Gurgaon, Feb. 12 -- The Reserve Bank of India (RBI) has given guidelines to regulated firms, including banks, pushing them to investigate alternate second-factor authentication methods and shift away from SMS-based one-time passwords. While alternative techniques exist, they all need a mobile phone for authentication.

SMS-based OTPs are vulnerable to scams Banking industry experts have expressed concern about the vulnerability of SMS-based one-time passwords (OTPs) to "social engineering" frauds, including strategies such as luring clients into exposing their passwords or performing SIM swaps.

In response, authenticator apps that require users to obtain passwords from other smartphone applications have emerged as a popular alternative ...