SMS One-Time Password (OTP) Token and Two-Factor Authentication
SMS-based one-time passwords is a form of two-factor authentication. OTPs make it difficult to gain unauthorized access to restricted resources, like bank accounts or a databases with sensitive information. Static usernames and passwords can be accessed easily by an unauthorized intruder. By constantly altering the password, as is done with a sms token, this risk can be reduced.
Delivering OTPs through text messaging is a mass market way of preventing phishing and pharming attacks.
There are five major flaws with SMS OTP:
- Does not prevent sophisticated attacks like man-in-the-middle, browser poisoning and DNS cache poisoning
- There is no PIN control to generate it
- The entire transport layer is unsecured
- Network latency affects
- Requires mobile coverage
SMS OTP is only a stopgap solution.