Authentication With OTP SMS Is No Longer Effective For Security, Why?

Illustration of SMS OTP (photo: Sinch)

JAKARTA - The digital era makes it easier for people to store and retrieve personal data from the internet. Therefore, one of the security methods that everyone must use is authentic.

The authentication consists of various methods, such as PIN codes, passwords, and OTPs. But apparently, as a verified digital identity service provider, VIDA said that the three authentication methods were no longer relevant.

"For example, in Malaysia, it has been banned SMS OTP. There should be no more OTP SMS. Why? Consumer protection issues," said VIDA CEO Niki Luhur.

Furthermore, Niki said that all frauds or online frauds that occur in Indonesia, one of the main problems is because there are still many applications and services that use OTP SMS, and basically OTP codes are very easy to share.

Launching from the official VIDA website, there are two ways hackers can attack OTP SMS. First, SIM Swapping, where attackers can hijack phone numbers via SIM exchange attacks, intercepts OTP intended for authentication.

Whereas the second way is through interception and phishing, where in this way SMS OTP can be intercepted or used in phishing attacks.

In addition, the effectiveness of OTP SMS relies heavily on the availability and reliability of cellular networks. Delays or failures in receiving OTP can lead to user frustration and transaction withdrawals.

Therefore, he emphasized that traditional authentication methods such as PIN, passwords, and SMS OTP are no longer adequate to deal with modern cyber threats.

Adopting technologies such as biometric authentication or pass key may improve security while providing a smooth user experience.