Web Hosting How-Tos

  Home arrow Web Hosting How-Tos arrow Page 4 - One-time Passwords - Tight Security fo...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
  >>> SIGN UP!  
  Lost Password? 

One-time Passwords - Tight Security for Sensitive Data and Responsible Users
By: Blue Moon
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 9

    Table of Contents:
  • One-time Passwords - Tight Security for Sensitive Data and Responsible Users
  • What Exactly is OTP?
  • OTP and Web Hosting
  • Where on the Web is OTP?

  • Rate this Article: Poor Best 
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article




    One-time Passwords - Tight Security for Sensitive Data and Responsible Users - Where on the Web is OTP?

    (Page 4 of 4 )

    Despite the abundant offerings for OTP products for the Web, OTP is still not very popular, at least not for the general public. Though OTP products for the enterprise often offer Web-based OTP as an option, used alone or in combination with other security measures such as PKI authentication and static passwords, OTP solutions are not widely deployed.

    There are many potential areas of application for OTP on the Web from FTP access, to mail, to online banking and e-commerce. These are all areas where unauthorized access gives a lot of headaches to site owners and common users.

    While it is more or less obvious why online banking and e-commerce demand increased levels of security, with FTP and mail it is probably not so clear. Offering access to an FTP site with full read, write, and execute privileges is like welcoming hackers to cause damage to your site by uploading whatever content they like and deleting the stuff that does not appeal to them. Since most sites use FTP for uploading their content, it is not difficult to guess what might happen. Yes, there are FTP clients and servers that implement OTP, but as with most other areas, it is an exception rather than a standard.

    With mail, similar issues due to unauthorized access arise. But unlike FTP, if a malicious user knows a person's email password, he or she can change it. This makes it possible to deprive the user of his or her mailbox, especially with those providers who do not offer a service that allows a forgotten (or more precisely stolen) password to be mailed to an alternative address. I do not claim that I have checked every single mail provider on Earth, but my humble efforts to find at least one free provider that implements OTP were absolutely unsuccessful. Even mail services that offer 2048-bit encryption do not offer OTP access!

    With online banking and e-commerce there are even more OTP solutions, and this is one of the areas on the Web where OTP is most used. Generally, OTP is implemented together with other techniques. For instance, OTP may be transmitted via SMS to a mobile phone or mailed as a printout rather than sent to the user in an email, or time-based passwords that expire in a predefined amount of time are used. Sometimes several one-time passwords are used to complete a single transaction. Most of the time, OTP is only one form of authentication, and used in conjunction with hardware tokens.

    Despite its disadvantages, it can be predicted that OTP will become more widely used as user concern about data security grows and users become more demanding about what service they get on the Web. But the coin has two sides; users must get used to the fact that tight security for sensitive data cannot be accomplished without their active and responsible participation. Otherwise, there is no technology that can stop identity theft and financial losses.

    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.


    - Phishing Scams: An Overview and How to Detec...
    - Tips for Safe Downloading Online
    - How To Avoid Spam
    - How to Get Into Ethical Hacking
    - How to Prevent Drive-by Downloads
    - Facebook Timeline Tips and Tricks
    - How to Keep Up with Facebook`s Changes
    - Wi-Fi Network Security Tips
    - Tips for Safe Online Holiday Shopping
    - Facebook Privacy: Keeping Up with the Const...
    - Tips for Facebook Privacy
    - How to Cover Your Tracks on the Web
    - SSH Keys for FileZilla and Putty in Cpanel
    - How to Create a Filezilla FTP User
    - How to Install FileZilla Server

    Developer Shed Affiliates


    © 2003-2018 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap