UAE Plans to End OTPs by 2026

The Central Bank of the United Arab Emirates (CBUAE) has announced a major step to modernise digital security. By March 2026, traditional one-time passwords (OTPs) sent via SMS or email will be phased out. In their place, the country will adopt advanced solutions like biometric verification and passkeys. This move reflects the UAE’s commitment to protecting users from fraud while making digital banking and payments more seamless.

Technology and Infrastructure

OTPs have long been a common security layer, but they are increasingly vulnerable to phishing attacks, SIM swaps, and email hacks. By replacing them, the CBUAE is pushing for authentication that is both stronger and easier to use.

Biometric verification will allow customers to log in or authorise transactions using fingerprints, facial recognition, or other secure identifiers. Passkeys, meanwhile, are a new technology designed to eliminate passwords altogether. Stored safely on users’ devices, they work through cryptographic keys, making them far harder to steal or replicate. Together, these tools promise a smoother and far more reliable way to secure accounts.

Strategic Objectives

The decision to retire OTPs is part of a broader vision for the UAE’s digital economy. The Central Bank has three main goals:

• Protect customers from rising cyber threats by closing vulnerabilities in older systems
• Deliver simpler and faster digital banking experiences through biometric access and passkeys
• Align the UAE’s financial sector with global best practices in digital identity and security

This change is not just about technology; it is about building long-term trust in digital financial services.

 

Impact on Citizens and Businesses

For citizens, the move means less hassle and more peace of mind. Instead of waiting for an SMS code or worrying about phishing scams, customers will use their own unique identifiers like a fingerprint to confirm payments.

For businesses, especially banks and fintech's, the shift reduces fraud-related costs and improves customer confidence in digital services. Stronger authentication also makes it easier to roll out new digital products safely, from mobile banking apps to e-commerce platforms.

At a national level, the policy supports the UAE’s wider ambition to be a leader in secure, innovation-driven financial infrastructure.