Solved

ONE TIME PASSWORD (OTP) by SMS

Posted on 2010-11-18
14
1,091 Views
Last Modified: 2013-11-10
How can i implement OTP or one time password sending by sms to users those who try to register on the website
0
Comment
Question by:techp
  • 7
  • 7
14 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34166366
Can you already generate the OTP and store it in your data base?

To send SMS, you might want to learn about these folks:
http://www.twilio.com/

This might be helpful, too.
http://www.slipstick.com/outlook/smscell.asp
0
 

Author Comment

by:techp
ID: 34168172

 no database of OTP
 mainly looking for OTP provider
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34169716
Not much help here.  
http://lmgtfy.com?q=OTP+provider

Can you describe the way you would use an OTP provider service?  I could write one for you.  Guaranteed unique passwords, etc.
0
 

Author Comment

by:techp
ID: 34170257


  the website has user account registration. In registration it is must to enter mobile number
  on next step of registration it needs to enter password obtained from mobile . if it is wrong entry the   registration cannot complete .
 
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34173009
OK, I think I understand.  Have you set up your account registration page yet?  If so, can you please post a link to the page so I can see what it looks like?

Would you want to use the OTP as a web service?  Example: You send the service an API key and a mobile number (from the registration) and the service replies with a unique password.  You could either store this password in your own data base, or you could call the web service again with the mobile number and the client password.  The service could tell you Yes or No on a match.
0
 

Author Comment

by:techp
ID: 34174000

  it is like below

  username---------
 password----
  location-----------
  mobile number----------- press next.....enter activation code
  sending an sms to mobile number
  user checks his mobile and gets a activation code
  user enters activation code.....registration of username successfully completed

  in this activation process , how it can make in the website
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 34175952
OK, I think the design pattern works like this.

User enters the data and submits the form.  The action script generates the OTP activation code and stores it along with all the other user information in a data base, along with an indicator that says "unconfirmed."  It sends the SMS message with the OTP activation code.  Then it presents a page to the user with a form to receive the activation code.  When the user gets the OTP, she submits the form with the activation code.

I think I would design it so the user is not required to complete all the steps at once.  There should be a link or some other way for a user to come back later and put in the activation code at any time.

Anyway, when the activation code is successfully presented, the "unconfirmed" indicator is changed to "confirmed" and you have a live one on the rail.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:techp
ID: 34178698

 
 yes you are correct
 
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34183354
OK, great - is there a question remaining, or are you able to write the programming now, or do you want to hire a developer?
0
 

Author Comment

by:techp
ID: 34183403

 not hiring any developer ,  web developer is developing the website . I dont think they will do this programming .... so i need to know OTP providers in the market . (like sms gateway provider)
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34183516
Why wouldn't the web developer do this programming?  It's a crystal clear design pattern and very easy to program.  In addition, you would have an absolute requirement to keep the OTP on your servers, so why not just generate the OPT on your servers?
0
 

Author Comment

by:techp
ID: 34183686

 i am not a programmer , so it is difficult to understand logic . i heard about sms gateway so that a user can send sms from the website . In this case web developer only keeps API of sms gateway on the website . In OTP case , not only sending sms , it has to send different codes and also when user enter the code it should match . is it possible to do by sms provider companies those who provide OTP . How it can match the code when user enters .

 i gave contract for web development , they told they can link sms gateway API if i register with sms providers . My doubt , for OTP does it need to do more things
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 34183751
Copy the information here: ID:34175952.  Show that to your developer.  If they understand and can help, great.  If they don't, get a new developer.  If you are not a programmer it doesn't do us much good to try and discuss programming.  It would be like talking German to someone who does not speak German.

Best regards, ~Ray
0
 

Author Closing Comment

by:techp
ID: 34300936
not exact answer
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Healthcheck 2 83
Amazon Redshift 2 25
IIS Authorization for Web Service 2 21
Randomize in Owl Carousel v1.3.2 6 19
Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
JavaScript has plenty of pieces of code people often just copy/paste from somewhere but never quite fully understand. Self-Executing functions are just one good example that I'll try to demystify here.
Viewers will learn about the regular for loop in Java and how to use it. Definition: Break the for loop down into 3 parts: Syntax when using for loops: Example using a for loop:
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now