Archives: Ideas
Get a List of ideas on various topics.
Here, you will find a collection of ideas related to various programming languages, career, business, and technology. These blog ideas help you to have good knowledge in your domain. You can find the latest news on major topics to keep yourself updated with the market.
Tutorials Class provides you a list of tools and resources for your projects and websites. You can also find some free stuff to download.
Build Login with OTP Authentication
How can we build Login with OTP Authentication? What would be the logic behind OTP login?
What is OTP?
OTP is generally A 4 to 8 digit One Time Password or One Time Pin. This is valid for only one login session or transaction.
Here, we will discuss logic and steps to build Login Functionality with OTP. We will cover the basics idea behind OTP Login, however you should take precautions and make it secure for using this logic production websites.
How to Make OTP Logic Secure?
- OTP should be sent only if phone or email is valid.
- Limit Login - You should limit login attempts so that there is minimum chance to guess the OTP by trying again and again. Therefore, after limit attempts, you should reset/delete the OTP from the database.
- OTP Expire Time - After a limited time you should make OTP expire. Therefore, always store OTP generation time along with OTP
- OTP Clear - After successful login, you should clear or reset OTP from the database. So that it can only be used ONCE (That's why called One Time Password).
Steps behind OTP Login:
- User will enter the phone number or email address to login
- if the phone number or email is not valid, send error
- If the phone number or email is valid, send OTP
- Store same OTP in the database along with OTP generation time, and OTP Attempt as 0
- User can enter given OTP to login
- If OTP is older than 5 minutes, clean OTP in the database, and show an error.
- If OTP Attempt in the database is higher than 3, clear OTP, and show an error.
- If OTP is wrong, Increment OTP Attempt in the database and show an error
- If OTP is correct, clear OTP in the database, and make login success
The algorithm behind OTP Login:
Step 1: Starts
Step 2: Enter phone/email to receive OTP
Step 3: if phone/email is not in database
show invalid phone/email error
Step 4: if phone/email is valid
insert otp & otp_time in database
send otp to phone/email
show otp_sent success message
Step 5: User enters otp to login
Step 6: if attempts > 3
do reset otp
show otp expires error
else if attempts_generation_time older than 5 minutes
do reset otp
show otp expires error
else if otp is not valid
attempt = attempt + 1
show login error
else if otp is valid
reset otp
show login success
Step 7: Ends
For additional security, you can track overall attempts in last 60 minutes, and if it is more than 10, block the user (in cookie or database) for 24 hours and show an error.