The OTP code input method is not only vulnerable to
phishing or pharming attacks,but it is also inconvenient to type every time.
Try AutoOTP, which automatically provides OTP. Convenient and secure AutoOTP is provided for free to all online services.
What is AutoOTP?
OTP technology is a technology in which a user inputs a one-time password into an online service and the online service verifies it to authenticate the user—once it registers the OTP generator and user account, user authentication is possible on multiple devices such as PC, tablet, smartphone, ATM, and smart TV. However, OTP technology is vulnerable to man-in-the-middle attacks because it cannot check whether the online service connected by the user is fake, and it is inconvenient to read and input the 6 digit number into the device every time.
AutoOTP is a technology that the online service presents to the user, instead of the user entering a one-time password into the online service and the user verifies it, with the AutoOTP app. No need to do anything complicated: one checks the 6 digit number submitted by the online service and confirms if it is the same as the 6 digit number in the AutoOTP app. In addition, as with general OTP technology, by registering an AutoOTP generator and user account, user authentication is possible on multiple devices such as PCs, tablets, smartphones, ATMs, and smart TVs.
Service Usage Steps
AutoOTP Service consists of AutoOTP mobile app and AutoOTP authentication server. An online service operating organization that wishes to use AutoOTP the AutoOTP authentication server and installs it directly, and guides the online service customer to user authentication through the AutoOTP app.
AutoOTP Service installs the AutoOTP authentication server on the online service server and links it with the existing online service, then registers and uses the online service account in the AutoOTP mobile app. To register an online service account in the AutoOTP app, one scans the AutoOTP registration QR code presented by the online service in the AutoOTP app or enters the registration code. AutoOTP mobile app can be linked with AutoOTP authentication servers and accounts provided by various service organizations, and it’s possible to register accounts with general OTP authentication servers.
AutoOTP is the only authenticates the user and a mutual authentication technology that allows users to check whether the online service they have accessed is genuine on top of that. Therefore, it is more than twice as secure as conventional OTP technology. In addition, the user does not need to inconveniently read and manually input the OTP code, but only needs to check the automatic OTP code presented by the online service is the same as the automatic OTP code generated by the mobile app.
AutoOTP is a free license that can be applied to any public online service.
AutoOTP can be used for free in all B2C and G2C online services, but in the case of B2E online service for employees within a company, one must purchase and use an AutoPassword Enterprise license.
As for AutoOTP, individual users directly set the security policy of the AutoOTP app (biometric authentication settings, etc.), whereas in AutoPassword Enterprise, the company determines the security policy of the app and distributes to the app through the authentication server. Therefore, if a B2E online service for internal employees or a B2C online service wants to distribute an authenticator with its own separate name, one must use the AutoPassword Enterprise license.
Biometric authentication technology can be used on devices with biometric sensors, such as smartphones. Therefore, in order to receive online services where biometric sensors are not attached, such as PCs, smart TVs, AI speakers, and ATMs, a separate authentication sensor must be attached to each device. However, AutoOTP is the only medium-independent biometric authentication technology that can be used by extending the smartphone’s biometric authentication device regardless of the type, since the device displays the AutoOTP code and checks it on the smartphone.
Although AutoOTP and mobile push-based authentication technologies look similar in operation, there are fundamental differences. Push-based authentication technology is a technology that checks whether a user has a valid user authenticator when receiving a push message. Basically it is a typical user authentication technique. On the other hand, AutoOTP includes a technology that allows the online service to submit an automatic OTP code to the user, compares it with the automatic OTP code generated by the user in the AutoOTP app, and approves whether the online service is a legitimate online service. Although push messages are received in the same way, push-based user authentication technology only performs user authentication, whereas AutoOTP performs user authentication with the online service provider simultaneously.
Experience fast authentication with AutoOTP
If you would like to experience the next-generation OTP technology designed to solve security vulnerabilities and inconveniences, please contact us.