Advanced concepts

OTP Validation in a Form

Purpose

The OTP (One-Time Password) validation feature is designed to verify a user's identity while filling out a form. This helps enhance security and prevent unauthorized access.

Application

OTP validation is applied to:

  • The Phone Number field

  • The Email field

    The user enters the phone number and clicks on GET OTP

    OTP is sent to the given phone number and the user can enter the OTP for verification

Process Flow

  1. The user enters a phone number or email.

  2. The user clicks "Get OTP".

  3. An OTP is sent to the provided phone number or email.

  4. The user enters the OTP in the verification field.

  5. The system validates the OTP.

    • If correct, the user's phone number/email is verified.

    • If incorrect, the user can reattempt verification.

  6. Once verified, the user can proceed to submit the form.

Configurable Parameters

  1. Failed OTP Attempts Lockout:

    • If a user enters an incorrect OTP 5 times, they are temporarily blocked from requesting another OTP.

    • Lockout duration is configurable based on system policies.

  2. Re-verification for Previously Verified Users:

    • A user who has successfully validated once should not be asked for OTP verification again while filling out the form.

    • The duration before re-verification is required is configurable.

  3. Revalidation After OTP Verification (But Before Submission):

    • If a user verifies their phone/email but does not submit the form, they must be asked for another OTP after a set time.

    • Example: If a user verifies their identity but does not submit the form within 60 seconds, they must revalidate before form submission.

    • This time interval is configurable.

Example from UI (Based on Screenshots)

  • Phone Number Input with OTP Trigger:

    • A user enters a phone number (e.g., +91 9999999999) and clicks "Get OTP".

  • OTP Confirmation Screen:

    • The system prompts the user to enter a 4-digit OTP sent to their number.

    • A resend timer prevents immediate retriggering of the OTP.

  • Form Submission Process:

    • If the user validates the OTP but does not submit the form within the defined time, re-verification is required.

Security Considerations

  • Rate Limiting: Restricts excessive OTP requests to prevent abuse.

  • Configurable Expiry Time: OTP validity and expiration duration can be adjusted per security policies.

Last updated

Was this helpful?