One of the most popular ways for people to log into their apps on their phones is by using a one-time password (OTP) that is sent via text message. However, cybersecurity experts are now saying that OTPs, just like regular passwords, are not the safest option, even though they are widely used.
Consumers are being advised to be cautious when using different types of OTPs and consider the security risks involved. According to Ant Allan from Gartner Research, no authentication method is completely foolproof. Some methods are stronger than others, but there is always a way to bypass authentication.
OTP via SMS is particularly vulnerable to online scams such as phishing attacks, SIM swapping, and message interception. Even if you have your phone with you, fraudsters can still find ways to access your OTP. Tracy C. Kitten from Javelin Strategy & Research warns that if someone takes over your mobile account or website, you may not realize it until it’s too late.
To enhance security, experts recommend using an authenticator app like Google Authenticator or Microsoft Authenticator. These apps generate unique codes that expire after a short period, reducing the risk of unauthorized access. However, these apps are not immune to attacks like phishing emails that trick users into providing their codes to hackers.
Another secure option is to use a hardware security key like Yubico, which offers better protection than SMS or authenticator apps. While this method requires an initial investment, it provides an extra layer of security against unauthorized access to your accounts.
For those looking to eliminate passwords altogether, multi-device passkeys offer a password-free authentication method. These passkeys use public key cryptography and are registered to specific websites and apps, making it harder for attackers to break into your accounts.
Despite the risks associated with OTPs via SMS, they are likely to remain in use due to their low cost and ease of use. Some companies are hesitant to switch to more secure authentication methods, fearing pushback from less tech-savvy customers.
In conclusion, while OTPs are convenient, they come with security risks that consumers should be aware of. By exploring alternative authentication methods like authenticator apps, hardware security keys, and multi-device passkeys, users can better protect their online accounts from unauthorized access.