Stop using SMS OTP: Security is your responsibility

Nitish ChandanCyber Security, Law

We have written multiple articles about 2FA (Two factor authentication). I am happy to share that a lot of people have opted for 2FA on their accounts after reading our posts and talking to us. Either via our WhatsApp helpline, Facebook Page or on Direct Messages to our team members. If you haven’t read about 2FA and Google Authenticator yet, read this first. The line of difference now is between SMS OTP and app based OTP.

What is OTP/ SMS OTP/ App based OTP?

OTP is a technology that makes use of mathematical algorithms to generate a secure code that is usable only once and is valid for a fixed time duration. Banks, Social Media services, Email providers etc. use this technology to verify your login. Calling it Two Factor means that in addition to your password, this OTP acts like the second layer that verifies it is actually you. SMS OTP is when this OTP arrives via text message on your device and is app based when an application on your smartphone generates it.

Every alternate day, there is a pathetic case in the nation where a fake SIM card is involved/used as a tool to commit a crime. The reason is improper KYC (Know your customer) procedure and misuse of SMS OTP. I am sure most of you have got your prepaid SIM card by just giving the retailer a copy of your ID proof and a few photographs. Most of you haven’t even seen the form that is to be filled and very few have actually even signed it. Yes, that is right. It is a cakewalk today to get anyone’s duplicate SIM card issued and misuse it to any effect. Let us assume you fall victim to some fraud. All you are left with is curses, abuses and blames at your telecom, bank, Social Media service etc. Yes, security is their duty as well.

But since it is your personal data, money and information that we are talking about, is it going to harm you too much to be a little proactive and take the liability upon yourself to stay safe?

It might sound astonishing to get hacked and defrauded but it is a nightmare for those who really undergo this. Just a few days ago, I was reading a great article about levels of personal security. It wonderfully explained how with a few simple implementations in your digital life, you can curb the chances of getting hacked up to 80%. Two factor authentication is one of the parameters. If you have Two Factor Authentication enabled for your bank account transactions and your OTPs arrive via SMS (SMS OTP), it’s time to upgrade. Almost all major banks today have their own apps now to generate the OTP with/without an internet connection. Major Social Media services too offer you this feature and it takes a few seconds to get this on. Today, most of your digital life involves online banking and social media.

App based OTP thus puts SMS OTP out of the picture and makes it only device dependent. This makes it difficult for a hacker to gain access to your account through SIM duplication/reading SMS etc. Hence, strengthening your personal security. Here are links to a few applications. In case of any doubt or clarification, We’d love to hear from you!


SBI Bank

Google Authenticator – For all other accounts including Facebook, Gmail, Outlook etc.

Note: This post is a part of a series that we are going to launch about personal cyber security. We will be publishing individual articles about things you can do to strengthen your personal security ecosystem.