OTP Library

Bad passwords leave the front door open to attacks. People tend to create passwords, which are easy for them to memorize. Only half (47%) use a combination of upper and lower case characters. Only two-thirds (64%) use a mix of letters and numbers. These weak passwords are shared across different systems making the whole ecosystem vulnerable. While it is easy to shift the blame to users of the system, it is important to improve the security posture of the systems as well. Current systems, which completely rely on user passwords, put the onus on the users, rather than sharing some security responsibility. One Time Password (OTP) technology allows single use passwords to be delivered/used in an out of band manner to strengthen the authentication process by utilizing “what you have” (i.e. mobile device) rather than simply “what you know” (i.e. password). GS Lab’s One Time Password Library enables 2 Factor Authentication (2FA) to help improve security posture while retaining user convenience.

OTP Library helps organizations enable 2FA for Java/J2EE business critical applications. It is standards based with support for HMAC-based OTP (HOTP) and Time-based OTP (TOTP) standards. It works with free, off-the-shelf Google Authenticator mobile application to provide a user-friendly experience. There are no costs associated with OTP delivery using SMS/text messaging. A user onboarding is simplified using QRCode technology. The integration process with Java/J2EE application is simple and straightforward requiring minimal effort. OTP Library supports advanced features like throttling (number of invalid attempts after which user account should be disabled), encryption, etc.