Money transactions became very easy after the onset of online banking. Transferring money, paying bills and debts are all just a few clicks away. But with these increasing online transactions, security became the prime concern. Username and password or ATM pins were not enough. So banks started taking extra precautions to increase security and prevent fraudulent activities. OTP (One Time Password) is one of the best authentication methods banks use to decrease this risk level. With every transaction, the user receives a 4 to 8 digit code which is valid for only one use and expires in a few seconds and this solved most of the security concerns.
However, people can’t keep much information in their short-term memory. So, users will have to go back and forth from the app/website to the message box in order to input the long sequence number for a successful transaction. It results in frustration and affects a user’s experience. So from then on, few things were considered while constructing these OTPs. It should be a maximum of 4-6 digits, should be easy to remember sequences and should always be placed at the start of a message so that we can directly grab it from the notification itself and need not open the whole message.
A few months back, Apple revealed a cool feature in iOS 12, that the device will scan incoming SMS messages for OTPs, and then suggest them as an auto-fill function. Instead of receiving the text message, memorizing the OTP, going to the other app and filling it in, hoping the number entered is indeed the correct one, the entire process will be semi-automated and the user will just need to submit the OTP appearing in the keyboard’s quick type field. This can come in really handy and it was a great design.
But, again it was not enough. As somebody said, the more we make users’ lives easier, the more they become lazy and ask for more. Soon, designers came up with a new interface where OTP automatically gets detected when it arrives. Here, users don’t have to submit OTP. The only thing users have to do is verify it. Everyone appreciated it as it made the entire process smooth and fast.
Now there are apps in which, OTP gets automatically submitted after 4 seconds. Sometimes it’s irritating when users do not want to submit the OTP but it gets submitted automatically.
I have heard mixed reactions on the need for OTP. When it comes to secure bank transactions, simplifying OTPs or making it fancy or even the auto-filling option doesn’t make an acceptable solution by everyone. Are these UX improvements opening up new security issues? Still debatable and needs more thinking.