Authenticator apps (like Ente Auth, Aegis, Google Authenticator) generate Time-Based One-Time Passwords (TOTP). They are vastly superior to SMS.

The app on your phone and the server (like Google or Microsoft) share a secret formula—the QR code you scan during setup. Both the app and the server use this secret and the exact current time to generate a 6-digit code independently.