About Email OTP
Signicat's Email OTP is an authentication method based on one-time passwords (OTP) sent by email.
Use cases
When an end-user wants to access your application that requires authentication, a typical scenario consists of the following steps:
- Your application backend starts an authentication session with Signicat Email OTP and directs the user to the authentication page.
- The end-user enters their email address in the Email OTP authentication page.
- Signicat Email OTP sends an email with an OTP code to the end-user.
- The end-user uses the code to successfully authenticate.
- You receive the end-user's email address as part of the response from Signicat.
In cases when you already know the email address of an end-user and the end-user wants to access your application, the scenario changes to:
- Your application backend starts an authentication session with Signicat Email OTP and directs the user to the authentication page.
- Signicat Email OTP sends an email with an OTP code to the end-user.
- The end-user uses the code to successfully authenticate.
- You receive a confirmation (true or false) in the response from Signicat.
Although Email OTP alone does not provide a high level of security, from a technical standpoint there is nothing that prevents you from using it as a standalone authentication method.
However, it is more common and recommended to use Email OTP to boost an existing login process. In fact, Email OTP combined with any username/password-based login solution forms a two-factor authentication method.
Technical details
Here are some technical details about Email OTP:
- An OTP code is six characters long. The code is a string of numerical digits. For example,
012345. - An OTP code is valid for three minutes. After that time, the OTP code expires and the end-user must request a new one.
- The end-user can request up to three OTP codes within an authentication session. The authentication session window lasts for five minutes. After that, the end-user needs to start over.
- An end-user has three attempts to enter the correct code. If authentication fails, the end-user needs to start over.
- User authentication expires after 24 hours. After that time, the end-user receives a new OTP code when they try to access the service. Authentication expiration ensures additional security.
Language support
Signicat Email OTP supports authentication flows in the following languages:
- Czech
- Danish
- Dutch
- English (default)
- Finnish
- French
- German
- Greek
- Italian
- Norwegian
- Polish
- Spanish
- Swedish
You can define the language displayed on the screens during an authentication session with Email OTP. Learn more in the UI language page.
User journey
When authenticating with Email OTP, the user journey looks like this:
Ready to see it in action? Follow the steps in the Setup guide to configure Email OTP in the Dashboard.