Welcome! The question in the title.
Want to do the authentication in two phases:
- Verification code sent via sms
- Checking the entered one-time password (OTP or HOTP)
As safe and convenient as you think? And, in fact, does Firebase Auth (with phone number) an sms message as such (I want to make certain, although at the docks it is written that sends)?