A one–time password (OTP), also known as one–time pin or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid a number of shortcomings that are associated with traditional (static) password-based authentication; a number of implementations also incorporate two-factor authentication by ensuring that the one-time password requires access to something a person has (such as a small keyring fob device with the OTP calculator built into it, or a smartcard or specific cellphone) as well as something a person knows (such as a PIN).
On reading the above, you may fall into any of the following 4 categories:
- Read, understood, appreciate
- Read, did not understand, and hence did not appreciate
- Did not read the first sentence fully because dude I know what OTP is *smirk*
- My clients
The challenge that is obtaining a client’s OTP for uploading GST / Income Tax return and the likes is something that I, as a Chartered Accountant, did not see as a pain point. You probably think I’m exaggerating right? I mean, is it so hard to get a client to check his mobile for a 6-digit OTP message and convey it right back to you?
YES.
By the end of this article, you will understand the kind of mental trauma that we undergo in our firm in the process of filing returns with one-time passwords. Just to put things into perspective, my last blog post was in October 2017, 3 months into the GST regime, 1.5 years back. That’s saying something right? No? Read on.
Disclaimer: Based on true events, none made up.
*Submits GST return and calls client for OTP.
“Yes?”
“Sir, this is so-and-so calling from the Auditor’s office, we have submitted your GST Return, and you would have received an OTP now, could you please check and tell us?”
“Ma I am in meeting now ma, I can’t check. You please check with me before generating OTP and all.”
Cuts call.
-cut-
Extra cautious now, calls client half an hour prior to submitting return.
“Heloooooo!”
“Good morning Sir, this is so-and-so calling from the Auditor’s office, we are going to submit your GST return in sometime, will you be available to communicate the OTP to us?”
“Oh no ma, it is my nap time now hehehehe! Why don’t you try after 3.30 P.M?”
Grudgingly – “OK Sir.”
Calls at 3.30 P.M. sharp after submitting the return. No answer.
Landline rings at 5.29 P.M. We work till 5.30 P.M.
“Ma I got the OTP ma. Shall I tell you the OTP now?”
-cut-
Calls client, ready to submit return.
“Good morning Sir, this is so-and-so calling from the Auditor’s office, we are going to submit your GST return now, will you be available to communicate the OTP to us?”
“Sure pa.”
Wow da.
Call gets cut.
Calls back.
“Sorry Sir, the call seems to have disconnected by mistake, shall I generate it now?”
“No pa, I only cut the call. How will I see and tell the OTP if you are on the line?”
-cut-
Calls client, ready to submit return.
“Good afternoon Sir, this is so-and-so calling from the Auditor’s office, we are going to submit your GST return now, will you be available to communicate the OTP to us?”
“Please go ahead ma, I will stay on the line.”
Whattey medical miracle!
“Sir I have generated, could you check and tell me?”
“Hold on ma.”
*OTP communicated*
“No Sir, it says incorrect OTP, could you check again?”
“OK ma.”
*OTP communicated*
“No Sir, again it says incorrect OTP.”
“Oh I think I told last month’s OTP.”
*rolls eyes*
“Shall I generate the OTP again Sir?”
“OK ma.”
*OTP communicated*
“No Sir, it says incorrect OTP. I think you told me the previously received OTP. Could you tell the me latest OTP that you have received?”
*OTP communicated*
“Sir the OTP you have given is numeric. The GST OTP will be alpha-numeric.”
“Oh hehehehe I seem to have told you my Swiggy OTP from last night.”
*cuts call because CANTABLETO*
-cut-
Calls client, ready to submit return.
“Hello Sir, this is so-and-so calling from the Auditor’s office, we are going to submit your GST return now, will you be available to communicate the OTP to us?”
“Yes madam.”
“Sir you should have received the OTP.”
“No madam I did not get any message.”
“OK Sir, let us wait for a few seconds.”
*one min later*
“No madam, I have still not received it.”
“OK Sir, I have generated again, please check now.”
*two mins later*
“No madam, I have not received the OTP.”
“Oh.”
“This is ridiculous madam. Why are they not sending me the OTP? Why are they wasting all our precious time? I want to lodge a compliant. Who should I call?”
-cut-
Need I go on?