The security comes with the Trusted Device feature, where users can only login from a trusted device. This works like DUO, when there's a login attempt from a different device, the Trusted Device will get a prompt and the user can choose whether they want to approve the login.
We only use SMS otp during Sign Ups and not for login, even if someone gets your customer's phone number, they can't login into the account without a trusted device approving the login.
We only use SMS otp during Sign Ups and not for login, even if someone gets your customer's phone number, they can't login into the account without a trusted device approving the login.