About Email OTP
Signicat’s Email OTP is a simple identification method based on one-time passwords (OTP) sent by email. This is a typical scenario:
- A user accesses a service that requires some sort of identification.
- A merchant sends an email with an OTP code to the user.
- The user enters the received code in the merchant’s application.
- The merchant receives the user’s email in the response from Signicat
Although this method alone does not provide a high level of security, from a technical standpoint there is nothing that prevents a merchant from using Email OTP as a standalone authentication method. However, it is more common and recommended to use this method to boost an existing login process. Email OTP integrated with any username/password login solution will form a 2-factor authentication method.
Use case example: Simple authentication during signing
The end-user is in a store and has accepted the merchant’s offer to buy insurance for a purchased product. The merchant needs a signature from the buyer and sends the signature document via a URL. In this example, the merchant uses Email OTP as the sole authentication during the signature process.
- The user opens the document (URL) and selects Sign document.
- The user enters an email address. The OTP code is sent to the registered email address.
- The user enters the OTP code and selects Continue to sign the document.
Here is an example (image slider) of this signature process:
For another example on how to sign documents, see Full-flow example.
Integration via Signicat
Signicat Email OTP can be integrated into your application with minimal effort. The technical integration with the Email OTP service is identical to all other ID-solutions that Signicat supports. See Get Started with Authentication for more information. Through the single point of integration, you will get access to Signicat’s wide portfolio of integrated ID methods, not only Email OTP, but also other services like signing, identity paper verification and lookups.
There are a number of configuration possibilities for the Email OTP method, including:
- Possibility for the user to enter/change the email address before entering the OTP code.
- The length of the OTP codes, downward limited to 4, with no upper limit.
Here is a sketch of the data flow:
The authentication method name for Email OTP is scid-email (see Demo Service).
Getting started with Email OTP is easy: you just need an agreement with Signicat.