Multi-factor authentication, in OTB, may be used so that users must provide a unique code, in addition to their user ID and password.
Users must provide the unique code, generated by an application on the user’s mobile phone. This code has a short life span and must be entered within a few minutes of being generated.
Thus, the user be in possession of their phone gain access to OTB.
This type of authentication is currently being introduced by many banks, eg when users access information online, so most users will be familiar with the concept.