Are Email One-time Passwords Secure?

  • Home
  • Blog
  • Are Email One-time Passwords Secure?
Perth's Managed Service Provider for Small Business
Blog Are Email One Time Passwords Secure

Email One Time Passwords are no longer deemed Safe!

As you know, small businesses are an increasingly popular target for hackers. We have recently seen an increase in hacking attempts targeting the tools small businesses use on a daily basis, such as CRMs, Accounting packages and Online File Sharing platforms. For this reason, we implore all our customers to use Multi Factor Authentication (MFA) also referred to as Two-factor Authentication (2FA) which are third-party identity management tools.

One of our next steps towards safeguarding your business is the awareness of how One-time Passwords (OTP) or Time-based One-time Passwords (TOTP) being delivered via email creates vulnerabilities of your online accounts. While we understand the feature’s convenience, its protective security power is decreasing. In the past year it has become more common for attackers to gain access to a target’s email during a compromise. Unfortunately, that means email can no longer be viewed as a secure channel for product authentication. In this, NETCorp uncourageous all to remove this type of Identity Management from your daily practices.

Email One Time Passwords are no longer deemed Safe!

As you know, small businesses are an increasingly popular target for hackers. We have recently seen an increase in hacking attempts targeting the tools small businesses use on a daily basis, such as CRMs, Accounting packages and Online File Sharing platforms. For this reason, we implore all our customers to use Multi Factor Authentication (MFA) also referred to as Two-factor Authentication (2FA) which are third-party identity management tools.

One of our next steps towards safeguarding your business is the awareness of how One-time Passwords (OTP) or Time-based One-time Passwords (TOTP) being delivered via email creates vulnerabilities of your online accounts. While we understand the feature’s convenience, its protective security power is decreasing. In the past year it has become more common for attackers to gain access to a target’s email during a compromise. Unfortunately, that means email can no longer be viewed as a secure channel for product authentication. In this, NETCorp uncourageous all to remove this type of Identity Management from your daily practices.

Time to stop using emails for One-time Passwords

We urge all customers to employ a third-party mobile app for TOTP, such as Google AuthenticatorMicrosoft Authenticator, or Authy. Third party identity management tools can also be used instead of TOTP (as long as they comply with the OpenID Connect standard.)

The Australian Cyber Security Centre describes MFA as “Multi-factor authentication (MFA) is a security measure that requires two or more proofs of identity to grant you access.” If you would like to know more about, What is It? How does it work? Or Why? Then you can find more resources here on the ACSC website.

Here are a few How To articles on setting up MFA for popular services:

If you have any questions or concerns, please submit them here on our Support page or contact your NETCorp Support Team directly. NETCorp is here for you!

Thank you for your help in keeping you and your clients secure!