When the OneTime Password system was first introduced and is now used by thousands of online businesses, the goal was to reduce fraud and protect user data through two-factor authentication as a means of authorization. And need we say that this has proven to be very effective for many years, as left for few cases of phishing, safety and security of online transactions have been ensured using this method.
However, when you are using the Voice OTP service as your chosen option for OTP delivery, there are some dos and don’ts. In other words, there are some things you need to take into consideration in order to both get the best of this service and also avoid incidents of fraud and scam.
We are going to consider some Voice OTP best practices for both the business owner setting up Voice OTP and also the user who receives Voice OTP.
Voice OTP Best Practices for Businesses
If you are a business owner who owns a website or application that requires the use of Voice OTP, here are some of the best practices you should take note of:
- Length of OTP Code Digits: When it comes to the length of digits for your OTP code, a lot has been said. While some are of the opinion that the length doesn’t matter, others have the view that the shorter the number of digits, the easier it is for potential hackers to figure it out. Well, there hasn’t been any agreement on how long Voice OTP codes should be, but six (6) digits and above have generally been found very effective. Over Voice, however, it can also be argued that it should be shorter, so your user can grab the code easily.
- Set Time for Expiration: You should know by now that OTPs have a particular time period for which they can be used, after which the password expires. The way it is with SMS OTP is the same with Voice. Now the question is: “How long should you set the expiration time?”. For this also, there is no answer cast in stone. But following the principle upon which the development of expiration time comes from, it shouldn’t be too long. Between 2-3 minutes is recommended. But if there is a need to increase the length of time, then there should be a corresponding increase in the length of characters or digits. All these measures are to ensure the process is well secured.
- Number of Repetition for Voice OTP: While programming your Voice OTP via API, there is the option to determine how many times the digits or code would be repeated in one phone call. This has been put into consideration in provided Voice OTP classes. While there are also no rules guiding this, it is recommended that you go for 2 times and above. This would help those who might not get the code correctly the first time to do so when repeated. Note that the number of times you set for the audio to repeat the Voice OTP code would also determine the cost. See OTP classes and their pricing here.
Voice OTP Best Practices for Users
For a user of a service that would be required to authenticate identity or authorize transactions using Voice OTP, here are some of the best practices you should be aware of:
- Phone Number Provision: Since Voice OTP would generally come in as a phone call on your provided phone number on the website or application you are transacting with, it is important to provide valid and active phone numbers. Also, if your phone number should change for some reason, it would be good to update this on the website in question, in order to guarantee Voice OTP delivery success.
- Answering Voice OTP Call: When answering Voice OTP calls, it has been advised that the customer or OTP user listens to the call in secret, i.e. placing the phone to your ears or using an earphone. Playing out Voice OTP audio through a loudspeaker would work against the goal of secrecy and security that is the aim.
We believe that as a business owner using Voice OTP for your customers and as a customer who is at the receiving end of Voice OTP, you would find these best practices beneficial in your use of this service.
Would you like to send a voice OTP right away to a phone number for as low as N1.50K? Try it here. You can also learn how to integrate this on your web and mobile app via API here.
For questions and inquiries, the numbers to call are 07034243326 | 08035515868.