OTP stands for “One time password”.
2FA, stand for "2 factors authentication".
To confirm a transaction or access a website, when a password change is requested, the transmission of confidential codes has proven its worth.
In the context of MFA (Multi-Factors Authentication) processes, the confidential code remains, generally associated with a digital or material or biometric fingerprint.
Text SMS is the most commonly used format. Even if you personalise the sender with your organisation's name, remember to indicate this in the body of the message as well, as some mobile phone operators are not able to implement this functionality.
It is preferable to specify the context of the transmission of the security code: "To validate your purchase/subscription of/to ... in the amount of ...". The date and time of sending may be useful in case of successive or frequent transactions.
Inform the user in an obvious and clear way about the principle involved and the importance of entering the number correctly.
Validate the format of the user's number, write a clear and concise message that accurately characterises the operation.
Specify a maximum lifetime for your message (e.g. 5 minutes).
Use a suitable sending strategy to speed up transmission.
Monitor the processing and acknowledgement. Arrange for possible staggered retries.
use cases
Validate a financial transaction
Address a confidential code to authenticate a person during a transaction.
Securing access to a website
Add a second authentication factor to access a secure area.