Via smartphones, a one-time password can also be delivered directly through mobile apps, or within a service’s existing app. These systems do not share the same security vulnerabilities as SMS, and do not necessarily require a connection to a mobile network to use, as they are internet-based.
How OTPs work
In order for a user to successfully log into a system that utilizes OTPs, the following sequence of events would occur: OTPs are more likened to two-factor authentication, where it is not likely that both layers of the authentication would be hindered by somebody using only one type of attack.