One-time password (OTP) technology is a popular way to authenticate users or confirm a single network action. To verify the requested operation, the user has to enter a one-time code which they receive by email or SMS. This code works only once and is valid for a limited period of time.
OTPs are widely used by online banking services, social media platforms, marketplaces, and all kinds of web applications. They are easy to use, very versatile and provide a safer means of authentication than permanent passwords. They have also become a standard solution for multi-factor authentication (MFA).
Email vs other ways of OTP delivery
There are multiple ways to deliver a one time code. The most popular ones are SMS, push notifications and email. Less common options include automated voice calls, messaging applications and registered mail.
Email delivery offers the following advantages over other methods:
- Versatility.With email, you can send your OTP as a “magic link” for easy one-click login. An email OTP can be used on multiple devices (or restricted to a single device using additional tools), while an SMS, push or voice call OTPs are delivered to a single device only.
- Faster and steadier delivery.The person’s mailbox is reachable at any time, whereas their phone may be switched off or out of coverage. Sometimes even a regular SMS delivery may take long enough for a code to expire.
- Cost-effectiveness.Email is far cheaper than any other channel.
The main drawback, however, is that email can be insecure if the mailbox owner does not take sufficient measures to protect their account. Studies show that a vast majority of cyberattacks are initially targeted at email.
Ways to deliver an OTP by email
Free SMTP service
In terms of cost, nothing can beat a free option. However, as with all things free, you should take a closer look at the inevitable limitations. You are guaranteed to encounter sending quotas which are often set on an hourly basis. For instance, if you decide to use Gmail as free transport for your letters, you’ll get a mere 500 emails per day. Some services may add their own adverts to your emails, which you may find undesirable. Others lack critical features, such as the ability to manage spam complaints.
Overall, if you’re thinking about a free service, think twice. We have an article which will help you evaluate the available free SMTP options and make an educated choice.
If you have already set up a capable B2C email framework inside your company, you may use it for OTP delivery too. The word “capable” here implies that you are familiar with email marketing best practices, properly set up email authentication and dutifully process unsubscriptions and spam complaints.
Consider the volume and regularity of your emails. If the OTPs you send will increase the daily volume twofold at max and are more or less evenly spread over time, then you’ll probably be ok. Otherwise, consider using a dedicated email service provider (ESP).
ESP for marketing emails
The first thing that comes to mind when talking about an SMTP service provider is a company offering a wide range of services related to email marketing in general. Examples of such services are MailChimp, Hubspot, and SendGrid. They are called email service providers or ESPs.
ESPs are web-based services that allow users to manage subscriptions and contact lists, create letters and templates using intuitive visual editors, schedule their email marketing campaigns and perform a deep analysis of their results. They excel at sending out very large quantities of email, up to tens of millions per hour for a single user. Bulk mailings are occasionally blocked as spam even if they are perfectly legitimate, and ESPs have a special department for dealing with such issues in a timely manner.
Delivery speed, however, may still be a concern. A marketing ESP may lack the ability to prioritize transactional messages, and a time-sensitive OTP will stay in queue until your previous bulk campaign completes.
Overall, a marketing ESP might be a good solution for your OTP sending needs, if you are already performing your email campaigns at large scale. However, in the case of OTPs you’d be paying extra for the services you don’t actually need.
Transactional email services
Another type of ESP, often referred to as SMTP relay or transactional email service, is optimized for transactional messages. These are emails that are initiated by certain events or user actions such as completing an online payment, placing an order, or delivery notification. As you may clearly see, OTP emails also fit into this category.
Transactional messages may also be sent in large quantities, but each email is unique, being related to a particular user’s action. Mailbox providers do not see them as bulk messages, which means they are rarely rejected as spam. This leads to higher delivery rates and better sender reputation scores – both for the service and for its clients.
Fast email delivery is another prominent feature of SMTP relay services. Transactional messages are usually time critical, so special measures are taken to keep average delivery time as low as 10-20 seconds.
Marketing ESPs may be way more feature rich, but do you really need, say, A/B testing or a fancy template gallery for your OTP emails? If not, it makes sense to save on such features.
As for the price, transactional email services are the second best option in our review, yielding only to the free services. But wait! A closer look may reveal some truly unique variants. UniOne here offers a fantastic opportunity for startups founded less than 3 years ago operating in Western Europe, Central, South or North America, Asia, or Africa. It includes 500,000 free emails monthly for a whole year of signing up, so you can focus on scaling your business without having to pay much for your B2C email communications.
In addition to the options described above, you may want to consider a dedicated OTP service. Such services usually offer a range of delivery methods (email, SMS, push, voice call and so on). For each method, they may use multiple delivery providers, assuring fail-safe operations. Examples of OTP email services include FazPass, MojoAuth, and Signicat, to name just a few.
OTP services offer a convenient way to generate, deliver and verify one-time passwords using API calls. They may also provide aggregated statistics and other useful features. This option will require the least amount of programming. However, their fees tend to be substantially higher than other variants.
There are multiple ways to deliver OTP codes via email, and we’ve discussed their benefits and potential drawbacks. Luckily, all of these options use open architecture principles. This means that if the current solution no longer suits your needs, you may migrate to another one easily.
To learn the basics of what an OTP is, see our previous article
OTPs are used for a wide range of tasks beyond user authentication. See our article for details