OTP/2FA by WhatsApp and SMS has its advantages and disadvantages, in general as a principle, the ideal is to offer different OTP/2FA alternatives to the users so that they choose which one is more convenient, and as a company, you only guarantee the same quality standard regardless of which authentication method the user decides to use.
Each of these channels has its own security standard and potential risks. Generally speaking, the security advantages provided by OTP/2FA are much more beneficial than the possible risks, and that is why second factor authentication is nowadays present in all types of transactions, account/password recovery, access to sensitive information, receipt of documents, etc.
It is very difficult for an application not to have some kind of 2FA security mechanism.The WhatsApp authentication mechanism is by nature more secure than SMS due to the end-to-end encryption it handles, but not everyone has WhatsApp, which makes offering an alternative like SMS equally important.
Sending OTP via SMS has its risks, such as how these messages can be intercepted by hackers and used before even the user realizes he received any message or is notified by the application. Normally this happens when the OTP is sent from the company to the user, which gives the hacker time to carry out the fraud.
WhatsAuth solves this by making the OTP travel in one direction only to the company's number, directly to be validated. That means, the origin is from the user to the company and is validated in fractions of a second, meaning that even if it is intercepted by hackers, they don't have enough time to do anything, as the code would already be validated.
Our authentication flow using WhatsApp and being one-way and fast, automatically makes it much more secure than traditional OTP flows. We were on a mission to create a new and improved OTP/2FA experience without compromising traditional security protocols, in the end, we achieved our goals while improving the security of the entire process (not to mention lowering costs!).
Try our new OTP flow today and schedule a meeting to tell you how you can opt in for a proof of concept with no implementation costs.