One time password is a common term that everyone understands. These days almost everyone with a mobile phone and a bank account uses a one time password. But very few know that it is more than just a message. Here we have collected some of the most common questions about OTP or one time password. Starting from What is OTP to how to create OTP and the security aspect here is a list of everything you must know about it.
what is OTP?
OTP stands for one time password. To make it simple, a one time password means code that you can use for authentication only once. After this one time use the code will expire. In other words, it is a unique short code (normally in digits or numbers) to access a file.
What is OTP used for?
The answer is hidden inside the name itself. The full form of OTP is one time password. This is a small code generally used for one time login attempts in an application. For example you receive a one time password while doing a banking transaction. You can also use this while making a website login form. Many ecommerce website developers also use one time password for authentication. Generally this OTP is a six digit code. You enter this code to process the transaction. After one to two minutes (depends on the application requirement) the OTP expires.
What is a 4 digit OTP number. How is it different from 6 digit OTP code?
In technical terms, OTP is a password that is valid for one login session. Now you may ask what is a login session. A login session is the time duration of your active login in an application. Normally we use a 4 digit OTP number or a 6 digit OTP code for internet banking. We also use this for making payment online via payment gateway.
Difference between 4 digit code and 6 digit code
Technically there is not much difference between 4 digit and 6 digit OTP numbers. Both work for the same cause. But the story does not end here. When it comes to cracking a security code, 6 digit code provides more security. The extra security is due to more combinations possible. Large code will take more time to crack than a shorter code. In simple words it is tougher to crack a 6 digit one time password code than a 4 digit one.
Why is the one time password different all the time?
As mentioned above. One time password is for a limited time and purpose. Therefore creating a unique OTP and automating the process is very important. These random numbers are created with various combinations. Due to this you see a different number every time.
How many digits are there in OTP password?
The number of digits is not fixed as there is no universal rule for it. Normally companies use 4 digit, 6 digit and 8 digit codes. But developers can increase or decrease the number depending on the needs of the company. Sometimes it is also alphanumeric.
Can we use this code multiple times?
The straight forward answer to this question is No. You cannot use OTP more than once because it will expire after some time. Most software applications allow users of OTP for a limited time only. If you are able to use this code two times then there is an error in the software application.
Additionally, many software applications use OTP as part of their two factor authentication. Therefore, reusing OTP will make the application vulnerable to security threats. Hackers may get into your application in case of OTP reuse. As a developer also you should make sure that application is generating a different OTP every time.
How to create OTP?
This is an auto generated unique code. If you do not have access to the software source code, you cannot generate OTP. Software developers write code to generate these unique codes. This is a four step process that makes a transaction secure.
- First of all on a button click or some other event one time password is generated and stored in the database.
- The user receives it on his or her mobile phone and enters into the text box.
- After this step, the application matches the code with the one available in the database.
- In case of a successful match, transactions get processed. After this the code expires and you cannot use it again.
There is one more situation. If you do not use this code for a certain time (mentioned secretly in the source code) the password expires.
You can also check our OTP email format to see how to write one time password email.
How to create an OTP message template?
Creating an OTP message template is important because you send this to clients. First of all you must keep it short and simple. Standard SMS size is 160 characters. Therefore, you should create the message template to fit this limit. This also includes the one time password. Staying in the limit will also help you in saving costs. For example if the size of the OTP message is 161 characters, you will be billed for 2 messages.
One Time Password Service providers
There are many companies working as OTP service providers. First of all this comes under the department of telecom regulatory in any country. So the company selling one time password must be approved by this department. Additionally, there are some rules and regulations or limitations of sending an OTP. Before you create an OTP template, you need to get approval from these SMS service provider companies.
There are two types of companies.
There is one parent company that applies for a license as a bulk SMS provider. Normally they get a license as marketing companies. Under this they send bulk emails as bulk email service providers and bulk SMS providers both.
On the other hand there are resellers. These companies do not register them as marketing companies. They simply take bulk SMS or email packages from parent companies. Then they sell bulk SMS to their customers and make profit. In many cases the original bulk SMS service provider (parent company) sets a minimum selling price to avoid price based competition from resellers.
Cost of sending OTP messages
The primary cost of sending OTP messages depends on the service provider. SMS service is divided into two primary categories. One time password comes under the transaction messages category. The rate of transaction SMS is higher than promotional messages. Generally companies purchase bulk for marketing purposes and transaction SMS packages for sending transactional information to registered customers. The cost of sending a one time password also depends on the country of operations. For example, the cost of sending transaction messages in India starts as low as 8 paisa per SMS. The prices are subject to change depending on the bulk SMS service provider.