You can install this library using pip install pyotp So, how are we going to fix our TOTP problem in KiteConnect APIs? We will use this open-source library pyotp, long live Open Source Contributors. Some other Broker APIs don't even require generating an accesstoken, their access is as simple as just providing the API KEY, USER ID, and USER PASSWORD.Īll in all, I think each and everyone in the industry should welcome this move after all, it is just more security to our accounts. It is also quite baffling that no other broker has made it mandatory. SEBI already recommended this in December 2018, but it is unclear why they waited until now to make it mandatory. Well, according to their forum, they have been questioned by the regulators several times on what steps they are taking to secure user funds, and accounts and TOTPs are the way forward. Why Zerodha is suddenly making it Mandatory? Whereas TOTPs are generated on apps like Google Authenticator, and they are linked to specific Google Accounts, so it's a tad bit difficult to get into those and get access to TOTPs. If someone clones your SIM CARD and gets access to the SMS OTP before you even enter it into the system, they can get into your account and do bad things. TOTPs are generally more secure than SMS OTPs because SMS OTPs are static numbers that are only valid to be used once and are usually valid for more extended time periods like 5-10 mins. TOTP codes are generally only valid for 30 seconds. The time-based passwords are available offline and provide user-friendly, increased account security when used as a second factor. TOTP (Time Based One Time Passwords) are unique numeric passwords that get generated with a standardized algorithm that uses the current time as an input. Quick Disclaimer: This article is only for educational purposes, and there is no intention to mislead readers to bypass the law via a quick hack. If you are a non-coder and know at least a little bit of Python, this article will help you change your code to factor in TOTP verification instead of a PIN. It is an inconvenience to non-coders who now have to go back to their developers and get their code changed to include TOTP verification or just move to another broker. Naturally, the KiteConnect Forum did not take this very well. But now, they have made it mandatory based on this SEBI Cyber Security Circular. While this was optional between a PIN and a 2FA before, I am pretty sure 99% of the users used the PIN option just because it's hassle-free, and you can hard code it. This change is applicable from 3rd October 2021. Zerodha recently announced a significant change in its login flow via APIs where they made it mandatory to login via 2FA to place any orders via the KiteConnect APIs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |