How comfortable are you with sharing OTP ?
Today, I went to Bank to enquire about some investment product. In middle of the healthy conversation, the banking representatives was quick to assist me in managing my mutual fund portfolio. Finding him so prompt and active I was quick to get his help. He soon opened the website in mobile browser, asked my mobile number and then ask the OTP received on my message. All it happened in quick time that ended up sharing the OTP. But sooner, I realized sharing OTP is risky. Be it anyone, and I stopped him from further processing of my request.
An OTP (One-Time Password) is a unique, temporary security code used to verify our identity during online transactions or logins. OTPs are usually delivered via SMS to your registered phone number, but can also be sent to our registered email or generated by a security token or authenticator app. We all have used OTP multiple times to login into banking site or various other apps. Even the crypto exchanges to authenticate through OTP. These OTP's acts as a second layer of security, providing an extra step of authentication beyond our password to protect accounts from unauthorized access.
Ever since this functionality is introduced to maintain the privacy and safety of our accounts. It was alwsys advised to keep it secret and not to share with anyone. It is a secret code which only the customer should be aware off. In my case, I was meeting the person for the first time. He has a good attitude towards entertaining the customers in bank. But when it comes to my fund security, I was quick to get alert. You never know how the scammers of phishers may attack us.
Sharing our one time password is a significant security risk because it allows fraudsters to gain unauthorized access to our accounts. Once the other person have the access they may end up making fraudulent transaction. In my case the bank representative after gaining the access of my portfolio can do anything. They can redeem, they can change details, or anything that may lose my ownership of the fund. Secondly, he was trying to login using his mobile browser instead official laptop. This is the reason that raised my security concern. When I stopped him from processing the request, he too understand my thoughts. He even pointed it with a smile, and I agreed to it. There is no harm to have complete control over own fund.
It is alwsys sensible not to share the OTP with anyone. With the OTP, a fraudster can log in to our account, change the password, and lock us out, giving them complete control. A person should alwsys remain alert, and try not to disclose it with anyone. And if you ever does that by mistakes in banks or any other place make sure to log out of the account. We have the right to cross check to avoid any mis conduct.
In good faith - Peace!!
Posted Using INLEO