One Time Password

Why One-Time Password?

The main reason for using One-Time Passwords is to fight Keyloggers.
Unfortunately, there are many Keyloggers made not only by hackers, but also as a surveillance tool used by employers, business rivals, parents etc.

A Keylogger is an invisible keystroke recorder. There are two main sources for Keyloggers: hackers that try to break into any available computer and targeted installation, by someone who knows you. In both cases this is done without you being aware of it.
Keyloggers are embedded in one of many Malware, and Spyware.

Only amateurs and beginner hackers will expose themselves by changing passwords. In most cases Keylogger owners remains in the shadow. However, we found too many cases of 'lost password' that actually were password replacement by keylogger operators.

Safe-mail.net provides Sign-In history (from Preferences) that enables detection of shadow users. OTP will eliminate this problem completely.

Once you start to use OTP to Sign-In to your account, nobody will be able to get into your account, including those that operates Keyloggers that might be installed on any machine you might use.

With OTP you are protected against Keyloggers.

Installing and working with OTP

Safe-mail.net's OTP is a Java applet installed on a Mobile Phone. Most Mobile Phones are capable of executing Java applets.

To start using OTP, please initiate a request to use OTP from Preferences. A link to your unique version of the OTP generation program will be presented to you. Use this link from your Mobile device to download the OTP generation program.

After successfully installing the Java applet, return to Preferences to validate that you are ready. Once you enter a valid OTP, your Sign-In mode will switch to OTP.
From now you can Sign-In only with your OTP.

Notes:

Do not run the OTP program if you don't need the OTP for Sign-In.
As long as you have your Mobile Phone and can generate OTP, you may switch between using Static Password or OTP.
Switching between OTP and Static Password is available from Preferences at any time.
Keep your Static Password in a safe place. You might need to use it as Recovery Password.
In case you can't use your mobile to generate OTP because of any reason, you will be able to use your Static Password as Recovery Password.
Using your Static Password to SignIn will cancel your OTP setup permanently.
Using OTP could be problematic to those using POP and IMAP as Static Password will not work.
Although OTP defeats password theft and illegal access to your Safe-mail.net account, all the other threats of the many kinds of malware remains and should be dealt with.
Your mobile needs the Internet connection only to download the OTP Java applet. Once downloaded, no connection is needed in order to generate OTP.
You may have only ONE OTP generation applet on any mobile device. We may add the capability to have multiple applets, to Sign-In to multiple Safe-mail.net accounts in future.

Please send your questions or comments to Comments at Safe-mail.net.

Index of other documents.