SMS-based one-time passwords is a form of two-factor authentication. OTPs make it difficult to gain unauthorized access to restricted resources, like bank accounts or a databases with sensitive information. Static usernames and passwords can be accessed easily by an unauthorized intruder. By constantly altering the password, as is done with a sms token, this risk can be reduced.

Delivering OTPs through text messaging is a mass market way of preventing phishing and pharming attacks.

There are five major flaws with SMS OTP:

• Does not prevent sophisticated attacks like man-in-the-middle, browser poisoning and DNS cache poisoning
• There is no PIN control to generate it
• The entire transport layer is unsecured
• Network latency affects
• Requires mobile coverage

SMS OTP is only a stopgap solution.