How One-time Passwords Offers Low-cost Solution for Secure Logins

How One-time Passwords Offers Low-cost Solution for Secure Logins

About a year ago, T S Solutions Private Limited found that RSA SecurID hardware tokens were no longer a viable solution for our clients’ enterprise resource planning (ERP) secure logins. Through research and testing, we switched to one-time password (OTP) for secure login in our ERP solutions. The results: a mobile-based login application that’s easy to use and comparatively cheaper than RSA SecurID.

T S Solutions develops custom software solutions for SMEs. In 20 years, we have served many industries including shoe manufacturing, transformer manufacturing, trading, sports goods manufacturing, automotive, carpet manufacturing, and sugar manufacturing.

We used RSA SecurID hardware tokens for about seven years as RSA was the most renowned security solution for identity and access assurance. The downside, specifically for our clients, was having to maintain a separate server and purchasing hardware tokens. Our team first had to set up the keys before sending them to different ERP users – all of whom are based in various locations. Eventually, the expense of RSA wasn’t worth bearing for our clients.

About One-time Password Technology (OTP)

Different to traditional passwords which are static, OTP codes are not vulnerable to replay attacks. The expiration element reduces the chance of an unauthorized third-party abusing access. Because humans do not select the codes, it helps users who are prone to reusing same or similar passwords from being attacked. However because OTPs are difficult to memorize, they require an additional device like a mobile phone to work. Since most people have mobile phones (which they use for multiple purposes), OTP technology is easy and cost-effective to implement.

OTP offers a secure login solution at the same security level as RSA SecurID hardware tokens without requiring an additional device. OTP codes are valid for only one login session or transaction occurring one digital device for a limited time. All that’s needed is a username (or email address), password, and mobile phone.

With this knowledge, our team upgraded our ERPs to use OTP-based logins. At the backend, we use Amazon’s SMS Services for sending SMS worldwide.

How we implemented OTP Technology

Previously, login required users to enter their email address and password. After that, they inserted the RSA SecurID hardware token number — which would flash on the token.

Our new login process

  • Step 1: Users’ data (email address, verified mobile number, and password) are stored in a secure database.
  • Step 2: Users navigate to the login screen and enter their email address and password.
  • screen for entering email and password

    Enter email and password

  • Step 3: If the user’s information is correct, they are directed to another screen requesting to enter their OTP code, which is sent to their verified mobile number.
  • screen for entering OTP for login

    enter received OTP as SMS

  • While the page loads, the software’s backend generates an OTP code and saves it to the user’s login information. Amazon’s SMS service sends a message with the OTP code to the user’s registered mobile number.
  • OTP received on mobile for login

    OTP Received for login

About T S Solutions Private Limited

T S Solutions Private Limited (www.tsspltd.com) is a team of highly-qualified IT professionals based in India. Since 1998 we have been the pacesetters in providing high-quality services to customers worldwide. We offer expert software development, customization (custom application development) and integrating enterprise-level solutions. Our team harmoniously incorporates knowledge, technical skills, applied experience, and passion for IT solutions.

T S Solutions switched to using OTP-based for our ERP logins because they are easy to use and comparatively cheaper than RSA SecurID hardware tokens. OTP technology can be implemented to any solution requiring secure logins. The secure login feature is not available to the general public or sold on its own; it’s integrated into the custom ERP software we develop.