# 12.2 OTP, SMS, and Authenticator Apps

When cryptographic intent is signed directly, time-based codes and shared secrets become unnecessary.

***

### Legacy OTP Model vs PTERI

| Category              | Traditional Model                      | Problems                                      | PTERI Replacement                                                                |
| --------------------- | -------------------------------------- | --------------------------------------------- | -------------------------------------------------------------------------------- |
| Authentication Method | Time-based codes (TOTP/SMS OTP)        | Code replay                                   | <mark style="color:$primary;">**Explicit cryptographic approval**</mark>         |
| Secret Model          | Shared seeds between server and device | Shared secrets can be extracted or duplicated | <mark style="color:$primary;">**No shared seeds**</mark>                         |
| Telecom Dependency    | SMS-based verification                 | SIM swap attacks                              | <mark style="color:$primary;">**No telecom dependency**</mark>                   |
| Session Authorization | Code proves temporary access           | Does not prove specific intent                | <mark style="color:$primary;">**Single-use cryptographic challenges**</mark>     |
| User Experience       | Manual code entry                      | UX friction, added failure modes              | <mark style="color:$primary;">**Local biometric gating**</mark>                  |
| Security Model        | One-time code validates login          | Codes can be phished and reused within window | <mark style="color:$primary;">**Intent is signed and bound to challenge**</mark> |

***

### Core Principle

> *"OTP becomes unnecessary when intent is signed."*

When approval is cryptographic, explicit, and single-use, time-based codes add no security value.

***


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.kakrlabs.com/12.-comparisons-and-obsolescence/12.2-otp-sms-and-authenticator-apps.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.