By Dennis Jones
If you haven’t heard about one-time password, don’t worry, it’s doing its job
As part of the effort to make the iPass service invisible to end users, iPass launched iPass SmartConnect, designed to automatically connect users to the best Wi-Fi hotspot for their usage needs. And since that big announcement, we’ve made the service even more invisible, by deploying one-time password, which securely authorizes and authenticates users on the iPass service, removing the need for users to remember, update, or unwittingly share their passwords in order to connect to iPass. With one-time password, iPass now assigns user credentials automatically.
Besides being user-friendly, one-time password is simply more secure than static passwords, i.e., passwords that users create. Static passwords are notoriously vulnerable to replay attacks. In contrast, one-time password is inoculated against replay attacks, because it uses a token-based system to dynamically generate a user’s password.
iPass also offers one-click activation as a component of one-time password. one-click activation allows iPass to verify whether a user is authorized to use the service. Once verified, the user receives a tokenized pseudonymous identity that matches the user’s true identity.
Onboarding doesn’t get much more intuitive and efficient than one-click activation. Administrators simply upload a file of users to the iPass dashboard, and end users receive an email notification, which allows them to activate their iPass account with just one click on any device.