Skip to main content

About Email OTP

Signicat's Email OTP is an authentication method based on one-time passwords (OTP) sent by email.

Use cases

When an end-user wants to access your application that requires authentication, a typical scenario consists of the following steps:

Scenario 1
  • Your application backend starts an authentication session with Signicat Email OTP and directs the user to the authentication page.
  • The end-user enters their email address in the Email OTP authentication page.
  • Signicat Email OTP sends an email with an OTP code to the end-user.
  • The end-user uses the code to successfully authenticate.
  • You receive the end-user's email address as part of the response from Signicat.

In cases when you already know the email address of an end-user and the end-user wants to access your application, the scenario changes to:

Scenario 2
  • Your application backend starts an authentication session with Signicat Email OTP and directs the user to the authentication page.
  • Signicat Email OTP sends an email with an OTP code to the end-user.
  • The end-user uses the code to successfully authenticate.
  • You receive a confirmation (true or false) in the response from Signicat.

Although Email OTP alone does not provide a high level of security, from a technical standpoint there is nothing that prevents you from using it as a standalone authentication method.

However, it is more common and recommended to use Email OTP to boost an existing login process. In fact, Email OTP combined with any username/password-based login solution forms a two-factor authentication method.

Technical details

Here are some technical details about Email OTP:

  • An OTP code is six characters long. The code is a string of numerical digits. For example, 012345.
  • An OTP code is valid for three minutes. After that time, the OTP code expires and the end-user must request a new one.
  • The end-user can request up to three OTP codes within an authentication session. The authentication session window lasts for five minutes. After that, the end-user needs to start over.
  • An end-user has three attempts to enter the correct code. If authentication fails, the end-user needs to start over.
  • User authentication expires after 24 hours. After that time, the end-user receives a new OTP code when they try to access the service. Authentication expiration ensures additional security.

Language supports

Signicat Email OTP supports authentication flows in the following languages:

  • Danish
  • Dutch
  • English
  • Finnish
  • Greek
  • Norwegian
  • Swedish

By setting the language for an authentication session, you control the language of the text displayed to your end-users on the Email OTP UI.

User journey

When authenticating with Email OTP, the user journey looks like this:


Ready to see it in action? Follow the steps in the Setup guide to configure Email OTP in the Dashboard.