Why I’m Building An OTP App

Because we were traveling with kids (Asheville, NC area), today is my first workday of 2024, making it also my first day working towards 2024 goals.

For January, my two focuses will be regular updates on this blog (so I can build some traffic) and an app for one-time passwords (OTP) that I’ll use across my other projects.

Why OTP? Because it’s the absolute best auth mechanism and should replace username-plus-password as the default auth option in most apps.

I’ll expand on this further this month, but the advantages of OTP are:

  1. There’s only one form field to complete, email, and it can be autocompleted by any major browser.
    • ... unlike username-plus-password, which requires two form fields and specialized software (a password manager) to autocomplete.
  2. It’s exactly as secure as username-plus-password,
    • ... but without a password to lose or get cracked.
  3. The app maker gets implicit email verification for all users.
  4. It works for everyone
    • ... unlike social auth, which excludes 70% of internet users at minimum, no matter which provider you choose.
  5. Zero cognitive overhead for the user
    • ... unlike sites that offer email login plus three social providers, and require their users to remember which method they chose.
  6. It works in any setting and on all devices
    • ... unlike password managers, which only work when the user is on a device where their password manager is installed.

There you have it—seven good reasons that came to me with no thought, at 5:30 AM on the first working day of the year. Now imagine how compelling my argument would be if I actually thought about it!

The combination of simplicity for the app maker and for their users makes OTP the best choice for most apps with normal security requirements. I wouldn’t use OTP to guard the nuclear codes or your medical records. For most other use cases, the security provided by OTP will be a gracious plenty, as they say.

More to come on how my app will differ from existing OTP providers, but suffice to say, it will lean into the overall simplicity of the concept.

See all updates

Want to read the rest of the story?

Subscribe to Lumpcorp's monthly newsletter.

Monthly, longform updates only. No marketing spam now or ever.