OTP received despite Incorrect Password
This Article explains why an OTP would be received over SMS/Email while logging into the ISA Portal or ISA App despite an incorrect or blank password provided.
The InstaSafe Secure Access (ISA) solution carries out both Credential Authentication and Two-Factor Authentication processes in parallel, as opposed to carrying them out serially. This is the sequence followed:
1. Correct Username is entered in the ISA Portal or ISA App, along with the Password (which could be incorrect or even blank)
2. OTP is generated and sent to the Mobile Number and Email Address registered with InstaSafe
3. Two-Factor Authentication is performed to validate the OTP provided
a) If OTP is correct, proceed to Step 4
b) If OTP is incorrect, the ISA Portal will throw the error message 'Invalid OTP has been provided' and ISA App will throw the message 'Invalid OTP'
4. Credential Authentication is then carried out to validate the Password provided
a) If Password is correct, allow user to Login
b) If Password is incorrect, the ISA Portal will throw the error message 'Invalid Credentials' and ISA App will throw the message 'Username/Password is Incorrect. Do you want to retry.'
So, even if a blank or incorrect password is provided, the OTP would still get generated and delivered. This is expected behavior. The ISA Portal and ISA App would allow a login/connection attempt only after both Credential Authentication and Two-Factor Authentication are successfully carried out.
This mechanism effectively helps mitigate the possibility of the ISA Account from being compromised by Password Guessing or other similar attacks.
In case of any further queries, please contact your organization's IT Team
If you are an Admin of the organization's ISA Account and need assistance, contact
InstaSafe Support
Related Articles
ISA Portal Login Error "Invalid OTP has been provided"
This Article highlights the steps to be taken in case users are unable to login to the ISA Portal and error message is "Invalid OTP has been provided" Issue On attempting to login to the InstaSafe Secure Access (ISA) Portal, an error message is ...ISA Portal Login Error "Invalid Credentials"
This Article highlights the steps to be taken in case users are unable to login to the ISA Portal and error message is "Invalid Credentials" Issue On attempting to login to the InstaSafe Secure Access (ISA) Portal, an error message is received: ...Android ISA App Connection Error "Invalid OTP"
This Article highlights the steps to be taken in case users are unable to connect the ISA App on Android devices and the error message is "Invalid OTP". Issue Post installation, on attempting to connect the ISA App on Android devices, an error ...Android ISA App Installation Error "Invalid OTP"
This Article highlights the steps to be taken in case users are unable to successfully configure the ISA App on Android devices post installation and the error message is "Invalid OTP". Issue Post installation, on attempting to configure the ISA App ...2FA Error "Invalid OTP has been provided"
This Article highlights the steps to be taken in case users are unable to login to the ISA Portal and error message is "Invalid OTP has been provided" Issue On attempting to login to the InstaSafe Secure Access (ISA) Portal, an error message is ...