SMS and OTP-based MFA can still be attacked because the code is a reusable secret delivered through channels that are vulnerable to interception, compromise, and social engineering. If an attacker controls email, the phone line, or the user’s approval habits, the second factor can be defeated without breaking the underlying account directly.
Why SMS and OTP MFA Still Fails
SMS and OTP-based MFA raise the bar, but they do not turn a weak authentication path into a strong one. The code is still a short-lived secret, and short-lived does not mean safe. If the delivery channel is compromised, the attacker does not need to break the account directly. They only need access to the phone line, inbox, notification flow, or the user’s habit of approving prompts too quickly.
This is the same structural problem seen in broader identity abuse: secrets are only as strong as the channel that carries them, and real-world attackers target the surrounding workflow rather than the token itself. NHIMG research shows how quickly exposed secrets are exploited in practice, with attackers attempting access to public AWS credentials in an average of 17 minutes as described in Ultimate Guide to NHIs — Key Challenges and Risks. For identity teams, that timing matters because OTP abuse often happens before manual detection or user reporting can intervene. CISA cyber threat advisories consistently emphasise that identity compromise frequently starts with interception, phishing, or session abuse rather than password cracking. In practice, many security teams encounter MFA failure only after the attacker has already used the second factor to enter the environment.
How Attackers Bypass the Second Factor
The most common bypass paths are social engineering, device compromise, and channel takeover. A phishing site can relay an OTP in real time, a SIM-swap can redirect SMS delivery, and a malicious push workflow can train users to approve the wrong request. Even when the factor is technically correct, the trust decision is wrong.
For NHI and agentic environments, the issue is even broader because static secrets and approvals are poor fits for autonomous or goal-driven behaviour. A better model is to issue credentials only when needed, bind them to workload identity, and evaluate authorisation at request time. That is why current guidance increasingly points toward JIT credentials, ephemeral secrets, and policy checks that reflect intent instead of assuming a fixed role will remain safe. The 52 NHI Breaches Analysis and Top 10 NHI Issues both reinforce the same operational point: long-lived or reusable credentials create the conditions for abuse once an adversary gets a foothold. For implementation, teams should pair zero standing privilege with workload identity, short TTLs, and runtime authorisation using policy-as-code. MITRE ATLAS adversarial AI threat matrix is useful here because it frames how attackers chain trust, tools, and automation once initial access is obtained. These controls tend to break down when legacy systems require fixed phone-based recovery, shared admin inboxes, or manual exception handling because the attacker only needs one trusted path to reuse the second factor.
- Prefer phishing-resistant factors for privileged access instead of SMS or one-time codes.
- Reduce reliance on recovery channels that can be hijacked through phone, email, or help desk impersonation.
- Use JIT credentials and short-lived secrets so compromise windows stay narrow.
- Treat MFA as one signal in a broader access decision, not a guarantee of legitimacy.
Where the Practical Edge Cases Live
Tighter MFA controls often increase user friction and support overhead, so organisations have to balance resilience against operability. That tradeoff is real, especially in environments where field users, contractors, or legacy apps still depend on SMS delivery or OTP prompts.
Current guidance suggests that SMS and OTP can remain acceptable for low-risk access in some environments, but there is no universal standard for that yet, and best practice is evolving toward phishing-resistant authentication for sensitive workflows. The strongest improvement comes from limiting OTP to non-privileged use cases, replacing it for admins, and layering conditional access, device trust, and session controls on top. For autonomous systems, the same principle applies to machine access: do not let an agent hold a long-lived reusable secret just because it is convenient. Instead, tie access to workload identity and explicit runtime context, then revoke it automatically after task completion. The Anthropic — first AI-orchestrated cyber espionage campaign report shows how automated adversaries can chain actions faster than traditional review cycles. In the same way, Microsoft Midnight Blizzard breach illustrates that identity attacks often succeed by exploiting trust paths, not by defeating cryptography. Organisations that still rely on SMS for critical access usually discover the weakness after an account takeover, not during an MFA policy review.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Covers weak or reusable secrets, which includes OTP abuse and poor rotation. |
| CSA MAESTRO | AGENT-02 | Agentic systems need runtime authorization and constrained tool use, not static approval paths. |
| NIST AI RMF | AI RMF governance supports risk-based control choices for dynamic identity and automation. |
Replace reusable access paths with short-lived, revocable credentials and verify rotation discipline.
