One time passwords are commonly viewed as an easy to use strong authentication method, a recent report by the Javelin Group and Nok Nok Labs suggests that heavily relying on OTP, especially on Android, carries a significant risk of fraud, as hackers figure out ways to compromise the secure messages this method of authentication relies on. With a high percentage (41%) of Android users using OTP with their financial accounts last year, it is important for users to understand the risks and that all strong authentication methods are not created equal.
The report recommends that users "Use the effective authentication capabilities of the mobile device. To protect mobile users and their accounts from vulnerabilities associated with the use of passwords, take advantage of hardware integrated into mobile devices to protect all channels. More secure solutions, such as those based on biometrics, can be delivered directly to consumers without the cost of providing additional hardware."