CompTIA Security+ (SY0-601) — Question 637

Which of the following best describes why the SMS OTP authentication method is more risky to implement than the TOTP method?

Answer options

• A. The SMS OTP method requires an end user to have an active mobile telephone service and SIM card.
• B. Generally, SMS OTP codes are valid for up to 15 minutes, while the TOTP time frame is 30 to 60 seconds.
• C. The SMS OTP is more likely to be intercepted and lead to unauthorized disclosure of the code than the TOTP method.
• D. The algorithm used to generate an SMS OTP code is weaker than the one used to generate a TOTP code.

Correct answer: C

Explanation

The correct answer is C because SMS OTPs can be intercepted through various vulnerabilities such as SIM swapping or network attacks, making them less secure than TOTP, which uses a time-based algorithm. Options A and B are incorrect as they do not address the security risks, while option D is misleading since both methods can be secure, but SMS OTPs are more susceptible to interception.