How It Works
Gridy OTP is an implementation of the One-Time Password algorithm detailed in RFC 6238 - TOTP: Time-Based One-Time Password Algorithm & RFC 4226 - HOTP: An HMAC-Based One-Time Password Algorithm .
What is a Time-based One-time Password (TOTP)?
TOTP stands for Time-based One-Time Passwords and is a common form of two-factor authentication (2FA). Unique numeric passwords are generated with an open standardised algorithm that uses the current time & a shared secret key as an input. The time-based passwords are available even when offline and increase account security when used as a second factor.
The TOTP algorithm
The TOTP algorithm follows an Open standard detailed in RFC 6238. The diagram below shows how two parties can calculate the same 6-digit passcode even when they are offline by simply inputting the shared secret key & current time into the algorithm.
Gridy's Multi Factor Authentication API service & Gridy Authenticator App support the TOTP Open standard RFC 6238 in addition to Voice, Face, Cube, Pin & QR Keys authentication. Get a Free API account here & add TOTP to your 2FA authentication workflow.
|
|
What is 2FA?
Two-Factor Authentication (2FA) adds an extra layer of security to an online account. Here’s how it works: When you log in, you enter your username and password, but instead of getting in right away, you’ll need to provide another piece of information. This can fall into three categories:
Something you know
A piece of information that only you should know, like a PIN or a Password.
Something you have
A physical item, like a device that could generate a Token or a Key
Something you are
A unique characteristic about you like your biometrics - Your Face or Your Voice
By using 2FA with these different factors, we can make it much harder for unauthorised people to get into our accounts and keep our information safe.
2FA + Usability
A recent study carried out on the usability of 2FA methods found that TOTP had the highest usability score compared to several other methods tested.
USENIX. A Usability Study of Five Two-Factor Authentication Methods
Study Highlights
Usability Survey Rankings
Passwords with no second factor had the highest SUS score, with a score of 95, followed by TOTP with a score of 88.75
Figure 3: System Usability Score (SUS) scores for five 2FA methods. |
Security and Inconvenience
We asked participants if the additional security would be worth the additional login time or inconvenience they might face when using the second-factor method. Several people (20; 29%) said the extra security was definitely worth the tradeoff, and an additional group (25; 36%) said that they would be willing to use 2FA depending on the importance of the account. Other participants (9; 13%) expressly stated that they would not be willing to use 2FA to gain additional security because the inconvenience was too high.
Positive Feedback
Given the weak usability results of previous 2FA studies, we expected an overall poor usability response. During the exit interviews, we were surprised at the number of participants that reported an overall positive experience using 2FA. Many participants wanted to use 2FA for some of their actual online accounts but were either unaware it was an option or were unsure how to configure it
Gridy Authenticator App
At Gridy we used the findings of this study when designing our Authenticator App - It was clear to us, many people would want to use 2FA but did not know it was available on their accounts nor how to configure it - we wanted to make setting up 2FA on an account inside our Authenticator app as easy & as simple as possible, that is why we have designed the Gridy Authenticator App to help & guide a User through the process with easy to follow account specific instructions & short video tutorials.
Download the Gridy Authenticator app from your App store & add 2FA to your online accounts today.
The Gridy ID API service & Gridy Authenticator App offers support for TOTP authentication in addition to Voice, Face, Cube, Pin & QR Keys authentication. Get started with our TOTP sample application here.