User authentication in web applications has become a major challenge in recent years. One-time passwords (OTPs), for example, are used to authenticate a user's identification; the most common means of delivering OTPs is by SMS to the user's registere...