One of the most convenient methods for mobile phone users to log into apps — and one many companies rely on to grant access — is the one-time password, or OTP, often shared by text.
Consumers are being urged to be mindful of the different types of one-time passwords, and the relative security risks versus benefits that each offers.
Authenticator apps can still be vulnerable to some types of attacks like "adversary in the middle" but they're still safer than SMS, Allan said.
Consider mobile app push for better protectionAn even more secure option for authentication works in tandem with mobile apps on a user's phone.
Opt for hardware security key when possibleAn even better option is to use a hardware security key like Yubico.
Persons:
Ant Allan, Allan, Tracy C, Kitten, it's, Cedric Thevenet, Thevenet, It's, FIDO, Dusty Anderson, OTPs
Organizations:
Gartner Research, Strategy, Research, Google, Microsoft, Capgemini, FIDO Alliance, SMS