The pitfalls of using a one-time password (OTP

in #hypersign3 years ago (edited)

What Are The Pitfalls Of Using A One Time Password And Social Logins?

IMG_20210727_092325_841.jpg

In this article, we'll look at the challenges we face while using a password-based authentication system and why blockchain-based privacy-preserving logins should be considered.

What is a one time password (OTP)?

A one time password (OTP) is considered as a password that is valid for only one login session or transaction on a computer system or digital device.
Its a two step authentication login process
° The first type is accessible when one has a specific cellphone device with network connectivity where the OTP can be recieved.
° The second type is generated when using a hardware security token authentication each time you log in.

What is a Social Login

A social login is a single sign-on authentication mechanism for end users by using an existing login information on a social network provider such as facebook, google, twitter etc.
Social login is well known because
° It saves time
° Its a single-click login, the user doesnt need to remember the passwords nor type in all the details when everything has already popped up.
social logins help end users build a profile of a particular platform by accessing data from an identity provider (IDP)

Limitations Of One Time Password (OTP)

1: Dupable cellular carrier : There is an opportunity for an out-band channel likely to monitor your data when you're logged into a site using Sms OTP. To avoid an insecure metwork, you need to trust the mobile network operator because an attacker can intercept the OTP from the message sent.

2: Weak Encryption Algorithm : A weak encryption algorithm can make a way for an attacker to take over a connection from where a user had sent an OTP. OTPs sent as sms are prone to cyber atta ks as they could be copied by others.

3: Sharing Your Mobile Number Vigorously: Some person find it incoveniencing to give out numbers in a platform because its compulsory. Sharkng numbers isnt totally safe because most numbers are connected to bank accounts. Sharing of numbers can also lead to Unsolicited bulk email, sms or call.

4: Problematic: Sometimes, OTPs can be very problematic because you'll need to copy them from the device that genrates the OTP into the login form which will require a change in the UI.
OTPs don’t protect against data attacks , so an attacker can still take over a connection where a user has sent an OTP.

Limitations Of Social Logins:

  1. Archaic process: social logins still make use of an old method of reseting password which was introduced so many years ago including some twists in password requirements, since then nothing has really changed.

  2. User Data Tracking: User data can be monitored through social logins which leads to insecurity.

  3. Hacking Vulnerability: The passwords used for social logins are stored in a centralized database which could probably lead to data rupturing

  4. Security Issues: If any of these social identity providers is hacked, all accounts they use to log in are affected too. Identity provides can also run analytics and sell your data to another person.

password-based authentication systems do not value the privacy of users’ data and getting rid of the identity providers (IDP) is not a solution to these problems. So what should we consider?

Dont worry, every problem has a solution😊 Imagine a login system where the identity provider does not store any data but verifies the user by providing proof of identity? Its time to embrace hypersign logins!

How does hypersign protect you data??

Hypersign is a decentralized identity and access management infrastructure, built with an aim to resolve data security issues faced by consumers. By leveraging technologies such as blockchain to address public key infrastructure, Hypersign does not only provide passwordless authentication but also authorization and verification services.

Hypersign is different from password-based authentication
Hypersign is free for end-users.
It has an anonymous and private web wallet which helps speed up the process of Hypersign logins and issuing identities.
Hypersign doesn't have security issues, it uses cryptographically signed credentials, which implies that your data is safe and no one can steal it.
Users share information directly with the website, thus avoiding third-party interference.
The verifiable credentials of the user are stored in a mobile device or cloud agent which can only be accessible by the user.
Hypersign gives the end user full control over their data.
Subscription is required for providers, who accumulate 90% lower fees for the service.

Bottom Line

These OTPs and social logins suffer from several drawbacks, and SMS OTP doesn’t add a second factor to your authentication.
If you’re looking for a secure true two-factor authentication, you should avoid OTPs and social logins. Hypersign offers advanced security and a better user experience.
Your privacy should be your major concern, if you dont protect it, who will?

Follow us on our social media platforms to get more information about us
Website: https://hypersign.id/
Twitter: https://twitter.com/hypersignchain
Telegram channel: https://t.me/hypersignchain
LinkedIn: https://www.linkedin.com/company/13627699/