Classic, static passwords are usually only changed or reset when they expire or when forgotten by the user, while codes
have a limited validity and can only be used for one login session or transaction. Codes are generated by an authenticator
, which means users no longer have to write down complex passwords or remember them.
Static passwords are cached on computer hard drives and stored on servers, which makes them susceptible to cracking. This is especially a concern for mobile devices such as laptops, tablets and smartphones, which are hot items among thieves.
Furthermore, codes provide protection against brute force attacks
and social engineering