Which term describes an OTP-like code delivered to a registered number or email, or generated by an authenticator app, as a means of two-step verification?

• A. One-time password (OTP)
• B. Soft authentication token
• C. Biometric authentication
• D. Security key

Answer: (B)

Two-step verification often uses a dynamic code as the second factor. A soft authentication token refers to a software-based token that generates those codes on a device (like an authenticator app) or is delivered through a trusted channel. This term highlights the mechanism being software-driven, which fits the description of codes produced by an authenticator app or received via SMS/email as part of a two-factor flow. The other terms describe either the code itself (one-time password) or different kinds of factors (biometrics, security key) rather than the software-based token mechanism. So the best fit for describing an OTP-like code delivered or generated in this way is a soft authentication token.