A new technology called AutoOTP is drawing attention for maintaining the biggest strength of traditional OTP (One-Time Password) systems—device independence—while eliminating their vulnerability to man-in-the-middle (MITM) attacks.
OTP technology works by having the user submit a one-time password to an online service, which then validates it. Unlike biometric authentication methods such as fingerprint or facial recognition, OTPs do not require re-registration of biometric data for each PC or smartphone, making them widely used in environments like banks where employees must access services across PCs, mobile devices, and ATMs. OTPs combine the benefit of device independence with the security of not reusing the same password. However, OTPs have long been criticized for two weaknesses: if a user unwittingly logs into a fake service and enters an OTP, the one-time code can still be stolen, and users are burdened with repeatedly reading and typing six-digit codes.
To overcome these security limitations and usability issues, AutoOTP is now emerging through international standardization bodies. Unlike conventional OTP where the user inputs a code, AutoOTP reverses the process: the online service automatically generates and displays an OTP value, which the user then verifies via the AutoOTP mobile app.
Because the user validates the OTP instead of submitting it, they can confirm whether the online service they are connected to is legitimate. At the same time, they are freed from the hassle of reading and typing codes. Service providers also benefit, as they no longer need to operate different authentication methods for each device channel, improving operational efficiency across multi-channel services.
Thanks to its strong usability and security, AutoOTP is already being used by major banks, government agencies, and private companies in Korea.
Don Malloy, Chairman of the OATH Initiative—the organization that established global OTP standards—praised the technology, saying: “AutoOTP retains the universal device independence of traditional OTPs while defending against man-in-the-middle attacks. It is a next-generation authentication technology with tremendous potential for adoption and expansion.” He also pledged support for the worldwide spread of AutoOTP alongside traditional OTP to strengthen global cybersecurity.
Meanwhile, a representative from DualAuth, the company providing AutoOTP, stated: “Building on its adoption in government and financial sectors, AutoOTP will be released as freeware in line with domestic and international standardization schedules, so that the general public and all online service providers can freely use it.”