-3

I am working on a banking app and want to make OTP more complex by including special characters in it. But on iPhone, what i observe that it ignores OTP sms if the OTP is comprising of special characters. How can I use Special Characters in OTP for iOS app and make the Keypad auto pick it?

I tried using escape sequence but it didn't work. On the other hand, its working fine on Android phones.

Steve Vinoski
  • 19,847
  • 3
  • 31
  • 46
Aamir Butt
  • 1
  • 5
    Based on what security best practice does your OTP include "special characters"? What attack are you trying to protect against? You are deviating from the standard and are now facing the "consequences" of that. – luk2302 Aug 21 '23 at 07:20
  • I agree. The protection from a OTP primarily comes from it being both one time and short-lived unlike passwords that are multi-use and long-lived. An attacker is not afforded multiple attempts at providing an OTP over a long duration, so increasing the entropy of the OTP achieves nothing. You can easily increase security on the validation side by reducing the number of attempts allowed before a new OTP is sent (you could even send a new OTP after a single failure) and reducing the validity period of the OTP (but be wary of creating a bad UX) – Paulw11 Aug 21 '23 at 21:24
  • A six digit OTP with a single attempt permitted is a 1 in a million guess. Adding letters or special characters isn't going to change the odds in a meaningful way – Paulw11 Aug 21 '23 at 21:26

0 Answers0