OTP

OTP stands for One-Time Password. It is a short code — typically 4 to 8 digits — that is valid for one transaction or one login attempt, then expires. The most common forms are SMS OTPs (sent to a registered mobile number), email OTPs, and authenticator-app TOTPs (time-based codes regenerated every 30 seconds).

OTPs are the foundation of two-factor authentication in India and most of the world. UPI payments, banking transactions, government KYC, e-commerce checkout, and most account logins now require an OTP step. The security premise is that a thief who has stolen your password still cannot complete the transaction without your phone or app.

The weakness of SMS OTP is the SIM-swap attack, where the scammer transfers your phone number to their device and intercepts every code. Authenticator apps (Google Authenticator, Authy, Microsoft Authenticator) are stronger because the codes are generated on your specific device and cannot be intercepted in transit. For high-value accounts, prefer authenticator apps over SMS where possible.