0% found this document useful (0 votes)
148 views2 pages

OTP Authentication Finacle Integration Approach PDF

Two-factor authentication (2FA) adds an extra layer of security beyond just a password by requiring two forms of authentication: something the user knows (their password) and something they have (their mobile phone). The standard approach is for the user to enter their username and password, then receive a one-time passcode via text message or authenticator app on their phone to login. This prevents account access even if the password is compromised, since the hacker would not have the user's phone. The 2FA process involves authenticating the user's ID and password, fetching their registered phone number, displaying a screen to enter the one-time passcode sent to that number, and validating the passcode before granting access to the

Uploaded by

puneet mishra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
148 views2 pages

OTP Authentication Finacle Integration Approach PDF

Two-factor authentication (2FA) adds an extra layer of security beyond just a password by requiring two forms of authentication: something the user knows (their password) and something they have (their mobile phone). The standard approach is for the user to enter their username and password, then receive a one-time passcode via text message or authenticator app on their phone to login. This prevents account access even if the password is compromised, since the hacker would not have the user's phone. The 2FA process involves authenticating the user's ID and password, fetching their registered phone number, displaying a screen to enter the one-time passcode sent to that number, and validating the passcode before granting access to the

Uploaded by

puneet mishra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

OTP (Two Factor) Authentication

Introduction: Security is a major concern today in all sectors such as banks, governmental applications,
military organization, educational institutions, etc. There are several issues when it comes to security
concerns in these numerous and varying industries with one common weak link being passwords. The
rapid growth in the number of online services leads to an increasing number of different digital identities
each user needs to manage. But passwords are perhaps the most common type of credential used today.
To avoid the tedious task of remembering difficult passwords, users often behave less securely by using
low entropy and weak passwords. Most systems today rely on static passwords to verify the user’s
identity. However, such passwords come with major management security concerns. Users tend to use
easy-to-guess passwords, use the same password in multiple accounts or store them on their machines,
etc. Furthermore, hackers have the option of using many techniques to steal passwords such as shoulder
surfing, snooping, sniffing, guessing, etc. Moreover passwords can be written down, forgotten and stolen,
guessed deliberately being told to other people. Two factor authentication (commonly abbreviated 2FA)
adds an extra layer of security to your user’s account login by requiring two forms of authentication:
something user knows and something they have.

How Does Two Factor Authentication Keep Users Secure? The classic authentication approach for web
applications requires a user to enter a username and password. However, things like password reuse,
poorly encrypted passwords, social hacking and hacked databases make even a secure password
vulnerable. By requiring users to add a second factor to their authentication flow, an account with a
compromised password will still be secure.

Mobile phone 2FA has become the industry standard, as most people carry their mobile phones at all
times. It’s a user-friendly flow, and dynamically generated passcodes are safe to use and users can receive
special tokens through SMS or a dedicated app.

How Does Two Factor Authentication Work?


Approach for 2FA: Below flow chart displays the flow of 2FA while logging into the system:

Salient Features of 2FA:

 Post providing User Id & Password, user is authenticated in the database and
corresponding registered mobile number is fetched from the system
 At Next Step, user is displayed the screen to Submit/Resend the OTP to Registered
Mobile Number
 User enters the OTP and is validated & moved to main system screen
 In Case user clicks on resend, OTP is sent again to users mobile number and user
continues to second last step

During the entire life cycle, HMAC* (we use HMAC as this is the One of the best available Algorithms till
date) Algorithm Server & Finacle Server are continuous communicating regarding the authentication
status of User Id in focus. User is allowed only when authentication that too from a proper channel is
made. Hence, making the combination as one of the most secured 2FA for Banking Applications.

* HMAC algorithm works continuously to lessen down predictability of OTP by a person other than user

You might also like