India, Sept. 26 -- The Reserve Bank of India (RBI) on Thursday announced that new digital payment regulations, permitting various ways to meet Two-Factor Authentication (2FA) requirements beyond the standard SMS one-time password, will come into force from April 1, 2026.

Apart from SMS-based OTP, the factors of authentication can be from "something the user has", "something the user knows" or "something the user is" and may comprise, inter-alia, password, passphrase, PIN, card hardware, software token, fingerprint, or any other form of biometrics (device native or Aadhaar-based), the central bank said in its statement, cited in reports.

The updated framework promotes the use of biometrics, app-based tokens, and device-native authenticat...