In this edition of the OneAuth reborn series, I'll be giving you an introduction to the new OneAuth's OTP authenticator and its backup-and-sync feature.
Check out the previous blog about passwordless authentication by OneAuth here.
Due to ever-evolving security threats, protecting online accounts has become more important than ever. Business organizations across the globe are rapidly moving towards implementing an additional level of verification for their online assets. Generally, people choose SMS-based one-time passwords (OTP) as their preferred mode of authentication, yet many security experts advise otherwise. There is no doubt that SMS-based authentication is better than relying on passwords alone. However, as hackers are becoming increasingly sophisticated, SMS-based multi-factor authentication (MFA) has a high chance of interception by them. In fact, towards the end of 2016, the U.S. National Institute of Standards and Technology (NIST) started the process of deprecating SMS-based MFA, as it is the least secure way to protect one's online accounts.
Speaking of MFA, the next best alternative for SMS-based OTP is the use of authenticator apps. They generate time-based one-time passwords (TOTPs) periodically that expire after 30 seconds. These authenticator apps are considered a better solution and more secure than SMS-based OTPs. This is because TOTPs are generated within a device, and have almost zero chance of being intercepted by external actors. They can also be used even when the mobile device is offline. However, a major concern with most traditional authenticators, including the ones from Google and Microsoft, is that if you uninstall the app accidentally, you will lose access to your accounts. OneAuth has solved that issue with its latest update.
Introducing OneAuth's OTP authenticator.
In the latest update, OneAuth has transitioned from just protecting your Zoho account to providing MFA for non-Zoho accounts too. Through OneAuth's OTP authenticator, you can configure MFA for your online accounts like Google, Microsoft, and Facebook, etc. Moreover, the OTP authenticator of OneAuth has a major advantage over traditional authenticators as it provides the backup-and-sync option for your OTP secrets. You can back them up securely to the Zoho cloud in an encrypted form to keep hackers away from your data. This way, you will never lose access to your accounts, even if you uninstall OneAuth from your device, as you can restore the OTP secrets whenever you want.
Additionally, if you've installed OneAuth on multiple devices, once the secrets are backed up, it will be synced with all of those devices. This means you don't have to rely only on your primary device for authentication. You can also use OneAuth's OTP authenticator even if you haven't signed up for a Zoho account. Learn more about how to configure the OTP authenticator for your non-Zoho accounts via our help guide.