It seems that just about every other day I read about a new security breach. A new loophole being compromised, resulting in millions of individuals’ personal information being stolen and sold to the highest bidder. Part of the reason that this happens so often is because most individuals don’t bother securing or supplementing their login credentials. OTP Authentication provides an answer to that particular problem.
We live in a time where a username and password just isn’t enough anymore; it’s a time where dictionary and brute force attacks can be carried out in minutes, or hours rather than days. The need to increase security to protect one’s sensitive data has never been more evident.
Unfortunately, It’s also never been more expensive.
Securing Your Data – a Two Factor Approach
A quick Google search for “2FA Vendors” will provide you with endless options for securing your network and increasing security, but the price tag on these shinny solutions is enough to scare away even the healthiest IT budget.
Top competitors in the 2FA market focus more on the peddling of their hardware tokens than actually providing cost effective, one time password options. Yes, a hardware token can be very secure, as it falls into the “something you have” category, but what happens if Ed from Accounting forgets to remove it from his pocket before his wife runs a load of laundry? Small mistakes like this, compounded over thousands of employees, can be a big hit on the IT budget when it comes time to replace them.
That is why having a flexible OTP Authentication system in place is always a best practice for secure authentication. Why hang yourself by limiting your own access to just one secure method? A strong, secure backup will still protect your data, even from your own mistakes. There are a lot of options out there for OTP Authentication, just take a look at our list discussing the various One-time Password: Pros and Cons.
Tokens, Tech, and Security
Tokens certainly do have a default connotation of increased security; they are hard to replicate, and they are each filled with enough tech to confound or at least massively slow down the typical attacker. But who says high tech is the only way to go? There are other methods that an organization can leverage to help curb the high cost associated with 2FA.
One Example of Token Tech
Take a look on the more typical technological end of the spectrum: SMS text messaging, mobile authenticators, and phone call OTPs are all cheaper and/or free OTP Authentication methods to deploy. That being said, these particular methods do require additional resources from your end users and organization (i.e. personal/corporate cell phones, VoIP services, etc).
All of these options are great, clean ways to deliver an OTP to your end users, but they still rely heavily upon other hardware to accomplish. These OTP authentication methods are still on the higher end of the technological spectrum, and there are always ways in which that technology could fail or become unavailable.
What happens if your phone lines are down, or your end users have no cell phone reception or battery? How will you end users login without their secondary device?
Ok, so it may be highly unlikely that this exact scenario would ever happen, but it never hurts to have a fall back option just in case.
Printed OTP Authentication
What if I told you that there is a way to continue to provide your end users with a secure OTP delivery method, should the aforementioned ever occur? Think back to your childhood school days, when computers consisted of one green & black screen Apple for each classroom. A time when a number 2 pencil and a blank sheet of paper where your only methods on recording information.
Paper, so old school we might as well be talking about stone tablets. Low spectrum or not, however, Printed OTP Authentication is an inexpensive resource that can be leveraged to provide your end users with another OTP delivery method
The use of Printed OTPs can provide your end users with a simple fall back option that can easily be secured in a wallet or purse. This is arguably the most secure OTP Authentication option, as everybody’s most critical documents such as their ID,
Insurance information, and credit cards stored and protected by each individual. I’m not just making this up either; Bruce Schneier has been advocating for similar security strengths of writing down strong, secure passwords to keep from forgetting them since as far back as 2005!
As far as OTP Authentication goes, the printed option holds all of the strength the Token and Mobile OTP methods have, despite their lack of technological integration. The server keeps an encrypted record of the OTP codes that were created and are still available to use. Once one is used to validate or supplement a login, the server marks its encrypted equivalent as used.
The benefits for this OTP authentication method are its lack of dependency on technological function. Of course, the server still needs to be online and functioning, but that requirement is static across the board. Short of that, any other tech failure that would hinder other OTP authentication methods will have no effect on the printed OTP.
Low Tech for the win!
After completing a printed OTP Authentication all that is required by an end user is to cross it out and move on to the next. Rinse and repeat until they require a new sheet of paper! If you’re interested in another take on this OTP delivery method, there is a pretty fun and interesting explanation of the process over at Quuxlabs where they discuss ‘Gutenberg’ OTP Authentication. Give it a read!
Old School and New School – Together at Last
You’d be right in saying that this is definitely not cutting edge technology, but it does meet the “something you have” criteria for proper two factor authentication that another alternative such as email would not meet.
In conclusion, finding a solution that provides you with flexible OTP Authentication options is an intelligent choice. Although the allure of fancy high tech OTP delivery options is hard to resist, it doesn’t hurt to go old school and help save your organization’s bottom line with a simple and cost effective alternative. Who said cutting edge was always the best? For OTP Authentication, the old ways can often be some of the strongest.