Possession-factor authentication is stronger than a password – but OTPs can still be stolen.
Proof of possession is usually used as a second factor to back up proof of knowledge (such as passwords). This is because knowledge can be shared or stolen.
However, an OTP or other code is not really a possession – it is still an unencoded piece of information, which can be stolen. This is exactly how SIM swap fraud operates (see below).
SIM-based authentication from tru.ID is strikingly different. Because verification is real-time and invisible to users, there’s no PIN that can be shared or stolen – and checking for recent SIM changes means tru.ID can detect SIM swap fraud.