DualAuth

AutoOTP as the Continuing Evolution of One Time Password (OTP) Technology, Enhances Device Independence and Protects Against Man-in-the-Middle Attacks

AutoOTP technology is rapidly becoming a hot topic – this technology maintains device independence–the greatest advantage of OTP technology and is not vulnerable to man-in-the-middle attacks.

 

Eastvale, CA -- (ReleaseWire) -- 10/25/2021 --OTP (One time Password) is a technology in which a user submits a one-time passcode to an online service for verification. Unlike conventional biometric authentication technologies such as fingerprint and facial authentication, there is no need to re-register user biometric information for each device. This allows it to be used easily in banks where tasks need to be processed on multiple devices including PCs, mobile devices, and ATMs. The OTP is secure since it does not reuse the same password and has advantages independent from devices. But, if a user unintentionally accesses a fake online system and enters the OTP code, the weakness is that the OTP code is vulnerable to theft even with a one-time password. It is also inconvenient since the user needs to read and insert the six-digit code each time.

To improve the security limitations and inconvenience of typical OTP authentication technology, AutoOTP is traversing through domestic and international standardization organizations. AutoOTP functions by the online service presenting an automatic OTP value to the user and the user verifies it through the AutoOTP mobile app, instead of the user inserting an OTP to an online service for verification.

As the usage method does not have the user entering the OTP code, the online service presents the automatic OTP code, and the user verifies it. This makes it possible to check whether the currently accessed online service is legitimate, instead of having the user read and insert it. For service providers who operate multi-channel services, it reduces their tasks, they will not need to operate numerous authentication methods for each service device.

AutoOTP technology is being used in major banks, government institutions, and companies throughout South Korea because of its ease of use and security.

Don Malloy, Chairman of OATH, The Initiative for Open Authentication–which created the international OTP technology standards, evaluated, "While AutoOTP has the media-independent universality of conventional OTP, it is the next-generation authentication technology that will be widely applied and implemented, because it is prepared for man-in-the-middle attacks." He also noted, "We will strive to spread AutoOTP along with OTP technology for global cyber security."

Director Kim Hyo-Dong of DualAuth revealed that, "While keeping up with the domestic and international standardization schedule, we plan on releasing AutoOTP technology–which is spread throughout public online services such banks, government agencies, and corporations, as freeware so that the general public and all online service providers will be able to use it without charge."