What is One-Time Password (OTP)?
It is a unique 6-character code that can only be used once and is sent only to your registered mobile number in BDO Online Banking. After encoding your user ID and password, you will also be required to enter the correct OTP to complete the login process.
What is OTP authentication?
OTP tokens are usually pocket-size fobs with a small screen that displays a number. The number changes every 30 or 60 seconds, depending on how the token is configured. For two-factor authentication, the user enters his user ID, PIN and the OTP to access the system.
One-time password is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid a number of shortcomings that are associated with traditional (static) password-based authentication, a number of implementations also incorporate two factor authentication by ensuring that the one-time password requires access to something a person has as well as something a person knows (such as a PIN). Simple way ( OTPs a password that used in authentication once which then becomes invalid after usage)
The most important that is addressed by OTPs is that, in contrast to static passwords, they are not vulnerable to replay attacks. This means that a potential intruder who manages to record an OTP that was already used to log in to a service or to conduct a transaction will not be able to abuse it, since it will no longer be valid. Simple way OTPs work on static random numbers and they are valid for particular time interval and valid user can access the OTPs. eg banking OTP services only valid for 30sec and 60sec till the OTP received and not use. for eg use get opt and use in 10sec after they are invalid they are use only one time.
A 2nd major advantage is that a user who uses the same (or similar) password for multiple systems, is not made vulnerable on all of them, if the password for one of these is gained by an attacker. A number of OTP systems also aim to ensure that a session cannot easily be intercepted or impersonated without knowledge of unpredictable data created during the previous session, thus reducing the attack surface further.
How it works
1 . User can buy the xyz and submit the transaction for purchasing step 1
2 . Request go to the bank credit card/ net banking etc. send OTP to user step 2
3 . Request go to the Jrsys OTP server then generated OTP for valid user by the SMS Gateway step 3
4 . Then jrsys server send the OTP bye SMS/Email to user step 4
5 . Received the OPT user by SMS / Email and they are submit the OTP step 5
6 . Request go the server for verified the OTP Code send bye the user its wrong or correct for the transaction step 6
7 . Step 7 are working that case user can change the own mobile number for valid users.
3. Highly secure
Do not Share any one own OTPs Code.
Reference by :- Wikipedia.