Axis Bank Introduces Mobile OTP – A Game Changer for Secure Banking!

[ajijul_93rahman]

🚀 Axis Bank is rolling out a new security feature – Mobile OTP! 🚀

If you use Axis Internet Banking, you know how important OTPs are for login and transactions. Until now, these OTPs were sent via SMS, but Axis Bank is now introducing Mobile OTP via the Axis Mobile App for a more secure and seamless experience.

What is Axis Mobile OTP?​

Axis Mobile OTP allows users to generate OTPs directly from the Axis Mobile Banking App, eliminating the need to wait for SMS-based OTPs. This is useful when you have network issues or delays in receiving OTP messages.

How to Use Axis Mobile OTP?​

1️⃣ Download the latest version of the Axis Mobile App.
2️⃣ Complete registration within the app to enable Mobile OTP.
3️⃣ When logging in to Internet Banking, select the Mobile OTP option instead of waiting for an SMS.
4️⃣ Generate OTP in the app and enter it for secure authentication.

Benefits of Axis Mobile OTP​

✅ Faster OTP Generation – No waiting for SMS delays.
✅ More Secure – Reduces risk of OTP interception via SIM swap fraud.
✅ Seamless Transactions – Works even when mobile networks are weak.
✅ Robust Authentication – Directly linked to your Axis Bank account.

Coming Soon!​

As per the Axis Bank website, this feature is coming soon, so keep an eye out for updates. You may need to update your Axis Mobile app once the rollout begins.

What do you think?​

🔹 Will this feature improve security and convenience for Axis customers?
🔹 Have you received the update in your Axis Mobile App yet?
🔹 Should more banks implement this feature?

Drop your thoughts below! 👇🔥

View attachment 83025

 

[cardio_guycardio_guy is verified member.]

Yes, many banks like HSBC already offer similar security code generators in their apps. But in my thread, I was only discussing whether users should have a choice between SMS OTP and in-app OTP. I didn’t say that Axis is making this switch mandatory.

The main question is—should banks allow users to pick their preferred OTP method instead of limiting them to just one?

Ok got it. I think safer one is in-app OTP. (Unless the mobile is hacked, or people have given specific permission to read SMS, no one else can read the OTPs)
Even after reading OTP they should know where to use it. Just read access to OTP is not enough.
It's like credit card CVV. Just having the CVV is of no use unless without card number and other details.

For Axis, It's the same as these 2FA authenticator apps like Google authenticator, Microsoft auth etc. in those apps we connect the account to the app by scanning a qr code. Here this integration is inbuilt within the axis app. So no need of external app to authenticate.

In first case if you uninstall google auth app, you cannot even login. Here in axis you can just use the same app to get OTP and login.

Definitely banks will not go for just one method for login.
They will have 2-3 methods - whether it is password, SMS OTP, security code generator etc.
They may push one method more than others - to give it a visibility, make more people use it etc. But that doesn't mean they will take down other methods.

Will banks introduce Aadhaar OTP to login in the future and get rid of all other methods? 😀

 

[ajijul_93rahman]

The most secure thing I saw in life was from Reliance Securities which they gave with demat. It was a security key with size of a pen drive and a display screen that use to show 6 digits otp. Worked on a hand watch cell and till now its cell is not dead. But after few years they changed the process to sms otp.

The login behind that security key was at server which was not accessible to outside world used to generate 6 digit number every 60 seconds and key was based on same algo. So whenever we used that security key the number with us and at server matched and we were allowed login. Such things may cost Rs.500 but much more secure than all these systems. And if someone lost it they can ask bank for new one by paying charge.

That sounds like a very secure system! A small device that creates OTPs every 60 seconds is much safer than SMS OTPs, which can be stolen or misused.

It’s surprising that they stopped using it and switched to SMS OTP. Maybe banks don’t use these devices anymore because they cost money and can get lost.

 

[raghumahajan]

As an IT engineer working in FINTECH domain for 8 years, I can say authenticator apps or OTP apps are much safer than SMS OTP. Only drawback is their setup which is long procedure and in case you delete the app or loose your phone, app needs to be reconfigured by admin at bank.

Phone can be hacked but apps inside are much safer to remote sharing data, unless you have a physical phone and known credentials, you can not see OTP inside the OTP apps.

 

[ajijul_93rahman]

As an IT engineer working in FINTECH domain for 8 years, I can say authenticator apps or OTP apps are much safer than SMS OTP. Only drawback is their setup which is long procedure and in case you delete the app or loose your phone, app needs to be reconfigured by admin at bank.

Phone can be hacked but apps inside are much safer to remote sharing data, unless you have a physical phone and known credentials, you can not see OTP inside the OTP apps.

That makes sense! Since you work in fintech, your experience is very helpful. Authenticator apps are definitely safer than SMS OTPs, but the main problem is resetting them if the phone is lost or the app is deleted.

Banks should have an easy way to recover access without making it too difficult or risky. Maybe they can allow recovery through another trusted device or a secure method.

What do you think is the best way to fix this problem?

 

[raghumahajan]

That makes sense! Since you work in fintech, your experience is very helpful. Authenticator apps are definitely safer than SMS OTPs, but the main problem is resetting them if the phone is lost or the app is deleted.

Banks should have an easy way to recover access without making it too difficult or risky. Maybe they can allow recovery through another trusted device or a secure method.

What do you think is the best way to fix this problem?

There are multiple ways to do that is send config on demand if user is able to pass certain authentication methods like verifying other bank details apart from OTP.
In some cases I have seen verification call from bank, may be kind of KYC over videocall which is very quick service these days and then they provide configurations like config code or URL on sms.

 

[msankadi]

Exactly! Many apps can read SMS messages if given permission, which makes SMS OTPs risky. With app OTP, only the registered device can generate it, making it harder for fraudsters. However, Axis should still give users a choice between SMS and app OTP so that everyone can use what they feel comfortable with.

What do you all think? Should banks allow users to choose their preferred OTP method instead of forcing one?

Given the amount of frauds these days...it would be great if they give me an option to enable app otp AND sms otp

Some of you might find me paranoid but I am okay spending 2 minutes extra logging into a bank app where I put my money that I spend the full year earning (or life for some people)

 

[ravikumar]

Fe

🚀 Axis Bank is rolling out a new security feature – Mobile OTP! 🚀

If you use Axis Internet Banking, you know how important OTPs are for login and transactions. Until now, these OTPs were sent via SMS, but Axis Bank is now introducing Mobile OTP via the Axis Mobile App for a more secure and seamless experience.

What is Axis Mobile OTP?​

Axis Mobile OTP allows users to generate OTPs directly from the Axis Mobile Banking App, eliminating the need to wait for SMS-based OTPs. This is useful when you have network issues or delays in receiving OTP messages.

View attachment 83028

How to Use Axis Mobile OTP?​

1️⃣ Download the latest version of the Axis Mobile App.
2️⃣ Complete registration within the app to enable Mobile OTP.
3️⃣ When logging in to Internet Banking, select the Mobile OTP option instead of waiting for an SMS.
4️⃣ Generate OTP in the app and enter it for secure authentication.

View attachment 83027

Benefits of Axis Mobile OTP​

✅ Faster OTP Generation – No waiting for SMS delays.
✅ More Secure – Reduces risk of OTP interception via SIM swap fraud.
✅ Seamless Transactions – Works even when mobile networks are weak.
✅ Robust Authentication – Directly linked to your Axis Bank account.

Coming Soon!​

As per the Axis Bank website, this feature is coming soon, so keep an eye out for updates. You may need to update your Axis Mobile app once the rollout begins.

What do you think?​

🔹 Will this feature improve security and convenience for Axis customers?
🔹 Have you received the update in your Axis Mobile App yet?
🔹 Should more banks implement this feature?

Drop your thoughts below! 👇🔥

View attachment 83025

Feature looks interesting. Don't need to remember too many passwords.

 

[dvader]

These banks will bring everything except TOTP. Contractors (personal experience) tend to recommend against it as they can't gouch the Bank of more money for a simple and secure solution.

I think the only way TOTP will come to india is when Visa/MC/Amex start pushing it from their end. And for all their flaws they actually might starting rolling it out in a few years.

 

[imdjay]

Alhua innovation
Number change option is not there in app , NetBanking or atm
Who goes to branch for number change

I updated my registered mobile number through the app in 2023. Don't know if they have removed it.
Most of the banks do not provide the option to change the mobile number via app or net banking. usually, they ask to visit branch only.

 

[ajijul_93rahman]

There are multiple ways to do that is send config on demand if user is able to pass certain authentication methods like verifying other bank details apart from OTP.
In some cases I have seen verification call from bank, may be kind of KYC over videocall which is very quick service these days and then they provide configurations like config code or URL on sms.

That sounds like a good solution! If banks allow users to verify their identity using other details or a quick video call, it would make the recovery process much easier.

Sending a config code or URL via SMS after proper verification also seems like a smart way to reset the app without making it too complicated.

Hopefully, more banks will adopt such methods to balance security and user convenience. Have you seen any bank already using this approach?

 

[ajijul_93rahman]

Given the amount of frauds these days...it would be great if they give me an option to enable app otp AND sms otp

Some of you might find me paranoid but I am okay spending 2 minutes extra logging into a bank app where I put my money that I spend the full year earning (or life for some people)

That actually makes a lot of sense! Having both app OTP and SMS OTP as an option would add an extra layer of security. Even if one method fails or is compromised, the other can act as a backup.

And you're not paranoid at all—it's completely reasonable to take extra precautions when it comes to protecting your hard-earned money. Security should always come first!

Do you think banks will consider adding this as an option in the future?

 

[ajijul_93rahman]

Fe

Feature looks interesting. Don't need to remember too many passwords.

Yes, that's a big advantage! No need to remember multiple passwords, and it makes logging in much easier.

As long as the security is strong, this could be a very convenient feature. Do you think more banks will adopt this in the future?

 

[ajijul_93rahman]

These banks will bring everything except TOTP. Contractors (personal experience) tend to recommend against it as they can't gouch the Bank of more money for a simple and secure solution.

I think the only way TOTP will come to india is when Visa/MC/Amex start pushing it from their end. And for all their flaws they actually might starting rolling it out in a few years.

That’s an interesting point! TOTP is simple, secure, and widely used globally, but banks here seem to prefer costlier or more complex solutions. Let’s see if that happens in the coming years!

 

[raghumahajan]

That sounds like a good solution! If banks allow users to verify their identity using other details or a quick video call, it would make the recovery process much easier.

Sending a config code or URL via SMS after proper verification also seems like a smart way to reset the app without making it too complicated.

Hopefully, more banks will adopt such methods to balance security and user convenience. Have you seen any bank already using this approach?

Not banks, but coming to WFH few years back, many companies (especially IT bases) opting really unique and interesting ways to login.

I have seen logging in by scanning QR on website via mobile app.

Recently ICICI netbanking logging on desktop is also using similar approach.

 

[ajijul_93rahman]

Not banks, but coming to WFH few years back, many companies (especially IT bases) opting really unique and interesting ways to login.

I have seen logging in by scanning QR on website via mobile app.

Recently ICICI netbanking logging on desktop is also using similar approach.

That’s interesting! QR code login is a smart and secure way to verify users. It’s good to see ICICI using this method. Maybe more banks will start adopting similar features to make logins and recovery easier while keeping security strong.

 

[KrishnaSharma]

Yes, if the phone itself is hacked, then everything is at risk. But in that case, SMS OTP is also not safe because malware can read text messages. A secured app with PIN or fingerprint protection can be safer than SMS OTP, which can be intercepted.

If phone is lost,call immediately to bank and block all services. Instead of sms spoofing with out ones knowledge

 

[KrishnaSharma]

I think this is only for bank account users but not for credit card only user's

 

[dvader]

Pointers for paranoid people like me

1. Set a 8-10 digit sim lock pin. This will keep your sim safe in in case if theft, loss and even sim cloning/spoofing.

2. Be ready with your procedure to remote wipe your phone.

3. Instead of pattern or PIN. Set a password+fingerprint auth. It takes a few extra seconds during phone restart but worth it.

SMS OTPs are the least secure 2FA. The technical precedence is

SMS OTP < Custom TOTP (mobile app) < Authenticator TOTP (Physical TOTP devices are same tech) < FIDO2/Physical Security Key

I have a physical key for my Bitwarden Vault and TOTP after that (I have Bitwarden Paid Subscription)

Given that Custom TOTP is either equally or less secure than your standard TOTO it makes zero sense to not move to authenticator.

I have around 300-400 login passwords and none of them are repeated. All passwords are 64 charr+ passphrases except wherever there is hard limit.

 

[ajijul_93rahman]

Pointers for paranoid people like me

1. Set a 8-10 digit sim lock pin. This will keep your sim safe in in case if theft, loss and even sim cloning/spoofing.

2. Be ready with your procedure to remote wipe your phone.

3. Instead of pattern or PIN. Set a password+fingerprint auth. It takes a few extra seconds during phone restart but worth it.

SMS OTPs are the least secure 2FA. The technical precedence is

SMS OTP < Custom TOTP (mobile app) < Authenticator TOTP (Physical TOTP devices are same tech) < FIDO2/Physical Security Key

I have a physical key for my Bitwarden Vault and TOTP after that (I have Bitwarden Paid Subscription)

Given that Custom TOTP is either equally or less secure than your standard TOTO it makes zero sense to not move to authenticator.

I have around 300-400 login passwords and none of them are repeated. All passwords are 64 charr+ passphrases except wherever there is hard limit.

Great security practices! 👍 Your layered approach to security—SIM lock, remote wipe readiness, strong authentication, and password hygiene—is impressive. Using a physical security key for Bitwarden along with TOTP is a solid move. Given how vulnerable SMS OTPs are, switching to an authenticator is definitely the way to go. Curious—how do you manage backup access for your physical security key in case it's lost?

 

[RAMESH BABU N]

.... SBI has this feature for years and almost no one use that.

SBI Secure OTP - Apps on Google Play

OTP generation App for SBI Internet Banking and Yono Lite SBI app users.

play.google.com

SBI SECURE OTP is a different App. It generates OTPs as n when desired by either the INB (internet banking) or YoNo (mobile banking).

It is VERY USEFUL if you are traveling abroad - more so - to multiple countries. No need to have SMS packages to recieve OTP SMSs. However remote you travel.

We used SBI SECURE OTP App earlier on ALL OUR TRIPS ABROAD n continue to use it in future too.