Is CA Mobile OTP secured during transmission and storage?
book
Article ID: 108037
calendar_today
Updated On:
Products
CA Rapid App SecurityCA Advanced AuthenticationCA API Gateway
Issue/Introduction
I have these questions on CA Mobile OTP: 1. When user inputs the Mobile OTP, when it travels to CA AA server is it encrypted? 2. Do we store CA Mobile OTP in database in clear text?
Environment
Release: Component: RSKFRT
Resolution
1. The Mobile OTP key(card string) is encrypted with the activation code when sent to the client device.However, we recommend to use HTTPS for all communications for added security. 2. Mobile OTP key is encrypted and stored in the database.