Most people have lots of passwords for different online accounts. At times, it can be difficult to memorize them all, as best practice says that they should all be somewhat different.
Sending a password on demand to a mobile phone is a step in the right way, but there may be other security dangers involved when sending information over SMS and to a potentially undefended device.
The phone may not have a passcode and could be tainted with malware that interprets the SMS. This could mean the email account and all the information inside it gets revealed.
Various benefits of one-time passwords
The major benefit of one-time password is to stop eavesdropping. Even if an invader gets the provisional password they will only be able to use it throughout the time your session is unlocked.
Always keep in mind that it is simple to snuffle the data on a network and that with easy tools, which an attacker can avoid SSL tunneling security. And, even if the attacker is not able to shatter the encryption tunnel, the end machines may not be safe and your password may be stolen before or after it goes into the tunnel.
One more asset that is based on the way you used one-time passwords you can defend your users from themselves. For instance, people who have very short passwords or who makes use of the same password every time. By making sure their password is not at all sent to your webapp, but in place of a powerful and random session key, you defend these users from bully force as well as dictionary attacks.
On the other hand, if you use Magento SMS extension, then also one-time passwords are essential for your business security.
However, in actual life, everyone uses various passwords every day, thus making our passwords safe is important for the security.