Home » Feature Story » General » Will this new OTP system make internet safer?

Will this new OTP system make internet safer?

By Aaruni Kaushik | Updated on 14-Feb-2025
Will this new OTP system make internet safer?
Aaruni Kaushik Aaruni Kaushik
14-Feb-2025

India is a country obsessed with security. We check both ways while crossing a one-way street. We double-check our locks and bolt our windows. We even have locks on our fridges. As part of this, we are also a country obsessed with One-Time Passwords (OTPs). OTPs are an easy way of adding a second layer of protection to our daily digital tasks. Whether making a bank transaction or logging into a service, you cannot proceed without entering the secret code sent to you via SMS in addition to your regular password. But are these OTPs as secure as we think?

Digit.in Survey
✅ Thank you for completing the survey!

Multi-Factor Authentication

Multi-factor authentication (MFA) uses multiple factors to establish identity instead of relying on just one, as in classical authentication.

Add As A Trusted Source For Google.
icon Add as a preferred source on Google

Examples of factors include:

  • Something you know (e.g., a password).
  • Something you have (e.g., a phone).
  • Something you are (e.g., biometrics).
  • Somewhere you are (e.g., GPS coordinates).

For most daily activities, two-factor authentication (2FA) is sufficient. SMS OTPs are a type of 2FA.

Problems with SMS OTPs

SMS OTPs aim to validate “something you have” (your phone), but they have several drawbacks:

  • SMS delivery is not guaranteed and may arrive late or not at all.
  • SMS can be intercepted, compromising security.
  • Network disruptions may prevent OTPs from being sent.

Additionally, depending on SMS OTPs requires a functioning external network.

What About Biometrics?

Biometric authentication validates “something you are,” like a fingerprint or facial scan. While seemingly secure, it has limitations:

  • Biometric data can be stolen (e.g., fingerprints, facial images).
  • Server breaches can expose biometric data en masse.
  • Once compromised, biometric data cannot be replaced (you cannot change your face or fingerprints).

Thus, biometric authentication is not ideal for widespread 2FA.

Time-Based One-Time Passwords (TOTPs)

TOTPs validate “something you have,” such as a TOTP generator. Features include:

  • A 6-digit number refreshed every 30 seconds.
  • Offline generation of codes on any number of devices.
  • Guaranteed security as long as the pre-shared key remains secret.

How Do TOTPs Work?

TOTPs use the current time and a pre-shared secret (seed) to generate a one-time password. They do not require a network connection.

Workflow Example:

  1. Download a trusted 2FA app.
  2. Scan a QR code provided by your service to set up the seed.
  3. The app generates a code every 30 seconds.
  4. Enter the displayed code for authentication instead of waiting for an SMS.

The Bottom Line

TOTPs are a modern, secure, and reliable solution for 2FA, used by organizations like GitHub, Stripe, Yahoo, and UK Government Services. They are easy to implement, refresh, and secure against breaches.

The article advocates for TOTPs as the preferred method of 2FA for critical systems.

This article was written by Aaruni Kaushik.

Aaruni Kaushik

Aaruni Kaushik

Most Searched Mobile Phones
Upcoming Phones
Mobile Recharge Plans
Most Searched Laptops
Trending Movies
Movies & Web Series
Trending Web Series
OTT Providers
  • icon
  • icon
  • icon
  • icon
SUBSCRIBE Subscribe for the industry's biggest tech news
Enter your email to get notified about our new solutions
By submitting your email, you agree to our
Terms and Privacy Notice.
CONNECT WITH US
© 2026 Digit.in, All rights reserved
  • icon
  • icon
  • icon
  • icon
icon
© 2026 Digit.in, All rights reserved
Digit.in
Logo
Digit.in
Logo