Introduction :
A token is a device to increase security and prevent fraud.
The customer does not need passwords using this device.
The strategic importance of tokens is to help provide a secure banking experience.
The customer can also confidently make higher value banking transactions.
What is a one-time password (OTP)?
A one-time password (OTP) is a string of characters or numbers that allows a user to log in to a system o
Performing a single transaction authenticates.
Disposable passwords are often abbreviated as OTP and sometimes as OTP codes.
The password has expired after you enter a system or application with a one-time password
And can not be used for the next login session.
Disposable keywords are often used for two-factor authentication in areas such as online banking.
But now organizations are also increasingly using them.
In the first step, you enter your usual login information.
The second step is to create a dynamic one-time password using a tool such as a smartphone
Required for OTP authentication.
When authenticating users, organizations need to keep three independent factors in mind:
1. Knowledge: Items that the user knows, such as a password, PIN or answer to a security question.
2. Ownership: Things that the user has such as a password, credit card or phone.
3. Biometric: Items that uniquely identify the user, such as fingerprints or
Behavioral data
Hardware tokens
Hardware tokens are physical devices that transmit OTP and help users access other accounts and resources.
Hardware tokens generally include the following:
Attached tokens:
These tokens are the most common type used in multi-factor authentication. Users attach these tokens to the system or device they want to access.
Smart cards and USB drives are located in the device’s smart card reader and USB port, respectively.
Offline tokens:
Users do not have to physically enter these tokens. Offline tokens typically create OTPs for user logins.
Keyless entry systems, cell phones, and banking security devices are examples.
Contactless tokens:
These tokens transmit authentication data to a system.
Which analyzes the information and determines whether the user has access or not. Tokens
Bluetooth is an example of contactless transmission and does not require a physical connection or manual input.
Software tokens
Software tokens are not physically available to us. Rather, they exist in software on a device such as a laptop or mobile phone.
Software authentication usually takes the form of a program that sends mobile notifications or text messages to the user to respond to them and verify their identity.
All of these methods follow the same basic process: the user sends the authentication data to a system, the system verifies the information, and in this case, grants the user authorized access.
In fact, the idea is the same as using a password, except that in OTP, authentication data is not leaked by the user and the systems in question.
Hardware tokens, such as RSA SecureID, are a definite upgrade over SMS-based OTPs that rely on what the user has, making them less authentication-based.
Abuse of knowledge. In addition, an OTP device such as U2F security keys uses asymmetric encryption algorithms to ensure
That OTP is never decrypted and disclosed.
However, the nature of hardware tokens works against them. Users must carry another device that may be lost, damaged or stolen.
This makes the maintenance of OTP tokens challenging, especially in large organizations.
In addition, tokens that need to be physically attached to the device are not always usable.
For example, USB drives such as U2F switches are not a viable solution for securing mobile devices that do not have a USB port.