Skip to product menu
close
  • Recent Launches
    Press Space or Enter to display list of options
EXPLORE ALL PRODUCTS

Recent Launches

New

Payroll software with automated tax payments and filing.

Try now
New

Robotic process automation software to automate high-volume, rule-based tasks.

Try for free
New

Low-code IoT platform and solutions for connected businesses.

Try now
New

Business formation service to launch and grow your businesses.

Try now
New

Privacy-friendly application analytics solution.

Try for free

Sales

 
CRM

Comprehensive CRM platform for customer-facing teams.

CRM
 
Bigin

Simple CRM for small businesses moving from spreadsheets.

Bigin
 
Forms

Build online forms for every business need.

Forms
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Sign

Digital signature app for businesses.

Sign
 
RouteIQ

Comprehensive sales map visualization and optimal route planning solution.

RouteIQ
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
Suites
CRM Plus

Unified platform to deliver top-notch customer experience.

CRM Plus

Marketing

 
Social

All-in-one social media management software.

Social
 
Campaigns

Create, send, and track targeted email campaigns that drive sales.

Campaigns
 
Forms

Build online forms for every business need.

Forms
 
Survey

Design surveys to reach and interact with your audience.

Survey
 
Sites

Online website builder with extensive customisation options.

Sites
 
PageSense

Website conversion optimization and personalisation platform.

PageSense
 
Backstage

End-to-end event management software.

Backstage
 
Webinar

Webinar platform for webcasting online webinars.

Webinar
 
Marketing Automation

All-in-one marketing automation software.

Marketing Automation
 
LandingPage

Smart landing page builder to increase conversion rates

LandingPage
 
Publish

Manage all your local business listings on a single platform.

Publish
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Sign

Digital signature app for businesses.

Sign
 
Thrive

Complete loyalty and affiliate management platform.

Thrive
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
NEW
LeadChain

Sync, manage, and convert leads across channels seamlessly.

LeadChain
 
NEW
CommunitySpaces

Online community platform for individuals and businesses to grow their network and brand.

CommunitySpaces
 
Suites
Marketing Plus

Unified marketing platform for marketing teams.

Marketing Plus

Commerce

 
Commerce

eCommerce platform to manage and market your online store.

Commerce

Service

 
Desk

Helpdesk software to deliver great customer support.

Desk
 
Assist

Remote support and unattended remote access software.

Assist
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
FSM

End-to-end field service management platform for service businesses.

FSM
 
SalesIQ

Live chat app to engage and convert website visitors.

SalesIQ
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
NEW
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
Suites
Service Plus

Unified platform for customer service and support teams.

Service Plus

Finance

 
Books

Powerful accounting platform for growing businesses.

Books
 
FREE
Invoice

100% Free invoicing solution.

Invoice
 
Expense

Effortless expense reporting platform.

Expense
 
Inventory

Powerful stock management and inventory control software.

Inventory
 
Billing

End-to-end billing solution for your business.

Billing
 
Checkout

Collect payments online with custom branded pages.

Checkout
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
NEW
Solo

The all-in-one toolkit for solopreneurs.

Solo
 
Practice

Practice management software for accounting firms.

Practice
 
Sign

Digital signature app for businesses.

Sign
 
Commerce

eCommerce platform to manage and market your online store.

Commerce
 
Suites
Finance Plus

All-in-one suite to manage your operations and finances.

Finance Plus

Email and Collaboration

 
Mail

Secure email service for teams of all sizes.

Mail
 
Meeting

Online meeting software for all your video conferencing & webinar needs.

Meeting
 
Writer

Word processor for focused writing and discussions.

Writer
 
Sheet

Spreadsheet software for collaborative teams.

Sheet
 
Show

Create, edit, and share slides with a sleek presentation app.

Show
 
Notebook

Beautiful home for all your notes.

Notebook
 
Cliq

Stay in touch with teams no matter where you are.

Cliq
 
Connect

Employee experience platform to communicate, engage, and build positive employee relations.

Connect
 
Bookings

Appointment scheduling app for consultations with customers.

Bookings
 
TeamInbox

Shared inboxes for teams.

TeamInbox
 
WorkDrive

Online file management for teams.

WorkDrive
 
Sign

Digital signature app for businesses.

Sign
 
Office Suite

Powerful collaborative work platform for teams.

Office Suite
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
Calendar

Online business calendar to manage events and schedule appointments.

Calendar
 
Learn

Knowledge and learning management platform.

Learn
 
Voice

Cloud Contact Center Software for businesses.

Voice
 
ToDo

Collaborative task management for individuals and teams.

ToDo
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
FREE
PDF Editor

Collaborative online PDF editing tool.

PDF Editor
 
Suites
Workplace

Application suite built to improve team productivity and collaboration.

Workplace

Human Resources

 
People

Organize, automate, and simplify your HR processes.

People
 
Recruit

Intuitive recruiting platform built to provide hiring solutions.

Recruit
 
Expense

Effortless expense reporting platform.

Expense
 
Workerly

Manage temporary staffing with an employee scheduling solution.

Workerly
 
NEW
Payroll

Payroll software with automated tax payments and filing.

Payroll
 
Shifts

Employee scheduling and time tracking app.

Shifts
 
Sign

Digital signature app for businesses.

Sign
 
Suites
People Plus

Comprehensive HR platform for seamless employee experiences.

People Plus

Security and IT Management

 
Creator

Build custom apps to simplify business processes.

Creator
 
Directory

Workforce identity and access management solution for cloud businesses.

Directory
 
FREE
OneAuth

Secure multi-factor authenticator (MFA) for all your online accounts.

OneAuth
 
Vault

Online password manager for teams.

Vault
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Toolkit

Complete resource for any admin-related lookup queries.

Toolkit
 
Lens

Interactive remote assistance software with augmented reality.

Lens
 
Assist

Remote support and unattended remote access software.

Assist
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine
 
NEW
RPA

Automate manual, tedious, and repetitive tasks easily.

RPA

BI and Analytics

 
Analytics

Modern self-service BI and analytics platform.

Analytics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep
 
NEW
IoT

Harnessing IoT analytics for real-time operational intelligence.

IoT

Project Management

 
Projects

Manage, track, and collaborate on projects with teams.

Projects
 
Sprints

Planning and tracking tool for scrum teams.

Sprints
 
BugTracker

Automatic bug tracking software for managing bugs.

BugTracker
 
NEW
Solo

The all-in-one toolkit for solopreneurs.

Solo

Developer Platforms

 
Creator

Build custom apps to simplify business processes.

Creator
 
Flow

Automate business workflows by creating smart integrations.

Flow
 
Catalyst

Pro-code platform to build and deploy your apps.

Catalyst
 
Office Integrator

Built in document editors for web apps.

Office Integrator
 
ZeptoMail

Secure and reliable transactional email sending service.

ZeptoMail
 
QEngine

Test automation software to build, manage, execute, and report testcases.

QEngine
 
Tables

Work management tool to connect people, processes, and information.

Tables
 
NEW
RPA

Automate manual, tedious, and repetitive tasks easily.

RPA
 
NEW
Apptics

Application analytics for all apps.

Apptics
 
Embedded BI

Embedded analytics and white label BI solutions, tailored for your needs.

Embedded BI
 
NEW
IoT

Build, deploy, and scale IoT solutions for connected businesses.

IoT
 
DataPrep

AI-powered data preparation service for your data-driven organization.

DataPrep

IoT

 
NEW
IoT

Low-code IoT platform and solutions for connected businesses.

IoT

Search Result

 
CRM Plus

Unified platform to deliver top-notch customer experience.

Try now
CRM Plus
 
Service Plus

Unified platform for customer service and support teams.

Try now
Service Plus
 
Finance Plus

All-in-one suite to manage your operations and finances.

Try now
Finance Plus
 
People Plus

Comprehensive HR platform for seamless employee experiences.

Try now
People Plus
 
Workplace

Application suite built to improve team productivity and collaboration.

Try now
Workplace
 
Marketing Plus

Unified marketing platform for marketing teams.

Try now
Marketing Plus
 
All-in-one suite

Zoho One

The Operating System for Business

Run your entire business on Zoho with our unified cloud software, designed to help you break down silos between departments and increase organizational efficiency.

TRY ZOHO ONE
Zoho One
Zoho Marketplace

With over 2000 ready-to-use extensions across 40+ categories, connect your favorite business tools with the Zoho products you already use.

EXPLORE MARKETPLACE
Marketplace
Skip to main content

Tips to ace your one-time password emails

  • Published : June 30, 2024
  • Last Updated : November 28, 2024
  • 652 Views
  • 9 Min Read

The most important things are often overlooked because they’re so ingrained in our process that we tend to practice them without a second thought. Their significance is pronounced only when they’re removed from the system, leading to serious outcomes.

One such practice in the world of online transactions is the process of receiving one-time passwords (OTPs). OTPs, in most cases, are the first line of defense in protecting our identity from being misused by bad actors. OTPs, in their various forms, ensure safe and secure transactions.

While delivering OTPs on time is important, presenting them the right way is essential to protect users and enhance their experience. Read on to learn how you can get these emails right.

What are one-time passwords?

One-time passwords are a set of characters that are generated and sent to a user's trusted device or application. They’re dynamic, auto-generated values that change every time they’re requested. As one-time codes, they’ll be reset after their use.

OTPs are part of multi-factor authentication (MFA), which is used to verify a sender's identity. MFA uses a series of processes to authenticate a sender. This includes the user going through multiple layers of security measures to access a service or complete a transaction.

These measures include logging on to a fingerprint-enabled device and entering the username-password combination along with the OTP to confirm their identity. They’re also used for passwordless logins where the username and OTP combination will be used to log into a service.

There are different mediums in which OTPs are delivered, and they differ from each other in the forms in which they’re delivered, too.

Types of OTPs

To understand the types of OTPs, it’s important to know how they work. OTP works with a combination of two inputs, a seed and a moving factor.

A seed generates the unique code that users receive. It’s a mix of a password generator that will generate the codes and a server. The next input is the moving factor. This is a dynamic value, and it differentiates one type of OTP from the other.

Both the seed and the moving factor will be combined by a hashing algorithm, and the resulting hash value will be sent to the user. This hash value is the OTP.

Based on the moving factor, there are two types of OTPs: HOTP and TOTP.

HOTP

The HMAC-based OTP (or hash-based OTP) has an event-based counter, with the event being the act of requesting the OTP. During a login attempt, the OTP will be shared with the user. Once they enter the OTP, the counter value will be implemented to verify the shared code. The advantage of an HOTP is that the user can refresh it to generate a new value. More information on this method of authentication can be found here.

TOTP

Time-based OTPs have a timer as the moving factor. The codes generated using this method will be valid for only a short time. The user must enter the code within that time, usually between 15 seconds and one minute, after which it will be refreshed. The TOTP method usually uses a third-party authenticator app to validate the user. When the user logs into a service, they’ll have to copy and paste the OTP on the login page to verify their identity. More information on this method of authentication can be found here.

Methods of delivering OTPs

  • SMS/text messages: Users attempting to log into a service will receive the OTP on their registered mobile number. SMS-based authentication is an upgrade to the password-based login by adding another layer of security. SMS or text messages don’t require the user to learn new hardware or additional authenticator applications.

  • Email: Email-based authentication involves the user receiving an OTP to their email address. It’s used to verify the user's identity, especially when they’re new to a service. They’re also used to help recover forgotten passwords because users most often use email addresses to log into the application. Email OTPs are popular mediums in passwordless logins. This involves a user signing into a service using their username and the OTP received in an email.

  • Messaging applications: The newest trend in receiving OTPs is via messaging apps like Whatsapp. Messaging applications combine the convenience of a handheld device and the accessibility of a text message. Messaging apps offer additional security because they offer end-to-end encryption to secure the OTPs users receive.

  • Hardware keys: Hardware keys are physical devices that are used to validate users. By registering the hardware key with the user’s service, they can easily use the key to verify their identity. When the user signs into their service, they’ll be prompted to enter the OTP, which can be fetched from the hardware key. Some of the hardware keys include USB keys and NFC-enabled devices.

  • Authenticator applications: Authenticator applications also generate OTPs. Authenticators don't require a physical device like a hardware key, and they can be used with an authenticator application installed on your mobile device. These applications use the TOTP method of authentication, and the code will be refreshed after a certain amount of time. The advantage of these applications is that they operate even without internet access, making them highly accessible.

Why do OTPs matter?

Authentication

The primary function of an OTP that we’ve been reinforcing so far is to protect users' identities. Using these codes during login or while registering for a service will help prevent identity theft and make it difficult for bad actors to break into a service. Enabling OTP-based logins will help users stay aware of any attempts to use their service. When a user receives an OTP they didn't request, they’ll know someone is trying to break into their service and be more vigilant by strengthening their passwords and taking other mitigation actions.

Safer than passwords

When used along with passwords, security codes like OTPs mitigate against password breaches. Because a new code is generated every time, they’re immune to replay attacks where a bad actor tries to intercept the code and use it. OTPs are increasingly being used as an alternative to passwords while logging into a service. This takes account security to the next level by completely eliminating passwords that can be compromised.

Scalability and ease of use

The OTP method of authentication can be easily incorporated within an application using APIs to allow for seamless integration. Because OTPs can be easily integrated within a service, they don’t require complex infrastructure, which will help reduce the cost of building one. This helps you bolster security without burning a hole in your pocket.

Because OTPs are a familiar concept, there’s not much of a learning curve for users when it comes to adopting to them. The OTP delivery methods are easy to use and, in most cases, don’t require additional knowledge to use them. Users don’t have the hassle of remembering them, making them a preferred option.

OTP use-cases

Account authentication

Security codes like OTPs find their use in account authentication as a part of 2FA or MFA. This includes authentication while logging into a banking service, or even passwordless logins.

User registration

Users who sign up using their email address or mobile number verify them using OTPs. This verification helps them check if the details they’ve used are accurate.

Online transactions

OTPs are largely used in financial transactions and account access. Because banking transactions are highly sensitive, receiving an OTP to confirm them will prevent unauthorized access and financial fraud.

Password reset

Another common use of email OTPs is to aid in password reset or password recovery. Because users almost always sign up for a service using their email address, email OTPs are used for this purpose. Email OTPs for password recovery prevents bad actors from attempting to hack into your account. Because they’re sent to your email address, you’ll be aware of any attempts to break into your account. Unless your email address is compromised, this is a fail-proof method of protecting your password-protected account.

These use cases will give you a rough idea of how OTP authentication works and why it’s important. Although getting these important codes on time is essential, equal importance lies in how they’re presented to the users. In the next section, we’ll pick the most reliable and timeless channel of OTP communication via emails. Among the list of OTP channels mentioned here, emails are the longer form of communication. Care must be taken while creating them.

Best practices for crafting effective OTP emails

As we’ve already discussed, OTP emails are a type of transactional email businesses send to customers automatically based on an action performed on an application or website. They must be sent to users on time without any delay. Email service providers (ESPs) will take care of their delivery; however, you’ll have the freedom to write these emails based on your preference. Some points that you should keep in mind when creating an effective OTP email are:

The focus should be on the OTP

Users requesting an OTP are constrained for time because of the limited time it’s valid. Keeping the OTP prominent will make it easier for the user to access and enhance their user experience. It should be easy to spot, so it should be highlighted.

Keep it separate

In the case of password reset information, you’ll be sending the customer's details along with the OTP. This will include their account information, which may contain numbers. Users can misread the information and enter the wrong OTP, so it’s essential to keep them separate to avoid any errors. Provide ample spacing between the OTP and other content in the emails.

Keep it simple

Provide your OTP in four- or six-digit chunks. This makes it more readable and leaves little room for error. For example, an OTP of 123 456 is much more decipherable than 12 34 56. Because users will be switching between screens to enter their codes, chunking them in this way will make it easier for the users to remember them.

Opt for numerical codes

Reserve alpha-numeric codes for captchas and use numbers for your OTPs. Again, this is in line with the email’s readability and user-friendliness. Ensure you use at least a four-digit OTP to avoid users confusing it with the CVV on their card.

Mention validity

We know that OTPs will eventually expire. Mentioning the expiry period in the email will help users be aware of the time within which they should enter it. Most critical transactions require shorter time validity; however, you can increase the time validity for less-sensitive operations.

Give clear information

State the purpose of the OTP in a clear and concise manner. For example, in the case of an account verification email, mention the user's details—like their username—along with the OTP. The information provided will help them verify their details before proceeding with the transaction.  

Share customer support details

In case the user needs additional assistance, they’ll benefit from your service's customer support information. You can also add a chatbot right within the mailbox to answer their questions instantly.

Avoid marketing content

Transactional emails like OTPs serve one purpose—getting the user the information they need on time. Although giving additional information about your brand might be alluring, it’s best to avoid it because it could be intrusive and overpower the OTP. With ESPs enforcing strict measures to check for spammy content and filtering it out, adding marketing content in your transactional emails can result in them being marked as spam.

Retry information

There might be instances where the user requests a new OTP if the first one expires. In these cases, make sure to update the OTP and mention that it’s a new one to avoid any confusion.

Scalability

Desktop browsers aren’t the only place where your emails will be accessed by your customers. Ensure that the emails you create are compatible with any device. Test your emails before you send them out to ensure that they’re optimized across devices.

Send them on time

OTPs for password reset emails are requested by users who’ve been locked out of their account, so they’ll be anticipating the email. Timely delivery of the OTP is important because late delivery will make the customer lose trust in your business. Ensure that the service you choose makes the timely delivery of your emails possible.

Good inbox placement

Sending your emails on time isn't ideal if they don’t reach your recipients' inbox. Asking your customers to look for their OTPs in their spam folder isn’t a good look for your business and it can reduce your business's credibility. Inbox placement is directly proportional to your email deliverability, which can improve with the help of good email practices and by using a good service.

Use reputed channels

OTP emails are important and confidential, so the service you use should be secure. Some send out both transactional and marketing emails. To get the most out of the service and ensure fast delivery for your transactional emails, it’s advisable to use a dedicated transactional email service. A dedicated service will not only give you great delivery rates but also get the emails to your recipients on time. This trait is desired if you’re sending out important emails like OTPs.

Wrapping up

Zoho ZeptoMail is one such service that focuses solely on sending out transactional emails. ZeptoMail allows you to seamlessly connect your business to send out emails using SMTP and APIs. Our delivery rates are one of the best in the industry and we focus on secure email delivery, so you can rest assured that your emails will reach your recipients on time.

Leave a Reply

Your email address will not be published. Required fields are marked

By submitting this form, you agree to the processing of personal data according to our Privacy Policy.

You may also like