OTP mPIN Feature

Owned by Enterprise IT
May 08, 2024

Overview

In the Summit Mobile App, we have implemented One-Time Password (OTP) and Mobile Personal Identification Number(mPIN) multi-factor authentications to enhance security measures, safeguard user accounts and sensitive information. This additional layer of protection effectively prevents unauthorized access, mitigates password guessing attacks, and reduces the risks associated with compromised passwords.


Figure: OTP/mPIN Benefits

Why OTP/mPIN?

An OTP is generated exclusively for a specific transaction, while an mPIN offers the advantage of being easily memorizable by the user, unlike a complex alphanumeric password. The presence of OTP and mPIN significantly lowers the risk of unauthorized access, making it difficult to breach or compromise.

User Persona: Administrator

Business Benefits

  • Enhanced Security - An OTP is transaction-specific, whereas an mPIN is designed to be easily memorable for the user, in contrast to the requirement of recalling an alphanumeric password.

  • Mitigation of Stolen Passwords - mPIN and OTP significantly reduce the likelihood of hacking and other security breaches.

  • Mobile Device as an Authentication Factor - When accessing the app on the same device where the OTP is received, the user is relieved from the need to enter or remember their password.

Configure mPIN

Configuring mPIN enhances the security of the mobile device and refrain from unauthorized access. You can configure mPIN using the following authentications: 

  • Form Authentication
  • OTP Authentication

Form Authentication

To configure a mPIN using Form Authentication, perform the following steps:

  1. Open the Summit Mobile App on the mobile phone.

  2. Enter the Web Service URL in the Web Service placeholder and click Submit.
    The Summit Mobile App log in page is displayed.


    Figure: Login Page

  3. Enter the required Username and Password and click Sign In.
    A confirmation message is displayed to set mPIN or skip the setup of mPIN is displayed.


    Figure: Set mPIN

  4. Click OK to proceed to setup mPIN for the mobile app.
    The Set Your mPIN page is displayed.


    Figure: Set mPIN


  5. Enter the numerical number in the Set Your mPIN and Confirm Your mPIN placeholder, click Submit.
    A confirmation message ‘mPIN setup was successful’ is displayed.

OTP Authentication

To configure mPIN using OTP Authentication, perform the following steps:

  1. Open the Summit Mobile App on your mobile.

  2. Enter the Web Service URL in the Web Service placeholder and click Submit.
    The Summit mobile app log in page is displayed.

  3. Click OTP tab from the log in page.
    The OTP section is displayed.


    Figure: OTP tab

  4. Select the country code from the list or type-in the valid registered mobile number or email id.

  5. Click Get OTP.
    The OTP is sent to the registered mobile and email id.


    Figure: OTP Sent

  6. Enter the received OTP and click Verify & Proceed.
    The system validates the OTP and login to the Summit Mobile App with Set mPIN pop-up.


    Figure: Set mPIN pop-up

  7. Click OK to set the mPIN and enter the mPIN you want to set for Summit Mobile App log in.
    The Set mPIN page is displayed.


    Figure: Set mPIN

  8. Click Submit.
    A confirmation message ‘mPIN setup was successful’ is displayed.


Notes

  • The system triggers OTP to the registered user and validated phone number in the Summit application.
  • If the phone number is not registered then an error message, ‘The phone number provided doesn't match our records. Please try again. You have 4 attempt(s) remaining.’ is displayed.
  • After five consecutive incorrect OTP attempts, the OTP log in will be locked. It will automatically reactivate after 24 hours. During this lockout period, you still have the option to log in to the Summit Mobile Application using either the Form login or the mPIN.


Set mPIN

To set mPIN from Summit Mobile App if you have bypassed the process of setting up an mPIN during the logging in phase, you still have the option to establish an mPIN by accessing the Summit Mobile App.

To Set mPIN, perform the following steps:

  1. Login to the Summit Mobile App.

  2. Navigate to Dashboard > More > Settings, click Set mPIN.
    The Set mPIN screen is displayed.


    Figure: Set mPIN
  3. Click Set mPIN arrow and enter the Set Your mPIN and Confirm Your mPIN in the placeholders.

  4. Click Submit.
    A confirmation message ‘mPIN setup was successful’ is displayed.

Reset mPIN

The reset a mPIN is required for security purposes and to ensure the protection of sensitive information and transactions associated with the account.

To Reset mPIN, perform the following steps:

  1. Login to the Summit Mobile App.

  2. Navigate to Dashboard > More > Settings, click Reset mPIN.
    The reset mPIN screen is displayed.


    Figure: Reset mPIN

  3. Click Reset mPIN arrow and enter the Old mPIN, New mPIN, and Confirm New mPIN in the placeholder.

  4. Click Submit.
    A confirmation message ‘mPIN reset was successful.

Skip mPIN

During the setting up of the mPIN, a pop-up displays, giving you an option to click "Skip" and not set the mPIN. You can select this skip option up to three times. On the fourth attempt, the system will automatically display the mPIN setup screen with the "Cancel" button disabled.

Note

On the mPIN page, if you select not to set the mPIN and click the "Cancel" button, the skip count will be incremented by one.


Log in with mPIN

You can login through mPIN if the mPIN is configured based on the Form or OTP logins. 

To login with mPIN, perform the following steps:

  1. Login to the Summit Mobile App.

  2. Click mPIN from the login screen.
    The mPIN section is displayed with the logged in username.


    Figure: mPIN Login

  3. Enter the mPIN into the placeholder and click Verify & Proceed.
    The system logs in to the Summit Mobile App successfully.

    Note

    After five consecutives incorrect mPIN attempts, the mPIN log in will be locked. It will automatically reactivate after 24 hours. During this lockout period, you still have the option to log in to the Summit Mobile Application using either the Form login or the OTP.


Scenario

User-A has already established an mPIN for Device-A and now wishes to access the Summit Mobile App from Device-B. Would User-A have to set up the mPIN again?

Solution

No, User-A does not need to set up the mPIN again. The mPIN that User-A established on Device-A can be used for logging into the Summit Mobile App on Device-B as well.

The mPIN is typically associated with the user's account rather than a specific device. Once the mPIN is set up for a particular account, it remains linked to that account regardless of the device used to access the app. Therefore, User-A can seamlessly use the same mPIN to log in to the Summit Mobile App on different devices, including Device-B, without the need for setting it up again. This offers convenience and consistency for the user across various devices while maintaining a secure login process. To access the mPIN option, the user must first log in with Forms or OTP on the device and then log out. Only after logging out will the mPIN option become visible for use.