OTP SYSTEM, 🔓

   OTP SYSTEM, A RELIABLE SECURITY MECHANISM

With the advancement in technology all those working online are really facing security threat, at any moment a person can hack your website and can have an access to your data. For combating this threat TWO FACTOR AUTHENTICATION (TFA) is used widely which works by sending an OTP (ONE TIME PASSWORD).
What is two factor authentications AND (OTP)?
Two factor authentications is basically a second layer of protection after your password. When a person creates an account online, in order to secure his data he is compelled to enable two factors authentication process besides his user name and password. Now when the user log in by entering  his user name and password the website or account send an OTP(one time password) on users mobile number or through any other registered mean . When the user enter that OTP he gets access to his data, OTP usually consists of 4 to 6 digits or alphabets.
.
DELIVERY OF OTP TO USER?
It has different formats depending upon the websites or application which is using two factor authentications for generating OTP
Basically it is sent;
  • By sms on registered  phone number  with backing of voice call
  • By voice call
  • By an email

OTP generated under two factor authentications is mostly used by E commerce websites, banks, for online shopping, pay pal, to verify that person getting access to an account that he is real owner of it, to secure sensitive documents etc. A layman in order to secure his website can also generate OTP by using application.



USE OF OTP BY BANKS:
Banks across the world use OTP for their online transactions. When you install a banking app and try to log in after entering your user name and password the app will automatically send an OTP on registered phone number and after verifying the OTP you can go for the next step.
Banks usually use it because transactions involve money and if someone gets to know client’s username and password or his account no and password he can easily login to account and can steal owner’s money or make a fraudulent transaction. That’s why banks now and then warn their customers to not share their private information with anyone who approaches them on behalf of their bank as banks never ask for private information on call.
USE OF OTP BY WEBSITES:
Many leading websites and particularly those whose dealings involve money use OTP. Authentication of the user during a transaction via their mobile makes it less risky and less insecure for those making a transaction online.  Many online retailers avail this technology by delivering their items  without asking for immediate sign and once the receiver log in using user name and password an OTP is sent to him, using which he can open the box , they term it as delivery drop box authentication as box is  delivered  but can only be opened after OTP authentication . This process facilitates both the ends.
OTP AN ALTERNATIVE OF CAPTCHA AS BEING USED BY GOOGLE:
While using Google it is for sure that you might have come across the captcha that is used by the Google which is a challenge response test through which Google assesses that the user is human or not. In the same way an OTP password can also be used to determine that whether that, who is trying to get access of an account Is human or a computer.

HOW AN OTP IS GENERATED:
Whenever you log in to your online banking app or to any website for the sack of transactions or even for registration, the process starts in the following manner
  • You as a user enter your user name and password
  • The application assess it and send it the backend  of the system
  • If your  username and password matches  an OTP is send to you through sms
  • Then you who are a (user) enter OTP and start using application.
Basically two steps  are involved in this whole thing 1st is generation and second delivery, OTP is created by time base process or by  mathematical functions which are technical and mainly delivered through SMS.
SIGNIFICANCE OF OTP IN SECURING ONLINE BANKING, IN WEBSITES SECURITY AND IN ONLINE TRANSACTION:
It is widely assumed that a cell is very personal commodity and everyone keeps it with themselves. Usually OTP is sent on phone number so even if a hacker gets the user name and password of any account  and two factor authentications is active the account will ask for OTP sent on phone number,  which not only warns the user but defeat the hacker as well.
  • OTP can be used for 1 time and  its validity time period is very less it may be 1-2 minutes
  • When times out even the person who is owner of that account and phone number cannot use that OTP and he has to request again for a fresh OTP.
  • It is generated in seconds.
  • It protects client’s data
  • It is automatically generated and sent.
IS OTP FREE OF COST??
OTP DELIVERED BY BANKING APPS AND WEBSITES:
While you login an app for online transaction or sign in any website that has activated two factors authentication and an OTP is generated and delivered then it is free of cost and every time you login the app the OTP is generated and sent  to you, if times out you can request it again and again without any cost.
If you are not getting OTP you can go there and ask them to deliver by email or voice mail but mainly it is done via sms.
WHEN YOU HAVE TO PAY FOR OTP?
Some APPLICATIONS are free to install and use it but for the purpose of up gradation you have to pay , in that case  the software or  the website managing that application will allow you to upgrade only if you enter an one time password (OTP) that will be given you in return of payment mentioned by them, for the sack of securing payment.
In short we can say that OTP or one time password system is more reliable in terms of providing security. The only way it can leak out is when your phone is hacked or you yourself tell someone about it otherwise it is considered a best security measure throughout the world.
Admin - eshX 🧚‍♂️✨

Comments

Post a Comment

Popular posts from this blog

LINKEN SPHERE V7.9 [MEGA] - Professional Anti-Detect Browser

Image
Do you know that all your activities in the Internet are traced and recorded? Whether you use search engines, read emails or communicate in social media, all your activities are always in full view. The global practice of online censorship causes offline problems is a commonplace today. What is our mission? We dream of a free world with safe Internet. With a right for everyone to private life and expression of one’s own opinion without fear for one’s freedom. Here is the safest tool for anonymous Internet surfing.    It is absolute security, anonymity and freedom.                       Hundreds of new identities                         just in one click!    + Features!    + PRICE?? No! it's free* Exclusive at xstring.cc [here.]      * The software has no server or any other bindings and  is absolutely free . All maintenance and improvement activities are done solely by voluntary donations of users.         +        DOWNLOAD [MEGA] LINKE
Read more

Google Hacking made easy

Image
  # Search for documents on popular clouds site:drive.google.com <searchterm> site:dl.dropbox.com <searchterm> site:s3.amazonaws.com <searchterm> site:onedrive.live.com <searchterm> site:cryptome.org <searchterm>  # Admins credentials  intext:company_keyword & ext:txt | ext:sql | ext:cnf | ext:config | ext:log & intext:"admin" | intext:"root" | intext:"administrator" & intext:"password" | intext:"root" | intext:"admin" | intext:"administrator" # Look for domains indexed by others website site:bgp.he.net inurl:ndd site:dnslookup.fr inurl:ndd # Get information on the internal organization sites:cadres.apec.fr direction <SOCIETE> # Financial reports "périmètre de consolisation"|"rapport de référence"|"rapport annuel" filetype:pdf # When you use the Google Dork:  site:*.example.com, NEVER forget to check site:*.*.example.com site:*.*.*.example.
Read more

What is Hidden Eye? and Install!

Image
What is Hidden Eye? Hidden Eye is a tool that contain a variety of online attacking tools such as Phishing, Keylogger, Information gathering, etc. Hidden Eye used to perform plenty of online attacks on user accounts. By using Hidden Eye you can have your target live information such as IP ADDRESS, Geolocation, ISP, Country, & many more. Hidden Eye Tested on Following Platforms Kali Linux – Rolling Edition Parrot OS – Rolling Edition Linux Mint – 18.3 Sylvia Ubuntu – 16.04.3 LTS MacOS High Sierra Arch Linux Manjaro XFCE Edition 17.1.12 Black Arch Userland App (For Android Users) Termux App (For Android Users) What are Prerequisites for Hidden Eye Please verify the following installed and updated before you go for installation. Python 3 PHP sudo How to Install it on Linux Step -1 git clone https://github.com/DarkSecDevelopers/HiddenEye.git Step – 2 chmod 777 HiddenEye Step – 3 sudo apt install python3-pip Step – 4 cd HiddenEye Step – 5 su
Read more