provided in this article is generic in nature and for informational purposes only. It is not a substitute for specific advice in your own circumstances.