# About SMS OTP

Signicat's SMS OTP is an authentication method based on one-time passwords on the SMS channel.

# Use cases

A typical scenario may be:

Scenario 1

  • An end-user wants to access your application that requires authentication.
  • Your application backend (via Signicat SMS OTP) sends an SMS message with an OTP code to the end-user.
  • The end-user enters the code and successfully authenticates.
  • You receive the end-user's phone number as part of the response from Signicat.

In cases when you already know the user's phone number, the scenario would be:

Scenario 2

  • You already know the phone number of an end-user.
  • An end-user wants to access your application that requires authentication.
  • Your application backend (via Signicat SMS OTP) sends an SMS message with an OTP code to the end-user.
  • The end-user enters the code and successfully authenticates.
  • You receive a confirmation (true or false) in the response from Signicat.

Although SMS OTP alone does not provide adequate security, from a technical standpoint there is nothing that prevents a customer from using it as a standalone authentication method. However, the recommended use case is to use SMS OTP boost an existing login process. SMS OTP, integrated with any username/ password login solution, will form a two-factor authentication method.

# Technical details

Here are some technical details about SMS OTP:

  • An OTP code is 6 characters long. The code is a string of numerical digits. For example, 012345.
  • An OTP code is valid for three minutes. After that time, the OTP code expires and the end-user must request a new one.
  • The end-user can request up to three OTP codes within an authentication session. The authentication session window lasts for five minutes. After that, the end-user needs to start over.
  • An end-user has three attempts to enter the correct code. If authentication fails, the end-user needs to start over.
  • User authentication expires after 24 hours. After that time, the end-user receives a new OTP code when they try to access the service. Authentication expiration ensures additional security.

# User journey

When authenticating with SMS OTP, the user journey looks like this:

Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide
Slideshow slide

Ready to see it in action? Follow the steps in the Setup guide to configure SMS OTP in the Dashboard.

Last updated: 10/10/2023 10:56 UTC