Comment by ctxc
1 day ago
That's must be annoying to say the least. In India drivers require an OTP to start a ride.
The OTP is the same for a user across rides, so I have mine memorised which is nifty. No fiddling with the phone during boarding.
On security: exploiting this would require the driver to stay in my vicinity the next time I book a ride, and also get the ride assigned to them. In a high population density area, it's rare - I've never had the same driver twice.
Uber in India gives me a different OTP for each ride. A different ride-hailing app I use occasionally uses a PIN tied to a user.
OTPs are a simple solution to fraudulent rides that it's surprising it's not implemented universally, given all the complaints in this thread.
An OTP that's reused?
Omni-time password
It solves the problem for 99.99% of the time. Drivers are not going to memorize your OTP; and it is unlikely that an OTP list will be leaked/used anytime soon.
Maybe, but there's OT in OTP. So if it's not changing then it's not OTP, just P.
2 replies →
An MTP
I mean it _technically_ isn't an OTP, but you know what I mean - just a code only the user knows that they need to share with the rider.
The threat model is sufficiently low to justify the much better UX of not having to look the code up everytime.
The acronym you are looking for is "PIN", a Personal Identification Number.