How is CubePlus App code and external TOTP better than SMS OTP?
SMS OTP has been a common choice for Two-Factor Authentication (2FA) across various industries. However, in the dynamic realm of capital markets, Tradejini acknowledges certain drawbacks associated with using SMS OTP for 2FA:
High Traffic Times: During market openings and volatile instances, due to surge in user logins the SMS delivery may be delayed.
Regulatory Logouts: Regulatory requirements force users to log out of the trading platform daily, exposing them to the risk of SMS non-delivery or delays each time they log in.
Telecom Dependency: Relying on telecom networks for SMS delivery poses a systemic risk to trading platforms, especially when authentication needs to be executed on a large scale.
Security Concerns: SMS, being an insecure and non-encrypted protocol, can be accessed off the air using hardware close to the device. Additionally, simple social engineering attacks like phishing can lead to SIM hijacking.
Advantages of CubePlus App Code and TOTP over SMS OTP 2FA:
Cryptographic Security: The CubePlus App Code is cryptographically secure, ensuring that only the intended recipient can access the message.
Time Validity: The CubePlus App Code (TOTP) is valid for only 30 seconds, with a new code generated once the previous one expires.
Additional Authentication Layers: TOTPs are behind an extra layer of authentication, such as biometrics, and can be stored and generated on a hardware device.
No External Connectivity Dependency: CubePlus App Code and TOTPs do not rely on external network connectivity like an SMS gateway, ensuring reliable authentication.