A one-time password (OTP) is transmitted to an authorized wireless device for use an authentication factor, even though the OTP may be intercepted or otherwise viewed with an unauthorized device. When a secure request is initiated that requires entry of an OTP as an authentication factor, a hyperlink is transmitted to a wireless device from which the secure request is initiated. When the hyperlink is selected, a connection is established with an entity that determines mobile number information associated with the SSL connection. Comparison of the determined mobile number information and the mobile number of the wireless device to which the hyperlink was intended to be sent indicates whether the wireless device that has established the SSL connection is the authorized wireless device. The OTP is displayed on the wireless device after that device has been verified as the authorized wireless device.