Can we do away with regular passwords by using OTPs for virtual expos?

    November 9th,2017

With a rise in the number of users getting online, data breaches have also increased. It is quite common these days to hear of user passwords being compromised. The most high-profile cases often include big names in the online space, and no one is immune to these data breaches. The obvious question to ask is: can we do better than have passwords? As the number of sites that users visit increases, remembering passwords becomes a difficulty, and most users resort to either re-using passwords across sites or using very weak passwords like ‘abc123’. Naturally, this is a recipe for disaster.

At HostMyExpo, we take the utmost care to ensure data privacy. As a result, we decided to try something different – namely, use OTPs and do away with passwords altogether. While we were not the first ones to try this out, this decision had its own trade-offs to consider. An SMS-based OTP is not guaranteed to arrive at its destination. There is probably nothing more frustrating than not being able to login because an SMS failed to arrive. Therefore, we decided to have redundancy built into the system, by sending the OTP to the registered email address as well.

By using an OTP-based mechanism, we effectively killed two birds with one stone. We solved the problem of users authenticating into the system, without the security risks associated with static passwords, as well as the problem of ensuring that the user credentials provided, like contact details, are accurate. In other words, we were able to obtain accurate registration data without users having to go through the additional step of having to verify that the information entered was accurate. They could complete the registration form, move directly to the login page, enter the OTP, and login.

We had a chance to implement this feature for a recently concluded virtual education fair. The result that we saw was that we had hundreds of unique logins from a database of modest size. All in all, over 1 in 3 users who had registered in our database entered the virtual expo, which was a fantastic result!