OTP-based flows fail because the secret can be relayed, replayed, or socially engineered in real time. For high-risk access, that means the control proves only that a code was seen, not that the right actor approved the right action in the right session.
Why This Matters for Security Teams
OTP-based step-up is often treated as a simple “extra check,” but sensitive access requires proof of both the actor and the action. A one-time code can confirm possession of a channel, yet it does not bind approval to a specific session, request, or workload context. That gap matters most when the access path is high value, fast moving, or adversary-in-the-middle friendly. NHI Management Group has documented how compromised identity material is rapidly operationalised in the wild, including the LLMjacking pattern and the broader lessons in the Ultimate Guide to NHIs.
The core failure is not that OTPs are useless. It is that they are weak as an authorisation signal for sensitive actions because they can be relayed, replayed, phished, or satisfied outside the intended transaction. OWASP’s Non-Human Identity Top 10 underscores the wider problem: once secrets or approval tokens are decoupled from workload identity and runtime context, control quality drops sharply. In practice, many security teams encounter OTP bypass only after an attacker has already used a valid code in a live session.
How It Works in Practice
For sensitive access, the better question is not “was a code entered?” but “was the right decision made for this exact request, by the right identity, at the right time?” That is why current guidance increasingly favours context-aware authorisation, phishing-resistant authentication, and short-lived credentials over reusable step-up prompts. The model is especially important for agentic workloads, where an AI agent can chain tools, escalate privileges, and act faster than a human can intervene.
In practice, strong designs use:
- Workload identity as the primary primitive, using cryptographic proof of what the actor is, not just a secret it knows.
- Just-in-time, ephemeral credentials that are issued per task and revoked on completion.
- Policy evaluation at request time so approval depends on session risk, resource sensitivity, and action type.
- Transaction binding where the authorisation challenge is tied to a specific operation, not a generic login event.
This is where agentic security guidance becomes relevant. The DeepSeek breach illustrates how exposed credentials and embedded secrets can quickly become operational risk, while Ultimate Guide to NHIs — Key Challenges and Risks frames why static secrets and broad standing access are poor fits for dynamic systems. Standards work in this area is still evolving, but the direction is clear in the OWASP Non-Human Identity Top 10 and related zero trust guidance.
These controls tend to break down when legacy apps only accept OTP as a universal step-up mechanism because the application cannot bind the approval to session context or action-level policy.
Common Variations and Edge Cases
Tighter step-up controls often increase user friction and support overhead, so organisations must balance phishing resistance against operational speed. That tradeoff is real, especially for privileged admins and incident responders who need fast access without weakening assurance.
There is no universal standard for this yet, but current guidance suggests treating OTP as a fallback for low-risk verification, not the primary control for sensitive access. For high-risk actions, prefer phishing-resistant methods, transaction-specific approvals, or policy-based checks that factor in device posture, source network, time, and requested scope. This matters even more for AI agents and other autonomous workflows, where the actor may not be human and the “approval moment” may be machine-to-machine rather than interactive.
Edge cases include recovery flows, break-glass access, and third-party support sessions. In those cases, organisations should add compensating controls such as session recording, time-boxed elevation, and post-event review rather than relying on OTP alone. The broader lesson from NHI Management Group research is that short-lived trust beats reusable proof when the asset being protected can be reached programmatically at speed.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | OTP step-up fails when static secrets are reused or relayed. |
| CSA MAESTRO | MAESTRO-4 | Agentic flows need runtime policy and context-aware approvals. |
| NIST AI RMF | Risk-based governance is needed for sensitive access decisions. |
Replace reusable step-up codes with short-lived, transaction-bound approvals.
