gg ez ease of use feature, which is hilarious because that’s exactly where smishing attacks come in. People are actually more willing to give out the OTP than their actual password, so it definitely less secure.

I think this started out as a decently good idea, like sign in with a device type of feature (think QR code from an authenticated device), but then along the way someone just went “screw it” and changed it to an OTP.

Even in 2025 password managers are rare, people still reuse the same 8 character password everywhere, and people fall for low effort scams. So someone thought “if they’re gonna be insecure anyway, lets just make it so they never have to use a password and sync it to their phone or email”.