One-time password (OTP) authentication, an online security feature almost unknown just five years ago, is commonly used by many Indonesians today.
By
Pradipta Pandu & Satrio W & Madina Nusrat
·2 minutes read
One-time password (OTP) authentication, an online security feature almost unknown just five years ago, is commonly used by many Indonesians today. Most companies providing digital services, such as ride-hailing apps and electronic wallets (e-wallets), now only require prospective users to register their mobile phone numbers. How can the application ensure that the prospective user is really the owner of that number? That\'s where OTP authentication comes in.
When someone signs up for a service through an app using his cellphone number, he will typically receive a text message containing a 4-6-digit code. The user will be asked to enter that code in the app. That code is called an OTP code. Because the OTP code is only sent to the registered number, it is assumed that only the party that controls the number can use the intended app.
OTP authentication systems have become increasingly popular in Indonesia during the last five years. Joel Kereh, founder of OTP service provider PT Citcall Teknologi Indonesia (Citcall), said at the end of January that OTP authentication was previously limited to securing online credit card transactions.
With the increased use of OTP codes sent via SMS to the registrant\'s mobile phone number, the use of email addresses and PINs to authenticate application accounts has become obsolete.
According to Joel, the OTP system has become more popular due to the increase in the number of digital start-ups in Indonesia. Numerous applications providing transportation services and online markets had begun using mobile numbers to register accounts. With the increased use of OTP codes sent via SMS to the registrant\'s mobile phone number, the use of email addresses and PINs to authenticate application accounts has become obsolete.
Joel said there were two reasons why start-ups generally used OTP authentication. First, it is secure. Given that the code can only be used once and expires within a few minutes, it is more difficult to hack. "You could say that even a long password is no safer than an OTP code. Why? Because the password is static, it does not change," said Joel.
The second reason is the convenience for users. Users only need to register with their cellphone number rather than create their account using an email address and password. The practicality of OTP makes it easy for people to use the application. "Sometimes prospective users may not necessarily have [an email address] to register with an application. There are a lot of cellphone numbers in Indonesia, right?" Joel said. (BKY/DVD)