Welcome to WebmasterServe!

FREE TO JOIN! Join us now to engage in informative and friendly discussions about Webmastering, SEO, SEM, Internet Marketing, Programming, Graphic Design, Online Jobs and more. What are you waiting for? Ready to join our friendly community? It takes just one minute to register.

Dismiss Notice

Join WebmasterServe Forums 
Join the discussion! Have a better idea or an opinion? It takes just one minute to register Click Here to Join

Help Me/Question Is Otp (one Time Password) Completely Secure?

Discussion in 'General Business Topics' started by networld, Jan 28, 2016.

  1. networld

    Yellow Belt

    Joined:
    Dec 7, 2015
    Messages:
    396
    Ratings:
    +50 / -0
    Nowadays most of the internet transactions ask for One Time Passwords (OTP) which usually includes sending a numeric code to your mobile phone through SMS and you need to enter it back correctly in the site to proceed further. The advantage is that only the person holding the mobile handset will be able to see the code and it keeps on changing after every use. But is it completely safe? Can a hacker use it if he takes control of our mobile handset?

    I think OTP is safer than our conventional password system. There was news that Yahoo mail is going to use this technology in place of normal passwords.
     
  2. suleman

    Yellow Belt

    Joined:
    Jan 23, 2016
    Messages:
    178
    Ratings:
    +16 / -0
    I think it's secured because in some cases if the mobile number is needed to change, no one can do it without entering the previous number and without the security process they need to complete before it's done.

    This OTP is to protect you from being compromised by other people.
     
  3. jowjow

    White Belt

    Joined:
    Jan 25, 2016
    Messages:
    105
    Ratings:
    +18 / -0
    There is no really 100% safe method in the internet right? And I think One Time Passwords or OTP is just another precautionary measure or added security feature. In the situation your telling if you lose the mobile phone, why not disable first the number and then update your password in this way the one holding your mobile cannot receive the updated password since the number is already disabled. Right?
     
  4. Manish Mishra

    Yellow Belt

    Joined:
    Dec 22, 2015
    Messages:
    1,025
    Ratings:
    +159 / -0
    OTP is very safe since only registered mobile number/registered e-mail address is going to receive it for further processing. Best part is it is generated for one time use only. It means no damage or problem after it is used.
     
  5. networld

    Yellow Belt

    Joined:
    Dec 7, 2015
    Messages:
    396
    Ratings:
    +50 / -0
    That's quite a practical tip. That means if my mobile is stolen or missing I can just go to that site and change or disable my mobile number registered with it, That is quite practical I guess. Moreover the chances of missing a mobile handset are quite remote I think. The feature of changing the code after every use makes it more sturdy.

    This makes OTP one of the safest modes of online security. Whenever I do online shopping I always make it a point to activate the OTP before authorizing my payment.
     
  6. Ramakrishnan

    Yellow Belt

    Joined:
    Jan 21, 2016
    Messages:
    142
    Ratings:
    +11 / -0
    I believe OTP is safer and secure procedure because you get it in your registered mobile and it is valid only or few minutes. Even if the hacker knows your other passwords he cannot do transaction because the mobile handset is with you.
     
  7. briannagodess

    Yellow Belt

    Joined:
    Jan 18, 2016
    Messages:
    117
    Ratings:
    +18 / -0
    Yeah, I think it's one of the safer routes to go. It's an added precaution or safety net for consumers and customers. Although with the internet, there is no foolproof way of being safe and we just have to take the necessary steps to make our internet life better. But the more steps we take to ensure the safety of our accounts, the better. As long as we have the handset and number, no other person can get into our account. And if the handset does get stolen, we can just ask the service provider to block or ban the number.
     
  8. djweb

    Yellow Belt

    Joined:
    Jan 21, 2016
    Messages:
    158
    Ratings:
    +14 / -0
    Whatever prevents or delays a hacker is good. Sure, someone can clone your sim, but then if such people wanted to get into your account, there isn't much you can do. However, for the everyday hackers, who probably use (say) keyloggers, OTPs are the best solution.
     
  9. challengewriter

    Yellow Belt

    Joined:
    Dec 9, 2015
    Messages:
    385
    Ratings:
    +66 / -0
    It is safe, I like using it for online transactions and because I am so sensitive of my phone that I always put it near me and somewhere I can see it, I feel like it can hold all my average and keep it safe, so yes OTP's are very secure and good for people who aren't careless. Usually they expire after 10 mins
     
  10. bluegreen

    White Belt

    Joined:
    Feb 1, 2016
    Messages:
    7
    Ratings:
    +1 / -0
    In my honest opinion One Time Passwords are very secure, one of the most secure methods nowadays. If you use with your own phone number is really secure. Of course that it can be robbed, but it's much harder to get your phone and know that you have some account associated with it than hacking your email and you PC, getting all the information and Passwords.

    So yes, it's a really huge improvement that they made and I'm glad that I use it for some sites to pay bills and buy stuff online. Some sites don't use it yet but I hope that in a near future they implement it, like Amazon and Ebay!
     
  11. networld

    Yellow Belt

    Joined:
    Dec 7, 2015
    Messages:
    396
    Ratings:
    +50 / -0
    I think nowadays almost all sites, especially sites dealing with money transaction employ this technology. I suggest this to be made mandatory in all sites to ensure maximum security. The best part is that it keeps on changing every time. So, even if somebody managed to know your code once, it will never let him succeed in his next attempt as code changes with every attempt.

    Losing a handset is a very rare case I think. Even if we lose our handset there should be an option to change the mobile number registered in the site as soon as possible.
     
  12. cheezcarls

    cheezcarls It's Game Time!
    Yellow Belt

    Joined:
    Dec 15, 2015
    Messages:
    976
    Ratings:
    +162 / -0
    When I do online transactions in the first place, I always use the one-time password in order to have a safe and secured transaction. A one-time password feature is an opportunity for us to be equipped with some security when accessing some important information online like transactions. At first, I really ignored one-time passwords because I was confident that time that my main password is impossible to get hacked by somebody. But I finally realized about the importance of one-time password on top of the main passwords that we have. Right now, it is too much to ignore one-time password features nowadays.
     
  13. networld

    Yellow Belt

    Joined:
    Dec 7, 2015
    Messages:
    396
    Ratings:
    +50 / -0
    Nowadays the situation is like that anything that can be accessed can be hacked too. Intelligent hackers are able to intrude into servers installed at military intelligence with top most security. So, no data is secure online. But a precaution like OTP can go a long way in ensuring data security over Internet. As you said OTP along with a strong main password is what we can do to safeguard us from online hackers.
     
  14. Prasoon Arora

    Yellow Belt

    Joined:
    Feb 1, 2016
    Messages:
    472
    Ratings:
    +24 / -0
    OTP offers you using your mobile device while adding the security of out of band delivery. We all are familiar in carrying mobile devices with us whether it is IOS or Android. If managing OTP offers you, with the transaction with the assurance of safety.
    Internet world is huge and malware attacks and interruption in the middle hinder password reset attempts by intercepting communication between you and the other delivering the new password. By opting for OTP, malware or interruption like hacking/ hackers are unable to intercept the delivery of the password.
    If in case you are unable to reach the number, or you lost, you have to register the new number and you can get assured for your safe transaction.
    There are features in your mobile devices, as if you are the only one who received the password, by locking your device and much more even if you are not in reach of your phone.
     
  15. bharath

    Staff Member Yellow Belt

    Joined:
    Dec 7, 2015
    Messages:
    772
    Ratings:
    +54 / -0
    OTP is a safe to the Netbanking operators as it sends one time pin before transaction to clear that the account holder using.
    Better than OTP there is no other method for secured money transfer. After all password matches, OTP matches, then transaction password should match for processing the money transfer. This is the latest technology for online banking and it is more convenient to transfer the money.
     
  16. krishatg

    Yellow Belt

    Joined:
    Jan 16, 2016
    Messages:
    240
    Ratings:
    +14 / -0
    I believe otp is much safer than other techniques of security as you got message only on the registered mobile number. Only than you complete your transaction. So it can only be breached if someone hack your mobile too. So we can say that it is 99 percent secure method.
     
  17. djweb

    Yellow Belt

    Joined:
    Jan 21, 2016
    Messages:
    158
    Ratings:
    +14 / -0
    Yeah. Anytime, some physical form of security is needed, it will always be safer. That's why grid cards work too, unless of course you store your grid card values on your computer, which is somethiing that a friend of mine has done. His banking grid is his desktop wallpaper :p
     
  18. networld

    Yellow Belt

    Joined:
    Dec 7, 2015
    Messages:
    396
    Ratings:
    +50 / -0
    There could be a loophole in that. It is better not to store information like a grid card in your PC. These bank usually send the grid numbers through email. I normally delete it after taking a print out and never store it in soft copy. I always refer to the paper copy I have.

    I think same is the case with storing passwords in your computer. An intelligent hacker can steal any data from a computer if he wishes to do so. It is advisable to keep a diary for this purpose and keep on noting down as and when you change your password.
     
  19. bluegreen

    White Belt

    Joined:
    Feb 1, 2016
    Messages:
    7
    Ratings:
    +1 / -0
    Yes, 99% secure method :p

    Unfortunately I don't believe in a 100% secure method unfortunately, there will be always some way to break into your online accounts or something physical like a safe, house or something like that. The only 100% secure way of saving your accounts, money etc is to not have none :p then you are 100% sure that no one will try to steal them!
     
  20. briannagodess

    Yellow Belt

    Joined:
    Jan 18, 2016
    Messages:
    117
    Ratings:
    +18 / -0
    Yeah, but having no account means living under a rock, lol. If only we can survive without internet, online accounts and all those things, then we won't have any problem today. Problem is, the world operates online now and we have to have accounts on the internet to get by. But I think with money, you can always opt to have an offline bank account. You can choose not to create online bank accounts and just withdraw from ATMs for transactions.
     

Share This Page