IBM Security Verify

 View Only
  • 1.  Different expiry time for SMS MAC and EMAIL MAC OTP

    Posted Wed March 06, 2019 10:29 PM
    Hi,

    Is there any way we can use two different expiry time of OTP, like 2 mins for SMS and 5 mins for EMAIL?

     In ISAM currently the authentication mechanism "MAC one time password" provides configuration for SMS and EMAIL both type of OTP policies. I mean EMAIL and SMS both uses the same "MAC one time password" which has expiry config, and we can not duplicate or create another "MAC one time password" mechanism for different expiry settings.

    Can someone suggest if this is possible in ISAM 9050?

    Thanks,
    Amitesh



    ------------------------------
    Amitesh Singh
    ------------------------------


  • 2.  RE: Different expiry time for SMS MAC and EMAIL MAC OTP

    Posted Thu March 07, 2019 03:03 AM
    Hello,

    Looking at the OTP mechanism, it appears that the "token storage time" is part of configuration which means it can't be set at runtime.

    So, unless there is some secret parameter available, it is not possible to set different timeouts for SMS vs Email. 

    Jon.

    ------------------------------
    Jon Harry
    Consulting IT Security Specialist
    IBM
    ------------------------------



  • 3.  RE: Different expiry time for SMS MAC and EMAIL MAC OTP

    Posted Thu March 07, 2019 04:40 AM
    Thanks Jon for your reply.

    I am hoping if someone knows some secret parameter that could do this magic, otherwise no choice.

    Thanks,
    Amitesh

    ------------------------------
    Amitesh Singh
    ------------------------------