Today people often use Internet banking to pay bills, alimony, loans. New technologies allow a person, sitting at a computer, to open an account or deposit, check the balance of money on his card. Using Internet banking allows you to significantly save time without spending money on paying commissions in most cases. You only need access to your personal account in the Online Sberbank system.
Not everyone knows how to get a list of one-time passwords in order to further confirm transactions made from the personal account of Sberbank.
The need to obtain identification data
To carry out transactions with accounts and cards, a person must first receive a permanent password. This can be done in several ways, for example, by contacting a bank branch. Most often, people use ATMs to obtain data.
Generation occurs automatically at the request of the cardholder. The data can be changed later. It is best to use complex combinations to increase the security level of your personal account.
Why do I need a one-time password?
A one-time password is needed for additional verification of the identity of the Sberbank client. Such an identification system is necessary:
- when authorizing in your personal account;
- when performing various operations with your cards, deposits, accounts through the Internet banking system.
There are the following types of one-time passwords:
- checks printed using ATMs or terminals (they contain 20 different passwords at once);
- passwords received in a message from Sberbank to the phone directly during a specific operation.
Some of the operations in the Sberbank Online system can be carried out only after it has been confirmed by an SMS password.
It is recommended to carry out any money transactions using one-time passwords. The user can turn off Sberbank Online, but this will not save him from using one-time passwords at all. So, working with various bank programs, their input will be necessary to confirm transactions.
Obtaining one-time passwords
There are several ways to get one-time passwords. We must not forget that to work in the Internet banking system, you will need a login and a permanent password.
Sberbank ATM
The client must be a holder of a debit (credit will not work) card of the Sberbank of the Russian Federation. It can be a salary or a payment card. If one is available, then you need to take it with you and go to the nearest terminal or ATM (the procedure for obtaining is identical).
- It is necessary to insert the card into the card capture reader.
- Enter the confirmation code at the request of the system.
- The main menu will appear, in which you should click on the "Sberbank Online and Mobile Bank" section. If the old software is installed in the ATM, then this item will not be there. In this case, you will need to click on the "Internet service" button.
- In the menu that opens, click on the button "Get a list of one-time passwords". The ATM will print out a list of passwords, there are 20 of them.
The passwords on the list are timeless. If the user prints out new passwords, the old ones become invalid - they will no longer be able to be used.
To make it easier for the client to use passwords, they all have their own number. When performing any transactions on the Internet, the Internet banking system will require the user to enter a one-time password with a specific number. They are requested in any order, so you need to pay attention to the system message asking you to enter a one-time password.
It is necessary to pay attention to the fact that payments and transfers, which are confirmed by a one-time password from the check, cannot exceed the amount of 3000 rubles.
After all 20 passwords from the check are over, you need to get new ones in the same way as the previous ones.
If a check with passwords was lost or its data became known to someone else, then you need to immediately print new ones or block the old ones. To do this, you need to call the contact center on one of the following phones –
- +7 (4 9 5 ) 5 0 0 - 5 5 5 0 ;
- +7 (8 0 0 ) 5 5 5 - 5 5 5 0 .
Via sms
This method of obtaining one-time passwords is available only to those customers who have connected the Mobile Banking service to their card in advance. This can be done by contacting any branch of Sberbank or using a terminal (ATM). Another option for connecting the Mobile Bank is to call the contact center. To do this, you will need to provide control information, which is better prepared in advance.
When completing an operation through Sberbank Online, the user receives messages with one-time passwords on his cell phone (one password - one message). You must enter through the card to which the Mobile Bank is connected. Otherwise, you will need to use the list of one-time passwords from the check.
Looking at the sent message, you need to make sure that the transaction details are correct. To do this, you need to compare the data entered in the Sberbank Online system with information from SMS.
Each one-time password is used only once, it will not be possible to reapply it. If the user has made a request for a new one-time password, the old one is canceled. It will no longer be possible to apply it.
Messages with one-time passwords always come from the short number of Sberbank 900. The following transaction details are indicated in SMS:
- card or account number with which the transaction is performed;
- the amount of the transaction;
- password to confirm the operation.
There may be other data, depending on the type of operation being performed.
Procedure for entering one-time passwords
Based on the settings of the system of your personal account, the use of one or more types of confirmation of operations with one-time passwords may be allowed. If both methods can be used, then the system will give the contractor a choice before confirming.
If the user selects confirmation from the check, the check and password number will appear next to the filling field.
If the confirmation comes to the phone in the form of SMS, then the received password should be rewritten already in the line “Enter SMS-password”.
After the password is entered, the system will offer to check all the details again. If they are all filled in correctly, then you need to click on the "Confirm" button.
Which method of obtaining is more convenient to use?
If a person knows how to use one-time passwords in the Online Sberbank system, he has another question - which of the available methods is the most convenient and reliable?
For authorization in the system using the data of the card connected to the Mobile Bank, the one-time password received in the message will be needed to enter in any case. But operations can be confirmed in any way convenient for the user. SMS passwords do not always arrive on time. Sometimes their distribution is delayed. And any of them lasts only 5 minutes. If the system or mobile communication fails, then it is better to use passwords from the check for confirmation.
One time password
Used to confirm an online transaction such as a remote banking system. In the banking industry, the most common way to provide a one-time password is an SMS message sent to a customer conducting a transaction in an Internet banking system.
In addition, one-time passwords can be issued by the bank on a so-called scratch card - a plastic card on which passwords are hidden behind an erasable cover. In this case, the client, having received an instruction from the Internet banking system to enter a one-time password (with a specific serial number), erases the coverage next to the desired number on the card and enters the code into the system.
It is practiced, but over time, the method of issuing a list of one-time passwords at an ATM - on a check, loses its relevance. Like passwords on a scratch card, they have serial numbers and are entered at the direction of the Internet banking system.
Fighting fraud, banks are increasingly using one-time passwords not only for confirming financial transactions, but also for the initial login to the Internet banking system.
As a rule, credit institutions issue cards or printouts with one-time passwords for free, but this is not always the case. Thus, in Uralsib, a set of disposable keys for accessing the Internet banking system will cost the client 50 rubles, in Master Bank, a variable code card (containing 132 numbers) costs 200 rubles for the client.
Some Internet banking systems, such as Bank of Moscow, SMP Bank, offer a token - an electronic one-time code generator. And the Master Bank implements an application for portable devices that also allows you to generate one-time codes.
See what "One-time password" is in other dictionaries:
one-time password- dynamically changing password The OTP generator is a self-contained portable electronic device capable of generating and displaying digital codes on the built-in LCD display. For the VASCO Digipass family of devices, the mechanism ... ... Technical translator's guide
One time password- Scratch card of VTB24 bank with one-time passwords One-time password (English one time password, OTP) is a password, valid ... Wikipedia
Disposable pad- Vernam cipher (another name: English One time pad scheme of disposable pads) in cryptography is a symmetric encryption system invented in 1917 by AT T employees Major Joseph Moburn and Gilbert Vernam. Vernam's cipher is ... ... Wikipedia
One-time password- Plastic card with one-time passwords A one-time password is a password that is valid for only one authentication process for a limited period of time. The advantage of a one-time password over a static password ... ... Wikipedia
SecurID- RSA SecurID RSA SecurID logo ... Wikipedia
Authentication- (English Authentication) authentication procedure ... Wikipedia
Authentication- Authentication - verification of the identity of the access subject of the identifier presented by him; authentication ... Wikipedia
Time-based One-time Password Algorithm- TOTP (Time based One Time Password Algorithm, RFC 6238.) OATH algorithm for generating one-time passwords for secure authentication, which is an improvement on HOTP (HMAC Based One Time Password Algorithm). Is a one-way algorithm ... ... Wikipedia
Challenge-response (anti-spam)- Challenge response is a strategy for authenticating a user by checking the correctness of his response to an unpredictable system request. Most often, such a check is aimed at distinguishing a robot program from a real person. ... ... Wikipedia
Vernam cipher- (another name: English One time pad scheme of disposable pads) in cryptography, a symmetric encryption system invented in 1917 by AT T employees Major Joseph Moborn and Gilbert Vernam. Vernam cipher ... ... Wikipedia
The user identifier (or login) and a permanent password are used every time you enter your personal account of the Sberbank Online system. This first step of protection is complemented by a one-time password sent in an SMS message.
The Sberbank Online System uses two types of one-time passwords. We have already mentioned the first, these are passwords sent to a mobile phone connected to the Sberbank Mobile Bank service. And the second type is a check with a list of 20 passwords received through the terminal device.
One-time passwords received in the form of SMS are considered more reliable than those printed on the check, therefore, some operations in Sberbank Online can be carried out only with the help of such passwords.
For the security of the performed payment operation, a one-time SMS-password is sent to the mobile phone during the operation, and the parameters of the operation for which this password is intended are indicated in the SMS-message.
One-time SMS-password is valid only for confirmation of a specific operation. When generating the next one-time password received through the Mobile Bank, the information about the previous password is deleted.
Which one-time passwords are better to use
If the card is connected to the Mobile Banking service, then when entering your personal account, you will definitely need to specify a one-time password sent in the form of SMS. Further, after logging into the system, you will have the opportunity to choose the method of confirming operations with a one-time password or a password from a check. Provided that confirmation of this operation can be performed with any of the described types of one-time passwords.
This is very convenient, since mobile communication can sometimes "refuse" or delay an SMS message, because the action of a one-time password is only 300 seconds. And then you can use the passwords from the check.
In this case, such a window will appear, where the serial number of the one-time password will be indicated. Cross out already "used" passwords or put "check marks". This is necessary so that you know how many passwords are left on the check and timely receive a new list at the ATM.
The article is for informational purposes only and does not contain all the details regarding the Sberbank Online system. You can find out more detailed information on the bank's website.
Also note the publication date. Perhaps, by this time, some of the information has changed or is outdated.
Date of publication: 18/10/2015
User login is used to log into Sberbank Online. How to create a login to enter your personal account.
Sberbank Online is a modern service for remote servicing of Sberbank clients via the Internet. Sberbank online system capabilities.
Transfer from card to card in Sberbank Online. The size of the commission for transferring money through Sberbank Online.
One time password(one time password, OTP) is a password that is valid for one session only. The one-time password can also be limited to a certain period of time. The advantage of a one-time password over a static password is that the password cannot be reused. Thus, an attacker who has intercepted data from a successful authentication session cannot use the copied password to gain access to the protected information system. The use of one-time passwords alone does not protect against attacks that actively tamper with the communication channel used for authentication (for example, man-in-the-middle attacks).
To create one-time passwords, a one-time password generator is used that is available only to this user. One-time passwords are usually represented as a set of numbers and are used to access remote service systems. These are the internal information systems of the organization.
In the banking industry, the most common way to provide a one-time password is an SMS message that the bank sends to a client conducting online banking.
In addition, one-time passwords can be issued by the bank on a so-called scratch card - a plastic card on which passwords are hidden behind an erasable cover. In this case, the client, having received an instruction from the Internet banking system to enter a one-time password (with a specific serial number), erases the coverage next to the desired number on the card and enters the code into the system.
It is practiced, but over time, the method of issuing a list of one-time passwords in - on a check loses its relevance. Like passwords on a scratch card, they have serial numbers and are entered at the direction of the Internet banking system.
Fighting fraud, banks are increasingly using one-time passwords not only for confirming financial transactions, but also for the initial login to the Internet banking system.
Some online banking systems offer an electronic one-time code generator.
OTP generation algorithms usually use random numbers. This is necessary because otherwise it would be easy to predict subsequent passwords based on knowledge of the previous ones. The specific OTP algorithms vary greatly in detail. The different approaches to creating one-time passwords are listed below.
- Using mathematical algorithms to create a new password based on previous ones (passwords actually form a chain, and must be used in a specific order).
- Based on time synchronization between server and client providing a password (passwords are valid for a short period of time).
- Using a mathematical algorithm where the new password is based on a request (for example, a random number chosen by the server or part of an incoming message) and / or a counter.
Obtaining a user ID and one-time password through an ATM or usingSMS.
One-time password via ATM.
You can also get a user ID and a permanent password using the Sberbank self-service device.Insert the card, enter the PIN code. Further in the list, select the item "Connect Sberbank Online and Mobile Bank" ", go to a new page. Here you will need to click on the "Print one-time passwords" tab and receive them in the form of a check.
If you have not yet connected to the system, then first select the item "Print ID and password" and get this data on the receipt. After that, re-insert the card, enter the pin code and repeat all the above steps.
One-time password via SMS.
For security purposes, when entering the system or performing risky operations, additional user authentication is performed using a one-time password.
Customers who use the mobile banking service can receive a one-time password. The bank sends a one-time password to the user's mobile device during the operation. The user receives an SMS message, which indicates the parameters of the operation for which the password is intended. It should be noted that the one-time password must be used within 5 minutes and only in order to confirm the completion of a certain action.
Attention! Before entering a one-time password, it is necessary to verify the details of the operation being carried out with the details specified in the SMS message. If you received messages on behalf of Sberbank with the details of an operation that you did not perform, do not enter a one-time password in the appropriate forms and do not tell anyone, even if they contact you on behalf of Sberbank employees.
Example of SMS in case of an operation to generate a payment template
54321 Is a one-time password that is used to confirm the formation of a template.
Example of SMS for a transfer operation
54321 - a one-time password confirming the transfer.
Example of an SMS for a payment operation
54321 - a one-time password confirming the payment.
Confirmation of transactions with a one-time password:
In order to confirm the operation, a message is sent to the phone connected to the mobile banking service with the operation parameters and a password for confirmation.
To complete the operation, you need to enter the password in the corresponding field and click the button CONFIRM.
We hope you managed to get one-time passwords from Sberbank.