Log In | Subscribe | | |

Let's make all logins use an OTP

Editorial Staff

This conversation did not happen but it's easy to see how it might have done... An On Line shopping service brings in an IT Security Consultant.

IT Security Consultant: so, here's the plan. We will ask customers to give us their credit card information but we won't give them the option not to store it. And at least part of it will be visible on our system via the "My Account" section.

Company: OK

ITSC: That means there is sensitive information on our system, along with full residential address, etc. So we need to make it difficult for anyone to gain access to someone's account through their login. We should use OTP

Company: What's that mean?

ITSC (pleased with himself) It's a One Time Password. The system generates it and sends to the customer via SMS and the customer then inputs the OTP to gain access.

Company: What about people who don't have a mobile phone?

ITSC: they aren't going to be using your service. You are trendy, hip, aimed at young people. They always have a phone with them.

Company: OK, that almost makes sense with our positioning in that they will all have a mobile of some sort but that doesn't mean they always have it with them.

ITSC: I'm sorry, I don' ... sorry, I just have to take this [he turns away as if by doing so he creates some kind of privacy. The company representative clearly hears his conversation which is about his dog throwing up in the kitchen and whoever is telephoning screaming that it's the last time and she's going to leave the dog on the edges of a golf course and drive away]. As I was saying, I don't think that's an issue - your research shows that the vast majority of your customers will use the App so they will have the phone in their hands. [his mobile rings again, the same ritual but he doesn't get a word in before the screeching voice on the other end says "now he's shitting all over the living room carpet, it's your dog, you deal with it. I'm leaving." Flushed, but not in a toilet way, the ITSC turns back. ] I'm sorry about that, a tiny crisis at home, our dog's not very well and my wife is upset.

Company: Your argument is that we should assume that everyone has a mobile and they know where it is and can pick it up at any time?

ITSC: well, yes, that's how it is.

Company: clearly so in your case [there is silence]

Disclaimer: 

Conversazioni Fittizie is satire. That means it's not true. It is comedic writing with an edge. But it's not true. So, because we make that clear, we cannot be sued for libel. If you read our material anywhere else on the web, it has been copied without our consent. We specifically deny any right to reproduce our material for any purpose whatsoever, including in the USA where people steal all kinds of stuff, then put a note on it saying something like "I don't own this - I'm just posting it for education and/or research purposes. Well, screw that: this is pure entertainment. No education or research value here. If you want to copy our content, do a syndication deal and pay for it. People who illegally copy and republish our material are criminals. Further, this is satire. If you believe it you're an idiot and should not be allowed near deep water, traffic or a computer. Nothing in the above article is true. The conversation did not happen. At all....