Out-of-band authentication refers to using a separate communication channel to verify a user's identity, in addition to their username and password. This second channel of communication is independent of the primary channel used for the login attempt. Using an additional verification step helps increase security by making unauthorized logins more difficult to achieve.

Some common types of out-of-band authentication include:

Verification Through Text or Voice Call
One popular method involves sending a one-time passcode to the user's registered phone number via text message or automated voice call. To complete login, the user must then enter this code along with their username and password. Hackers would need access to both the user's online account and their mobile device in order to bypass this extra authentication layer.

Verification through Authenticator Apps

Dedicated authenticator apps like Google Authenticator generate time-based, one-time passcodes that periodically change. Out-Of-Band Authentication Upon attempting to log in from a new device or location, the user must provide the code displayed in their authenticator app in addition to their regular credentials. Even if attackers obtain username and password credentials through a data breach, they cannot access these secondary codes without the user's authorized device.

Verification through Linked Devices

Some services allow users to approve login attempts from whitelisted devices like their home computer. From new or unfamiliar locations, an authentication prompt will trigger on a user's paired smartphone requesting approval before access is granted. This places control directly in the hands of legitimate users.

Get more insights on – Out-Of-Band Authentication