SAASPASS two-factor authentication provides stronger security than basic out-of-band authentication.
SMS-based one-time passwords (OTPs) are the most common form of out-of-band authentication. Text messaging based authentication is relatively easy to compromise. The entire transport layer for SMS is insecure and the text messaging protocol does not support encrypted communications. Although SMS-based OTPs are insecure, use persists because of their ability to work on old legacy phones. Out-of-band authentication and SMS OTPs are easily susceptible to Man-in-the-Middle and Man-in-the-Mobile type of attacks.
There are seven major flaws with SMS OTPs:
Instituting SAASPASS two-step verification mitigates against many of these attacks. SAASPASS also works on legacy feature phones like Java ME and Blackberry devices. Replace outdated problematic out-of-band authentication with SAASPASS.
SMS OTP is only a stopgap solution. Adopt SAASPASS.