What are One Time Passwords?
In today's fast paced world, what is a password still worth? Numerous cases show that a verification based upon a single factor can prove to be a bit thin. In 2012 both Yahoo! and LinkedIn had to report stolen passwords, same for Twitter in 2013. Next to hackers, there is the threat of phishing, brute force and man-in-the-middle attacks. If someone obtains your password, they are in.
One Time Password (OTP) creates an extra layer of authentication based on something you know and something you have. During the authentication process an extra password is required. That password is used only once, is valid for a limited time and generated on the spot. Sometimes this password is generated by a key ring that spits out a new number every so-many seconds. Nowadays you see more and more OTP’s being generated online and sent to you through an app, an SMS text message or a voice message. Now you need more than a password to log-in on someone else’s behalf. An extra factor of authentication is added, that is why OTP is also called a two-factor authentication (2FA) method.
In practice it is really simple. After you have entered your username and password you will be prompted for an extra code. This code will then be generated on a server and send to you by push notification (received by an app), SMS or voice message.
Why do you need a SMS gateway?
SMS Gateway is a system that is able to send text messages to telecom providers who, on their part, deliver that text message to the end-user . This is specialized technology and requires connections to the telecom providers. Authentication providers such as SafeNet do not have this possibility. That is why they've teamed up with CM, because SMS is CM’s core business.
As user of an authentication solution you are free to choose which SMS Gateway you wish to connect to. There are several factors to take into account when selecting one. Most important factor for OTP is latency. How long will it take to for the message to arrive at the end-users phone? You don't want to wait for the message to arrive, if the delays are really long, it might even happen that your OTP is no longer valid. Remember that most OTP's are only valid for 30 seconds. That is why you want the latency to be really short. Another factor you want to account for is service availability. Because, if your SMS Gateway is down or when there are problems and you are not able to reach your gateway provider your users are not able to login. Final factor is price, you will pay per SMS sent. SMS prices can differ quite a lot between gateway providers and it might prove worthwhile to compare several prices.
To sum up; OTP adds an extra factor to your authentication process and the SMS gateway makes sure the OTP is delivered quickly to your cell phone.