Blog/ Technology

One-time Passwords (OTPs): Benefits, Use Cases, and Best Practices

One-time Passwords (OTPs): Benefits, Use Cases, and Best Practices

One-time passwords (OTPs) have become commonplace. Our banks use them for money transfers, ecommerce sites use them for password resets or unrecognized devices, and government sites use them for secure logins — they’ve become integrated into our everyday.

But have you considered using OTPs at your attractions venue? They are fantastic for increasing online security for guests using your website and have many uses, such as multi-factor identification, account recovery, and payment confirmation. 

We discuss this and more, including OTP benefits and best practices, in this article, so keep reading!

What is a one-time password?

A one-time password (OTP) is a password that is sent to a user as they attempt to log into one of their accounts. For example, if they are trying to log into an online account, an OTP may be sent to their mobile number or email address to confirm that the person logging in is who they say they are. 

OTPs have a short validity period and can only be used once to verify a single login session or transaction. 

Why are one-time passwords important?

OTP’s are important because they provide an extra layer of security for users. Suppose you think about what might happen in the case of a hacker seizing your laptop and trying to access your accounts. Even if the hacker had your computer and your login details, the accounts that require OTPs to enter could not be accessed by the hacker unless they have also stolen your mobile phone. This way, OTPs provide your accounts with a valuable extra layer of protection. 

Further, if a hacker manages to capture one OTP, they cannot reuse it in a subsequent attack. And even if a user's credentials have been compromised due to a phishing scam or malware that captures keystrokes, OTPs can still provide protection.

One-time password use cases

Businesses utilize OTPs as a security measure to protect their applications from possible attacks that could exploit credentials. Let's look at some common situations where OTPs are typically employed.

Multi-factor Authentication (MFA)

The primary use for OTPs is for MFA purposes. MFA is as it sounds — confirming a user's identity multiple times. Generally, it is once when they enter their login credentials and a second time using an OTP. 

Today, MFA has adopted OTPs as its primary technology, and many large corporations use them.

Payment confirmation

Many financial and banking companies and applications use OTPs to confirm payments. 

Often, they are used to confirm a payment made from a user to a third party, especially if it is a first-time transaction. This ensures that the payment was intentional and decreases the fraud risk.  

Account recovery

OTPs can also be used to help a user recover their accounts if they forget their credentials. As no one else will generally know these credentials to help, sending an OTP to the user's linked email or mobile number is the easiest way to recover their account.

One-time password best practices

So now that we’ve explained the benefits of, and use cases for OTPs, let's look at some of the best practices to implement when using them.

Send OTPs via SMS

Sending an OTP via SMS is ideal because most everyone has a mobile phone, and it’s easier to quickly view an SMS than access an email. 

Generally, users can see the OTP SMS pop-up on their phones and enter the code without even opening the SMS. Email takes a little longer — even if they don’t have to find a computer and log in, and their email account is accessible from their phones, users still have to open their email account and go into the email to retrieve the code. So, comparatively, using SMS will enhance the user's experience. 

Regarding the attractions industry specifically, SMS OTPs have the power to increase conversion rates if a user needs to login to their online account to complete or manage a booking. For the reasons mentioned above, retrieving an SMS is a seamless process, encouraging the guest to continue with their online transaction — and perhaps even return for additional transactions.  

Finally, SMS engagement rates are generally higher than for email — text messaging has 6X the engagement of email.

Read this next: Why You Should Consider Using SMS With Your Guests 

OTPs benefit both guests and venue operators

OTPs are a great way to boost online security and guest convenience at your venue. 

OTPs make guests feel safe knowing their online information is thoroughly protected, and they give venue operators peace of mind regarding information security and combating fraud, with the added bonus of a quick and frictionless online experience for their guests.

Online accounts with OTP:

  • Give guests control over their bookings and save your staff time by allowing guests to create their online account to view tickets/memberships/giftcards, use a membership or gift card to purchase tickets, cancel their membership, or add a saved payment method.
  • Guests can log securely into their online account with an OTP code sent via either SMS or email. We recommend using SMS as it’s the fastest way for guests to log in, resulting in higher online conversion rates. It’s also a great way to verify that your marketing contact data for your guests is up to date. Charges apply for SMS.
  • ROLLER's online accounts feature is currently in beta, launching soon.

Reach out for a demo to learn how ROLLER can help keep you and your guests data secure, as well as help support your venue by removing friction from the guest experience as it relates to buying tickets, processing waivers, checking in guests, collecting guest feedback, and much more!