Out-of-band authentication
(also OOBA)
Out-of-band authentication definition
Out-of-band authentication is a type of two-factor authentication in which a user is authenticated through a channel different from the primary channel for communication. It typically means using a different method or network than the one through which the user accesses the system.
Let’s say you’re logging into an online banking system from your computer (the primary channel). An out-of-band authentication would be if, as part of the login process, you receive a one-time passcode on your mobile phone (the secondary channel) via an SMS, which you then enter on the banking website.
OOBA provides an additional layer of security — even if a hacker compromised the primary channel, they still couldn’t access the secondary, out-of-band channel.
See also: two-factor authentication
Examples of out-of-band authentication
- SMS or voice call to a registered mobile device.
- Push notifications to a trusted device or app.
- Hardware tokens that generate one-time codes.
- Email to a registered email address.
It’s essential to ensure that the out-of-band method is truly independent of the primary channel and is secure in itself. Otherwise, it stops being an additional layer of security.