What's the difference between using SMS and Software Token as 2FA?

Two-factor authentication is about using something in addition to your username and password for authentication. That “something” falls into three main categories, something you know (e.g. your passport number), something you have (e.g. a mobile phone) or something you are (eg. your fingerprint). Each piece of information used is called a factor, and when combined with your username and password, we perform two-factor authentication (2FA).

Today, most 2FA solutions used on sites like Amazon, Facebook, Twitch and so on use your mobile phone as the second factor; they require you use a “one time password” obtained via your phone as part of the 2FA login flow. This one-time password, often called a token, is retyped by the user into the application they are attempting to access. Because this is out-of-band communication, it greatly increases the security of the authentication process. Not only does the person attempting to login need the right username and password, but they need to have the right token.

ThePiano.SG offers two methods, (i) SMS, and (ii) Software Token.

By default, SMS is used as 2FA when you first register a User Account with us. You can, however, change your preference. You must first setup your Software Token, and set your preference next.


SMS Software Token


  1. SMS codes are convenient. There is no need to download an Authenticator App.
  2. You're alerted if someone is trying to log into your account.


  1. Works internationally without roaming, and in an area without mobile coverage, or on days with SMS delays (e.g. New Year's Eve)
  2. Faster to access. There is no need to wait for the SMS to arrive.
  3. Code is generated on the app. Not susceptible to SIM Swapping Scam.


  1. You might not receive the SMS.
  2. Prone to SIM Swapping Scam.


  1. You need to download an Authenticator App, and scan the QR image of the secret key.