Introduction to OTP
What is OTP?
A one time password (OTP) is a password that is valid for only one login session or transaction, on a computer system or other digital device.
The most important advantage addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks
OTP is use as second-factor authentication (2FA). The 2FA is an extra layer of protection used to ensure the security of online accounts beyond just a username and password
Soffid Implementations
Soffid provides different OTP implementations. Users with the proper permissions could configure the OTP services on Soffid Console, they could configure one or more OTP implementations.
Once the OTP is configured, the end-users could config their owns OTP devices.
You can visit My OTP devices page for more information.
An email with the OTP will be send to the end-user. Then, the end-user will write the received code into Soffid to verify the token.
SMS
An SMS message will be send to the end-user to use it for authentication. Then, the end-user will write the received code into Soffid to verify the token.
Test messaging is a commns technology used for delivery OTPs. That is a secure authorisation method to send a numeric code to a mobile number.
Time based HMAC Token
The end-user must scan a QR code with an OTP application (Free Otp+, Google Authenticator and Microsoft Authenticator are the most used). Then, the end-user will write the received code into Soffid to verify the token.
Event based HMAC Token
The end-user must scan a QR code with an OTP application (Free Otp+, Google Authenticator and Microsoft Authenticator are the most used). Then, the end-user will write the received code into Soffid to verify the token.
Security PIN
The end-user can configure a security PIN into Soffid.
Soffid will ask for a specific number of digits from the PIN to verify the access. When Soffid ask for a number of digits, the user would write these numbers to confirm.