What is On-Demand Password?
On-Demand Password is a tokenless approach to providing two-factor authentication (2FA) without the requirement for users to carry a physical one-time password (OTP) generator - a hardware token device or a software token app. When a user is attempting to access an application secured by two-factor authentication, the 2FA server will generate a random password and send it to the user via a specified communication channel such as SMS text message, email or voice call. The majority of on-demand passwords are being delivered by SMS message, because SMS is regarded to be faster and more secure than email, cheaper and less interruptive than voice call. That is why on-demand password is better known as SMS passcode or SMS OTP
Pros and Cons of SMS OTP
SMS OTP is widely used in consumer applications, such as online banking and online shopping websites etc, because it is easy and convenient to end users. However, SMS is considered to be the least secure way to authenticate users for the following main reasons:
- SMS message can be sent to wrong number
- SMS message can be intercepted during transit
- SMS message can be stolen from the user's phone
Because of this, many companies are moving beyond SMS-based OTP to hardware OTP token or software OTP app.