SMS Authn

SMS authentication sends a one-time passcode (TOTP) to the user’s registered mobile phone via SMS for verification. It is a possession-based authenticator, as the user must possess the mobile device to access the code. To ensure security, we have implemented the following controls:

• One-time codes expire after a short duration, typically within 5 minutes.

• Rate-limiting mechanisms are in place to prevent abuse of the SMS system.

• Mobile phone numbers are verified to ensure that the code is sent to the correct device.