One-Time Password (OTP)

OTP stands for one-time-password, which is a temporary verification code usually transmitted via SMS or email. OTPs remain active within a short period. The user will have to request another OTP if they are unable to use it within the set time frame.

OTPs need to be sent to the User using a different medium that only that User has access to. Typically this means Email or SMS.

Something is as Secure as its weakest link. So by sending the OTP to a User’s Email Address makes it as Secure as the protection of his Email account, which may be a simple Username / Password combination.

SMS is typically more Secure, as an SMS is bound to a phone number, and a phone number is usually bound to a specific device by the SIM Card. It’s pretty hard to spoof a phone number.

In modern times of VoIP phone numbers are no longer always bound to SIM Cards, and thus no longer explicitly bound to a single device. Some service providers, therefore, only allow the registration of phone numbers that are bound to a SIM Card.