How Can an Out of Band One Time Password Secure Information
- Author Adam Quart
- Published April 30, 2012
- Word count 403
Usually during the two-factor authentication process a one-time password is used to verify the user’s identity. This secures authentication by asking for multiple criteria to be met such as something you know and something you have. Something you know being your traditional username and password and something you have being your OTP or one-time password. However during transmission of this one-time password a hacker could still intercept the data to gain access if the OTP is not sent to an out-of-band network.
One-time passwords come in many forms from something as simple as a sheet of codes to the more advanced propriety key generating tokens. Many times for information that is not an extremely high security risk the OTP will be sent via email to the user for identification. This is not an out-of-band solution because the email can be received on the same network as the login panel.
The problem with sending the second factor in the authentication process to a solution that is not out-of-band is that easy to use and readily available software makes it easy to intercept information including the user’s one-time password. With an out-of-band solution the user would need to receive their OTP on a separate network than their login panel. One way is through proprietary tokens that generate dynamic one-time passwords. However tokens be pricey and can create havoc when lost or misplaced.
Another less expensive and more reliable device would be the user’s mobile phone. Since we are a society who must be connected to our mobile phones constantly a user will not forget their device and the chances of the device being broken are much lower. Also the device’s network is completely out-of-band from any login panel.
Securing authentication by sending the one-time password through an out-of-band network protects the user from malicious software as well as misplacement of their device. This makes it very hard for a novice hacker to gain access to confidential information or networks and ensures the user will receive their OTP when they need it.
The only way to become more secure once you already utilize an out-of-band OTP for two-factor authentication is if it is a zero footprint solution. Zero footprint authentications allow the one-time password to be sent without leaving any trace of the authentication or password behind on the device. Ultimately securing the authentication process completely from internet or network based attacks.
There are no posted comments.
- Protect your files with drive image backup software
- How Cloud Management Values Change Your Business
- The U.S. Government and Zero Day Vulnerabilities
- Spyware – Yet Another Cyber Menace
- Reset lost passwords in Windows with Active@ Password Changer
- Antivirus measures you should know when your PC is infected with a virus
- Security Fit For Royalty!
- Global VPN Use Is Booming But So Is Cyber-Censorship
- Things to do to make your business, cyber secure
- The new European data protection system
- Avoiding Disaster: Make Website and Business Asset Backups Mandatory
- 12 Ways to Keep Your Data & Identity Safe Online
- Associate With Avast Support USA To Shield PC Against Viruses And Malware
- Microsoft Office Customer Service for Office Setup
- What is All-czech browser hijacker and how to remove it
- Methods to delete Web-start.org from computer and browser
- What is Odin ransomware, how to decrypt .odin files
- How to remove Loadstart browser hijacker
- How to remove Tech-connect.biz from Google Chrome and all other browsers
- How to remove Alma Locker ransomware virus
- How to remove SOEASYSVC adware from your browser
- How to get rid of SafeSurf virus
- How to remove Cryp1 virus and to restore the encrypted files
- What is Social2Search, and how it differs from other adware
- How to remove Hohosearch adware from computer and browser
- Browser Hijackers, the Methods Of their Action And the Ways to Remove Them
- 5 Website Security Issues You Should Be Aware Of?
- What is a denial of service attack?
- How to Remove VISUAL SHOPPER completely
- Just a few Thinkings In relation to File and Document Management Systems Protection