As industrial automation advances, integrating Operational Technology (OT) and Information Technology (IT) requires stronger authentication systems. Endpoint OTAC protects critical OT devices and systems, including Programmable Logic Controllers (PLC), Human-Machine Interfaces (HMI), Remote Terminal Units (RTU), Distributed Control Systems (DCS), and Supervisory Control and Data Acquisition (SCADA) systems, from unauthorised access. Current systems often rely on password-based authentication due to limited computing power, resulting in significant vulnerabilities.

 

 

Endpoint for ICS & OT Security 

 

swIDch's Endpoint OTAC enhances security in Industrial Control Systems (ICS) and Operational Technology (OT) environments by eliminating static passwords and replacing them with a one-way dynamic authentication (OTAC) system. The solution secures multiple OT endpoint devices and systems, including PLC, HMI, RTU, DCS, and SCADA. This prevents risks related to password sharing and theft, ensuring secure access to critical infrastructure.

Using the world’s first OTAC technology, our solution delivers passwordless multifactor authentication (MFA) with minimal resource requirements. OTAC operates without storing or transmitting static credentials, significantly reducing the attack surface. It also supports compliance with OT cybersecurity frameworks, helping organisations meet regulatory standards.

OTAC can be deployed in various modes to fit different security needs, providing seamless authentication without requiring passwords. This streamlined login process offers a single-step MFA experience, enhancing both security and usability.

 

 

Advantages of Endpoint OTAC 

  • No more passwords – Eliminates the risk of stolen or weak passwords.
  • Cost-effective – Cuts security costs with streamlined authentication.
  • Flexible & scalable – Fits any industrial environment.
  • No network required – Generates OTAC locally, no network needed.
  • Lower CPU usage – Speeds up authentication with minimal processing.
  • Unique dynamic codes – Blocks replay attacks with every login.
  • Multi-device support – Enhances endpoint protection across PLC, HMI, RTU, DCS, and SCADA.

How Endpoint OTAC Works 

swIDch’s OTAC Endpoint allows manufacturers and operators to significantly increase security with minimal disruption and minimal computing requirements. By removing password-associated vulnerabilities, we have streamlined the process for multiple OT endpoint devices and systems.

 

 

Current OT endpoint certification: Password-based

PLC OTAC_image
  1. Password sharing between engineers
  2. Access is granted to users who are indistinguishable (un-identified)
  3. If a password is stolen (from any user) it can be later used to gain access without any further challenge

Optimal OT endpoint authentication method: OTAC-based authentication

PLC OTAC_image_02
  1. No password sharing – users enter dynamic codes (OTAC) which are generated differently each time
  2. Access is only granted to authorised users – who are also fully identifiable
  3. If the OTAC is stolen and later used it will be denied access by the OTAC verification module
  4. All of this is possible without any need to modify the existing password interface (8-digit example above)
  5. Can be applied across various OT devices and systems, including PLC, HMI, RTU, DCS, and SCADA

 

Endpoint OTAC Demo 

See Endpoint OTAC in action—how it eliminates static passwords and prevents unauthorized access across multiple OT endpoint devices and systems. Instead of relying on fixed credentials, the system generates a dynamic one-time authentication code sent to registered users' mobile devices. This ensures only authorized personnel can access critical OT systems, even if a valid password is compromised.

  • No static passwords – Eliminates risks from stolen or leaked credentials
  • Dynamic authentication – Each login requires a unique one-time code
  • Seamless experience – Fast and secure authentication.

 

 

 

Endpoint OTAC Deployment 

In operational technology (OT) environments, adaptability is crucial. Our OTAC Endpoint solution offers flexible, configurable options for seamless integration, whether deployed on a standalone OT endpoint device and system (PLC, HMI, RTU, DCS, SCADA), a central server, or a hybrid setup. Explore more about specific applications and deployment scenarios of Endpoint OTAC.

Learn more on deployment

Why Choose Endpoint OTAC

 

PLC poc image 2 cropped Weak and predictable passwords
  • Weak authentication in other OT endpoint devices and systems, such as shared passwords and default passwords not being changed, lead to attacks.
  • Other OT systems struggle to keep up with compliance regulations as they are constantly changing. Endpoint OTAC is always compliant with NIS2, CRA, and IEC 62443 regulations.
  • Limited security is offered from other PLC systems, with engineers prioritising functionality over security, leading to vulnerabilities.

Discover Endpoint OTAC on PLCnext

Endpoint OTAC Compliance 

swIDch’s Endpoint OTAC solution ensures organisations meet regulatory standards like NIS2, CRA, and IEC 62443 through enhanced authentication mechanisms tailored for OT environments.

 

regulation

swIDch’s Endpoint OTAC ensures organisations meet regulatory standards like NIS2, NERC CIP, IEC 62443, and CRA through enhanced authentication mechanisms tailored for OT environments.

  • NIS2 Compliance: Provides secure, passwordless access to OT systems, addressing vulnerabilities associated with static credentials and supporting the minimum security measures outlined by NIS2.
  • NERC CIP: Enhances OT authentication security by enforcing user rights-based access control and multi-factor authentication.
  • IEC 62443 Compliance: Aligns with Identification and Authentication Control (FR1) by ensuring that only authorised users access various OT endpoints through non-reusable, dynamic codes.
  • CRA Compliance: Replaces traditional password-based systems with dynamic authentication codes, reducing risks from unauthorised access and simplifying the authentication process.

learn more on our compliance

Endpoint OTAC Solution Suite

The Endpoint OTAC shares the same OTAC technology and provides the same dynamic authentication benefits across all OT endpoint devices and systems. Our Endpoint OTAC is delivered as a suite of solutions tailored for each OT device and system type:

 

PLC OTAC

PLC1

Protects PLCs by replacing static passwords with dynamic, one-time authentication codes, ensuring secure control of automated processes.

HMI OTAC

HMI1

Secures HMI access, providing operators with passwordless, multifactor authentication to safely interact with OT systems.

RTU OTAC

RTU1

Enables secure authentication for RTUs in remote locations, preventing unauthorised access to distributed field devices.

DCS OTAC

DCS1

Enhances DCS security by enforcing dynamic authentication across multiple controllers, safeguarding complex industrial processes.

SCADA OTAC

SCADA1

Protects SCADA systems from credential-based attacks, ensuring secure supervisory and monitoring control over critical infrastructure.

 

International CC Certification for OTAC
Our OTAC technology has obtained the global CC standard for its strong security, stability and reliability. 

Contact us today

PLC OTAC FAQs

  • Endpoint OTAC stands for One-Time Authentication Code for OT endpoint devices and systems.

  • Yes. swIDch’s Endpoint OTAC solution is fully scalable, making it ideal for organisations of any size, from small facilities to large industrial enterprises.

  • While we cannot disclose live customer deployments, you can explore an unveiled proof of concept (PoC) with LS ELECTRIC to see how Endpoint OTAC is seamlessly integrated across OT endpoint devices and systems.

  • Many PLCs still rely on password-based authentication, making them vulnerable to:
    • Manufacturer default passwords still in use
    • Shared passwords weakening security
    • Brute force, phishing, and credential attacks
  • New cybersecurity regulations require stronger authentication measures, but many legacy OT systems:
    • Were not designed for modern security threats
    • Rely on static passwords, which fail to meet compliance standards
    • Require costly upgrades to integrate advanced security solutions
  • Upgrading OT/PLC systems is challenging because:
    • Continuous operations limit downtime for security improvements
    • Legacy systems were not built to handle today’s cyber threats
    • Upgrades require specialized resources and expertise
  • Many OT devices and systems — including Programmable Logic Controllers (PLC), Human-Machine Interfaces (HMI), Remote Terminal Units (RTU), Distributed Control Systems (DCS), and Supervisory Control and Data Acquisition (SCADA) systems — remain vulnerable to:
    • Weak or default passwords
    • Lack of modern authentication protections
    • Cyberattacks exploiting outdated protocols

    Endpoint OTAC addresses these risks across all OT endpoints, providing dynamic, one-time authentication codes and multifactor authentication to secure access without disrupting operations.

Why swIDch

OTAC, developed by swIDch, is the original technology
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
Why swIDch
DYNAMIC CODE that is
sufficient to IDENTIFY user
Single-step IDENTIFICATION
and AUTHENTICATION
Uni-directional authentication in
off-the-network environment

Single-step identification and authentication with the code alone. Include our biometric option and get single-step MFA. Vastly improved UX by removing steps.

OTAC is a dynamic code, which means the code is constantly changing. Eliminates all use of static information. Forget usernames and passwords forever. Vastly reduced workload for IT helpdesks. 

No network connection required for generating OTAC, enabling uninterrupted use no matter where you are. No more waiting for additional tokens/OTPs and no need for heavy public key infrastructure (PKI). 

 

Highly configurable code parameters and lightweight SDK/applet means wide range of deployment options on many devices across multiple sectors.  

Learn More

'One-time-authentication-code' technical report by University of Surrey Get In touch

Related Topics

Moving Beyond Passwords
OT security is evolving beyond passwords with dynamic, one-time authentication codes. This approach mitigates risks like credential reuse, shared access, and hardcoded passwords, strengthening critical infrastructure against cyber threats and ensuring a more secure, seamless authentication process.
Read More
The Authentication Dilemma
In today's digital age, the importance of robust cybersecurity cannot be overstated. Yet, many organizations remain hesitant to implement necessary patches and continue to exhibit poor password hygiene. This reluctance to address fundamental security flaws leaves critical systems exposed to potential attacks.
Read More
Synergizing Standards: How NIS2, CRA, and IEC 62443 Forge a Unified Front in OT Cyber Security
In the rapidly evolving landscape of Operational Technology (OT), maintaining robust cybersecurity measures is crucial. Several key frameworks and directives have emerged to address the unique challenges faced by this sector. Let’s delve into three significant standards—NIS2, CRA, and IEC 62443—that collectively enhance the cybersecurity posture of OT systems.
Read More