Skip to content

One time password validation when logging in

Summary

As a NijPay user, I want to log into my account through the NijPay gateway, which is an Electronic Payment Orchestration Security Module, so that I can access the features that my account provides.

  • on the first login via the gateway, the system should validate the login with an OTP sent to the user.

  • Users of both types (Customers and Employees) will log in to the system using the same web login page by typing their username and password after connecting to the core banking system's database.

  • If the data of the user was found in the banking system database, and it was the user's first time logging in via flag on NijPay DB, then the user will log into the customized page for that type of user after typing the Password sent via SMS to their registered Mobile number in the banking system DB, then with the request to change password to a one of their choice.

  • password generated should be random and 7 digits of letters, special characters and numbers.

  • There should be a security level of encoding of the logged-in data that should be done while sending requests.

SMS Sample:
“Please Use this one-time password to make your first login into NijPay: <#######> ”

Acceptance Criteria

  • Logging in with a valid user for the first time and getting SMS.
  • attempting to log in with an invalid user.
  • Logging in with a valid user, NOT for the first time, and getting SMS.
  • login with a valid user of type customer.
  • login with an invalid user of type employee.
  • login with a valid user of type employee.
  • login with an invalid user of type customer.
  • User interface should be responsive on different resolutions (mobile/desktop)

Relevant documents, screenshots, references and/or links

sms-one-time-password.svg download

Edited by Issa Nijmeh
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information