diff --git a/e2e/tests/desktop/extra-features.spec.js b/e2e/tests/desktop/extra-features.spec.js
index b323e53b2f..b6f7b1e993 100644
--- a/e2e/tests/desktop/extra-features.spec.js
+++ b/e2e/tests/desktop/extra-features.spec.js
@@ -38,17 +38,49 @@ test('Verify passwordless login request', async ({page}) => {
         '**/mobify/slas/private/shopper/auth/v1/organizations/*/oauth2/passwordless/login'
     )
 
+    // Verify the passwordless login request
     expect(interceptedRequest).toBeTruthy()
     expect(interceptedRequest.method()).toBe('POST')
 
-    const postData = interceptedRequest.postData()
+    let postData = interceptedRequest.postData()
     expect(postData).toBeTruthy()
 
-    const params = new URLSearchParams(postData)
+    let params = new URLSearchParams(postData)
 
     expect(params.get('user_id')).toBe(config.PWA_E2E_USER_EMAIL)
     expect(params.get('mode')).toBe('email')
     expect(params.get('channel_id')).toBe(config.EXTRA_FEATURES_E2E_RETAIL_APP_HOME_SITE)
+
+    await page.route(
+        '**/mobify/slas/private/shopper/auth/v1/organizations/*/oauth2/passwordless/token',
+        (route) => {
+            interceptedRequest = route.request()
+            route.continue()
+        }
+    )
+
+    // Wait for OTP input fields to appear and fill the 8-digit code
+    const otpCode = '12345678' // Replace with actual OTP code
+    const otpInputs = page.locator('input[inputmode="numeric"][maxlength="1"]')
+    await otpInputs.first().waitFor()
+
+    // Fill each input field with one digit
+    for (let i = 0; i < 8; i++) {
+        await otpInputs.nth(i).fill(otpCode[i])
+    }
+
+    await page.waitForResponse(
+        '**/mobify/slas/private/shopper/auth/v1/organizations/*/oauth2/passwordless/token'
+    )
+
+    // Verify the passwordless login token request
+    expect(interceptedRequest).toBeTruthy()
+    expect(interceptedRequest.method()).toBe('POST')
+    postData = interceptedRequest.postData()
+    expect(postData).toBeTruthy()
+    params = new URLSearchParams(postData)
+    expect(params.get('pwdless_login_token')).toBe(otpCode)
+    expect(params.get('hint')).toBe('pwdless_login')
 })
 
 test('Verify password reset request', async ({page}) => {
diff --git a/e2e/tests/mobile/extra-features.spec.js b/e2e/tests/mobile/extra-features.spec.js
index 403ab81e7d..e521f9bd4d 100644
--- a/e2e/tests/mobile/extra-features.spec.js
+++ b/e2e/tests/mobile/extra-features.spec.js
@@ -40,17 +40,49 @@ test('Verify passwordless login request on mobile', async ({page}) => {
         '**/mobify/slas/private/shopper/auth/v1/organizations/*/oauth2/passwordless/login'
     )
 
+    // Verify the passwordless login request
     expect(interceptedRequest).toBeTruthy()
     expect(interceptedRequest.method()).toBe('POST')
 
-    const postData = interceptedRequest.postData()
+    let postData = interceptedRequest.postData()
     expect(postData).toBeTruthy()
 
-    const params = new URLSearchParams(postData)
+    let params = new URLSearchParams(postData)
 
     expect(params.get('user_id')).toBe(config.PWA_E2E_USER_EMAIL)
     expect(params.get('mode')).toBe('email')
     expect(params.get('channel_id')).toBe(config.EXTRA_FEATURES_E2E_RETAIL_APP_HOME_SITE)
+
+    await page.route(
+        '**/mobify/slas/private/shopper/auth/v1/organizations/*/oauth2/passwordless/token',
+        (route) => {
+            interceptedRequest = route.request()
+            route.continue()
+        }
+    )
+
+    // Wait for OTP input fields to appear and fill the 8-digit code
+    const otpCode = '12345678' // Replace with actual OTP code
+    const otpInputs = page.locator('input[inputmode="numeric"][maxlength="1"]')
+    await otpInputs.first().waitFor()
+
+    // Fill each input field with one digit
+    for (let i = 0; i < 8; i++) {
+        await otpInputs.nth(i).fill(otpCode[i])
+    }
+
+    await page.waitForResponse(
+        '**/mobify/slas/private/shopper/auth/v1/organizations/*/oauth2/passwordless/token'
+    )
+
+    // Verify the passwordless login token request
+    expect(interceptedRequest).toBeTruthy()
+    expect(interceptedRequest.method()).toBe('POST')
+    postData = interceptedRequest.postData()
+    expect(postData).toBeTruthy()
+    params = new URLSearchParams(postData)
+    expect(params.get('pwdless_login_token')).toBe(otpCode)
+    expect(params.get('hint')).toBe('pwdless_login')
 })
 
 test('Verify password reset request on mobile (extra features enabled)', async ({page}) => {
diff --git a/packages/pwa-kit-create-app/CHANGELOG.md b/packages/pwa-kit-create-app/CHANGELOG.md
index 69fa794d3d..7c9187eb72 100644
--- a/packages/pwa-kit-create-app/CHANGELOG.md
+++ b/packages/pwa-kit-create-app/CHANGELOG.md
@@ -2,6 +2,7 @@
 - Add new One-Click Checkout configuration [#3609](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3609)
 - Support email mode by default for passwordless login and password reset in a generated app. [#3525](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3525)
 - Util function for passwordless callback URI [#3630](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3630)
+- Add `tokenLength` to login configuration [#3554](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3554)
 
 ## v3.15.0 (Dec 17, 2025)
 - Add new Google Cloud API configuration and Bonus Product configuration [#3523](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3523)
diff --git a/packages/pwa-kit-create-app/assets/bootstrap/js/config/default.js.hbs b/packages/pwa-kit-create-app/assets/bootstrap/js/config/default.js.hbs
index 4fd8c42ff8..d76b6c4c88 100644
--- a/packages/pwa-kit-create-app/assets/bootstrap/js/config/default.js.hbs
+++ b/packages/pwa-kit-create-app/assets/bootstrap/js/config/default.js.hbs
@@ -6,7 +6,7 @@
  */
 /* eslint-disable @typescript-eslint/no-var-requires */
 const sites = require('./sites.js')
-const {parseSettings} = require('./utils.js')
+const {parseSettings, validateOtpTokenLength} = require('./utils.js')
 
 module.exports = {
     app: {
@@ -57,6 +57,9 @@ module.exports = {
             interpretPlusSignAsSpace: false
         },
         login: {
+            // The length of the token for OTP authentication. Used by passwordless login and reset password.
+            // If the env var `OTP_TOKEN_LENGTH` is set, it will override the config value. Valid values are 6 or 8. Defaults to: 8
+            tokenLength: validateOtpTokenLength(process.env.OTP_TOKEN_LENGTH),
             passwordless: {
                 // Enables or disables passwordless login for the site. Defaults to: false
                 {{#if answers.project.demo.enableDemoSettings}}
diff --git a/packages/pwa-kit-create-app/assets/bootstrap/js/config/utils.js b/packages/pwa-kit-create-app/assets/bootstrap/js/config/utils.js
index cc1b17e5c7..2aad9cfd7a 100644
--- a/packages/pwa-kit-create-app/assets/bootstrap/js/config/utils.js
+++ b/packages/pwa-kit-create-app/assets/bootstrap/js/config/utils.js
@@ -5,6 +5,42 @@
  * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
 
+/**
+ * Valid OTP token lengths supported by the authentication system.
+ * These values are enforced to ensure compatibility with the OTP verification flow.
+ */
+const VALID_OTP_TOKEN_LENGTHS = [6, 8]
+const DEFAULT_OTP_TOKEN_LENGTH = 8
+
+/**
+ * Validates and normalizes the OTP token length configuration.
+ * Throws an error if the token length is invalid.
+ *
+ * @param {string|number|undefined} tokenLength - The token length from config or env var
+ * @returns {number} Validated token length (6 or 8)
+ * @throws {Error} If tokenLength is invalid (not 6 or 8)
+ */
+function validateOtpTokenLength(tokenLength) {
+    // If undefined, return default
+    if (tokenLength === undefined) {
+        return DEFAULT_OTP_TOKEN_LENGTH
+    }
+
+    // Parse to number (handles string numbers like "6" or "8")
+    const parsedLength = Number(tokenLength)
+
+    // Check if it's one of the allowed values (includes() will return false for NaN or invalid numbers)
+    if (!VALID_OTP_TOKEN_LENGTHS.includes(parsedLength)) {
+        throw new Error(
+            `Invalid OTP token length: ${tokenLength}. Valid values are ${VALID_OTP_TOKEN_LENGTHS.join(
+                ' or '
+            )}. `
+        )
+    }
+
+    return parsedLength
+}
+
 /**
  * Safely parses settings from either a JSON string or object
  * @param {string|object} settings - The settings
@@ -30,5 +66,8 @@ function parseSettings(settings) {
 }
 
 module.exports = {
-    parseSettings
+    parseSettings,
+    validateOtpTokenLength,
+    DEFAULT_OTP_TOKEN_LENGTH,
+    VALID_OTP_TOKEN_LENGTHS
 }
diff --git a/packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/config/default.js.hbs b/packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/config/default.js.hbs
index 177377458e..e4c13b3d41 100644
--- a/packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/config/default.js.hbs
+++ b/packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/config/default.js.hbs
@@ -6,7 +6,7 @@
  */
 /* eslint-disable @typescript-eslint/no-var-requires */
 const sites = require('./sites.js')
-const {parseSettings} = require('./utils.js')
+const {parseSettings, validateOtpTokenLength} = require('./utils.js')
 
 module.exports = {
     app: {
@@ -57,6 +57,9 @@ module.exports = {
             interpretPlusSignAsSpace: false
         },
         login: {
+            // The length of the token for OTP authentication. Used by passwordless login and reset password.
+            // If the env var `OTP_TOKEN_LENGTH` is set, it will override the config value. Valid values are 6 or 8. Defaults to: 8
+            tokenLength: validateOtpTokenLength(process.env.OTP_TOKEN_LENGTH),
             passwordless: {
                 // Enables or disables passwordless login for the site. Defaults to: false
                 {{#if answers.project.demo.enableDemoSettings}}
diff --git a/packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/config/utils.js b/packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/config/utils.js
index cc1b17e5c7..2aad9cfd7a 100644
--- a/packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/config/utils.js
+++ b/packages/pwa-kit-create-app/assets/templates/@salesforce/retail-react-app/config/utils.js
@@ -5,6 +5,42 @@
  * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
 
+/**
+ * Valid OTP token lengths supported by the authentication system.
+ * These values are enforced to ensure compatibility with the OTP verification flow.
+ */
+const VALID_OTP_TOKEN_LENGTHS = [6, 8]
+const DEFAULT_OTP_TOKEN_LENGTH = 8
+
+/**
+ * Validates and normalizes the OTP token length configuration.
+ * Throws an error if the token length is invalid.
+ *
+ * @param {string|number|undefined} tokenLength - The token length from config or env var
+ * @returns {number} Validated token length (6 or 8)
+ * @throws {Error} If tokenLength is invalid (not 6 or 8)
+ */
+function validateOtpTokenLength(tokenLength) {
+    // If undefined, return default
+    if (tokenLength === undefined) {
+        return DEFAULT_OTP_TOKEN_LENGTH
+    }
+
+    // Parse to number (handles string numbers like "6" or "8")
+    const parsedLength = Number(tokenLength)
+
+    // Check if it's one of the allowed values (includes() will return false for NaN or invalid numbers)
+    if (!VALID_OTP_TOKEN_LENGTHS.includes(parsedLength)) {
+        throw new Error(
+            `Invalid OTP token length: ${tokenLength}. Valid values are ${VALID_OTP_TOKEN_LENGTHS.join(
+                ' or '
+            )}. `
+        )
+    }
+
+    return parsedLength
+}
+
 /**
  * Safely parses settings from either a JSON string or object
  * @param {string|object} settings - The settings
@@ -30,5 +66,8 @@ function parseSettings(settings) {
 }
 
 module.exports = {
-    parseSettings
+    parseSettings,
+    validateOtpTokenLength,
+    DEFAULT_OTP_TOKEN_LENGTH,
+    VALID_OTP_TOKEN_LENGTHS
 }
diff --git a/packages/template-retail-react-app/CHANGELOG.md b/packages/template-retail-react-app/CHANGELOG.md
index 171f860f9a..b446d6905d 100644
--- a/packages/template-retail-react-app/CHANGELOG.md
+++ b/packages/template-retail-react-app/CHANGELOG.md
@@ -11,6 +11,7 @@
 - Update "Continue Securely" button text to "Continue" for passwordless login [#3556](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3556)
 - Util function for passwordless callback URI [#3630](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3630)
 - [BREAKING] Remove unused absoluteUrl util from retail react app [#3633](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3633)
+- Allow shopper to manually input OTP during passwordless login [#3554](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3554)
 
 ## v8.3.0 (Dec 17, 2025)
 - [Bugfix] Fix Forgot Password link not working from Account Profile password update form [#3493](https://github.com/SalesforceCommerceCloud/pwa-kit/pull/3493)
diff --git a/packages/template-retail-react-app/app/components/otp-auth/index.jsx b/packages/template-retail-react-app/app/components/otp-auth/index.jsx
index e159fc53a2..ed38132b6f 100644
--- a/packages/template-retail-react-app/app/components/otp-auth/index.jsx
+++ b/packages/template-retail-react-app/app/components/otp-auth/index.jsx
@@ -27,6 +27,7 @@ import {useUsid, useCustomerType, useDNT} from '@salesforce/commerce-sdk-react'
 import {useCurrentCustomer} from '@salesforce/retail-react-app/app/hooks/use-current-customer'
 import {useOtpInputs} from '@salesforce/retail-react-app/app/hooks/use-otp-inputs'
 import {useCountdown} from '@salesforce/retail-react-app/app/hooks/use-countdown'
+import {getConfig} from '@salesforce/pwa-kit-runtime/utils/ssr-config'
 
 const OtpAuth = ({
     isOpen,
@@ -35,9 +36,20 @@ const OtpAuth = ({
     handleSendEmailOtp,
     handleOtpVerification,
     onCheckoutAsGuest,
-    isGuestRegistration = false
+    isGuestRegistration = false,
+    hideCheckoutAsGuestButton = false
 }) => {
-    const OTP_LENGTH = 8
+    const {tokenLength} = getConfig().app.login
+    const parsedLength = Number(tokenLength)
+    const isValidOtpLength = parsedLength === 6 || parsedLength === 8
+    const OTP_LENGTH = isValidOtpLength ? parsedLength : 8
+
+    if (!isValidOtpLength) {
+        console.warn(
+            `Invalid OTP token length: ${tokenLength}. Expected 6 or 8. Defaulting to ${OTP_LENGTH}.`
+        )
+    }
+
     const [isVerifying, setIsVerifying] = useState(false)
     const [error, setError] = useState('')
     const [resendTimer, setResendTimer] = useCountdown(0)
@@ -269,35 +281,37 @@ const OtpAuth = ({
 
                         {/* Buttons */}
                         <HStack spacing={4} width="100%" justifyContent="center">
-                            <Button
-                                onClick={handleCheckoutAsGuest}
-                                variant="solid"
-                                size="lg"
-                                minWidth="160px"
-                                isDisabled={isVerifying}
-                                bg="gray.50"
-                                color="gray.800"
-                                fontWeight="bold"
-                                border="none"
-                                _hover={{
-                                    bg: 'gray.100'
-                                }}
-                                _active={{
-                                    bg: 'gray.200'
-                                }}
-                            >
-                                {isGuestRegistration ? (
-                                    <FormattedMessage
-                                        defaultMessage="Cancel"
-                                        id="otp.button.cancel_guest_registration"
-                                    />
-                                ) : (
-                                    <FormattedMessage
-                                        defaultMessage="Checkout as a Guest"
-                                        id="otp.button.checkout_as_guest"
-                                    />
-                                )}
-                            </Button>
+                            {!hideCheckoutAsGuestButton && (
+                                <Button
+                                    onClick={handleCheckoutAsGuest}
+                                    variant="solid"
+                                    size="lg"
+                                    minWidth="160px"
+                                    isDisabled={isVerifying}
+                                    bg="gray.50"
+                                    color="gray.800"
+                                    fontWeight="bold"
+                                    border="none"
+                                    _hover={{
+                                        bg: 'gray.100'
+                                    }}
+                                    _active={{
+                                        bg: 'gray.200'
+                                    }}
+                                >
+                                    {isGuestRegistration ? (
+                                        <FormattedMessage
+                                            defaultMessage="Cancel"
+                                            id="otp.button.cancel_guest_registration"
+                                        />
+                                    ) : (
+                                        <FormattedMessage
+                                            defaultMessage="Checkout as a Guest"
+                                            id="otp.button.checkout_as_guest"
+                                        />
+                                    )}
+                                </Button>
+                            )}
 
                             <Button
                                 onClick={handleResend}
@@ -338,7 +352,8 @@ OtpAuth.propTypes = {
     handleSendEmailOtp: PropTypes.func.isRequired,
     handleOtpVerification: PropTypes.func.isRequired,
     onCheckoutAsGuest: PropTypes.func,
-    isGuestRegistration: PropTypes.bool
+    isGuestRegistration: PropTypes.bool,
+    hideCheckoutAsGuestButton: PropTypes.bool
 }
 
 export default OtpAuth
diff --git a/packages/template-retail-react-app/app/components/otp-auth/index.test.js b/packages/template-retail-react-app/app/components/otp-auth/index.test.js
index e7a8bf7745..dd5054aa0b 100644
--- a/packages/template-retail-react-app/app/components/otp-auth/index.test.js
+++ b/packages/template-retail-react-app/app/components/otp-auth/index.test.js
@@ -10,6 +10,8 @@ import userEvent from '@testing-library/user-event'
 import OtpAuth from '@salesforce/retail-react-app/app/components/otp-auth/index'
 import {renderWithProviders} from '@salesforce/retail-react-app/app/utils/test-utils'
 import {useForm} from 'react-hook-form'
+import {getConfig} from '@salesforce/pwa-kit-runtime/utils/ssr-config'
+import mockConfig from '@salesforce/retail-react-app/config/mocks/default'
 
 // Mock the Einstein hook
 const mockSendViewPage = jest.fn()
@@ -44,6 +46,10 @@ jest.mock('@salesforce/retail-react-app/app/hooks/use-current-customer', () => (
     useCurrentCustomer: () => mockUseCurrentCustomer()
 }))
 
+jest.mock('@salesforce/pwa-kit-runtime/utils/ssr-config', () => ({
+    getConfig: jest.fn()
+}))
+
 const WrapperComponent = ({...props}) => {
     const form = useForm()
     const mockOnClose = jest.fn()
@@ -91,6 +97,7 @@ describe('OtpAuth', () => {
         mockHandleOtpVerification.mockResolvedValue({
             success: true
         })
+        getConfig.mockImplementation(() => mockConfig)
     })
 
     describe('Component Rendering', () => {
@@ -130,6 +137,58 @@ describe('OtpAuth', () => {
         })
     })
 
+    describe('OTP token length configuration', () => {
+        test.each([
+            [6, 6],
+            [8, 8],
+            ['6', 6],
+            ['8', 8]
+        ])(
+            'renders %s OTP input fields when tokenLength is set to %s',
+            (tokenLength, expectedLength) => {
+                getConfig.mockImplementation(() => ({
+                    ...mockConfig,
+                    app: {
+                        ...mockConfig.app,
+                        login: {
+                            ...mockConfig.app.login,
+                            tokenLength
+                        }
+                    }
+                }))
+                renderWithProviders(<WrapperComponent />)
+                const otpInputs = screen.getAllByRole('textbox')
+                expect(otpInputs).toHaveLength(expectedLength)
+            }
+        )
+
+        test.each([7, 'abc', null, undefined])(
+            'defaults to 8 OTP input fields when tokenLength is invalid (%s)',
+            (tokenLength) => {
+                const consoleWarnSpy = jest.spyOn(console, 'warn').mockImplementation()
+                getConfig.mockImplementation(() => ({
+                    ...mockConfig,
+                    app: {
+                        ...mockConfig.app,
+                        login: {
+                            ...mockConfig.app.login,
+                            tokenLength
+                        }
+                    }
+                }))
+                renderWithProviders(<WrapperComponent />)
+                const otpInputs = screen.getAllByRole('textbox')
+                expect(otpInputs).toHaveLength(8)
+                expect(consoleWarnSpy).toHaveBeenCalledWith(
+                    expect.stringContaining(
+                        `Invalid OTP token length: ${tokenLength}. Expected 6 or 8. Defaulting to 8.`
+                    )
+                )
+                consoleWarnSpy.mockRestore()
+            }
+        )
+    })
+
     describe('OTP Input Functionality', () => {
         test('allows numeric input in OTP fields', async () => {
             const user = userEvent.setup()
diff --git a/packages/template-retail-react-app/app/components/passwordless-login/index.jsx b/packages/template-retail-react-app/app/components/passwordless-login/index.jsx
index 9dcfdd6dfa..28d8654452 100644
--- a/packages/template-retail-react-app/app/components/passwordless-login/index.jsx
+++ b/packages/template-retail-react-app/app/components/passwordless-login/index.jsx
@@ -37,8 +37,7 @@ const PasswordlessLogin = ({
 
     return (
         <>
-            {((!form.formState.isSubmitSuccessful && !showPasswordView) ||
-                form.formState.errors.email) && (
+            {(!showPasswordView || form.formState.errors.email) && (
                 <Stack spacing={6} paddingLeft={4} paddingRight={4}>
                     <LoginFields
                         form={form}
@@ -81,16 +80,14 @@ const PasswordlessLogin = ({
                     </Stack>
                 </Stack>
             )}
-            {!form.formState.isSubmitSuccessful &&
-                showPasswordView &&
-                !form.formState.errors.email && (
-                    <StandardLogin
-                        form={form}
-                        handleForgotPasswordClick={handleForgotPasswordClick}
-                        setShowPasswordView={setShowPasswordView}
-                        hideEmail={true}
-                    />
-                )}
+            {showPasswordView && !form.formState.errors.email && (
+                <StandardLogin
+                    form={form}
+                    handleForgotPasswordClick={handleForgotPasswordClick}
+                    setShowPasswordView={setShowPasswordView}
+                    hideEmail={true}
+                />
+            )}
         </>
     )
 }
diff --git a/packages/template-retail-react-app/app/hooks/use-auth-modal.js b/packages/template-retail-react-app/app/hooks/use-auth-modal.js
index d55d408425..d81b62ddea 100644
--- a/packages/template-retail-react-app/app/hooks/use-auth-modal.js
+++ b/packages/template-retail-react-app/app/hooks/use-auth-modal.js
@@ -30,12 +30,14 @@ import LoginForm from '@salesforce/retail-react-app/app/components/login'
 import ResetPasswordForm from '@salesforce/retail-react-app/app/components/reset-password'
 import RegisterForm from '@salesforce/retail-react-app/app/components/register'
 import PasswordlessEmailConfirmation from '@salesforce/retail-react-app/app/components/email-confirmation/index'
+import OtpAuth from '@salesforce/retail-react-app/app/components/otp-auth'
 import {noop} from '@salesforce/retail-react-app/app/utils/utils'
+import {API_ERROR_MESSAGE} from '@salesforce/retail-react-app/app/constants'
 import {
-    getPasswordlessErrorMessage,
-    getPasswordResetErrorMessage
+    getAuthorizePasswordlessErrorMessage,
+    getPasswordResetErrorMessage,
+    getLoginPasswordlessErrorMessage
 } from '@salesforce/retail-react-app/app/utils/auth-utils'
-import {API_ERROR_MESSAGE} from '@salesforce/retail-react-app/app/constants'
 import useNavigation from '@salesforce/retail-react-app/app/hooks/use-navigation'
 import {usePrevious} from '@salesforce/retail-react-app/app/hooks/use-previous'
 import {usePasswordReset} from '@salesforce/retail-react-app/app/hooks/use-password-reset'
@@ -79,6 +81,7 @@ export const AuthModal = ({
 
     const navigate = useNavigation()
     const [currentView, setCurrentView] = useState(initialView)
+    const [isOtpAuthOpen, setIsOtpAuthOpen] = useState(false)
     const form = useForm()
     const toast = useToast()
     const login = useAuthHelper(AuthHelpers.LoginRegisteredUserB2C)
@@ -87,6 +90,7 @@ export const AuthModal = ({
 
     const {getPasswordResetToken} = usePasswordReset()
     const authorizePasswordlessLogin = useAuthHelper(AuthHelpers.AuthorizePasswordless)
+    const loginPasswordless = useAuthHelper(AuthHelpers.LoginPasswordlessUser)
     const passwordlessConfig = getConfig().app.login?.passwordless
     const passwordlessMode = passwordlessConfig?.mode
     const callbackURL = getPasswordlessCallbackUrl(passwordlessConfig?.callbackURI)
@@ -106,10 +110,39 @@ export const AuthModal = ({
                 locale: locale.id,
                 ...(callbackURL && {callbackURI: `${callbackURL}?redirectUrl=${redirectPath}`})
             })
-            setCurrentView(EMAIL_VIEW)
+            return {success: true}
         } catch (error) {
-            const message = formatMessage(getPasswordlessErrorMessage(error.message))
+            const message = formatMessage(getAuthorizePasswordlessErrorMessage(error.message))
             form.setError('global', {type: 'manual', message})
+            return {success: false}
+        }
+    }
+
+    const handleMergeBasket = () => {
+        const hasBasketItem = baskets?.baskets?.[0]?.productItems?.length > 0
+        // we only want to merge basket when the user is logged in as a recurring user
+        // only recurring users trigger the login mutation, new user triggers register mutation
+        // this logic needs to stay in this block because this is the only place that tells if a user is a recurring user
+        // if you change logic here, also change it in login page
+        const shouldMergeBasket = hasBasketItem && prevAuthType === 'guest'
+        if (shouldMergeBasket) {
+            try {
+                mergeBasket.mutate({
+                    headers: {
+                        // This is not required since the request has no body
+                        // but CommerceAPI throws a '419 - Unsupported Media Type' error if this header is removed.
+                        'Content-Type': 'application/json'
+                    },
+                    parameters: {
+                        createDestinationBasket: true
+                    }
+                })
+            } catch (error) {
+                form.setError('global', {
+                    type: 'manual',
+                    message: formatMessage(API_ERROR_MESSAGE)
+                })
+            }
         }
     }
 
@@ -124,7 +157,15 @@ export const AuthModal = ({
             login: async (data) => {
                 if (isPasswordless) {
                     const email = data.email
-                    await handlePasswordlessLogin(email)
+                    const {success} = await handlePasswordlessLogin(email)
+                    // Only close AuthModal and open OtpAuth modal if passwordless login succeeded
+                    if (success) {
+                        // Close AuthModal first, then open OtpAuth modal after a brief delay
+                        onClose()
+                        setTimeout(() => {
+                            setIsOtpAuthOpen(true)
+                        }, 150) // Small delay to allow AuthModal to close first
+                    }
                     return
                 }
 
@@ -133,24 +174,6 @@ export const AuthModal = ({
                         username: data.email,
                         password: data.password
                     })
-                    const hasBasketItem = baskets?.baskets?.[0]?.productItems?.length > 0
-                    // we only want to merge basket when the user is logged in as a recurring user
-                    // only recurring users trigger the login mutation, new user triggers register mutation
-                    // this logic needs to stay in this block because this is the only place that tells if a user is a recurring user
-                    // if you change logic here, also change it in login page
-                    const shouldMergeBasket = hasBasketItem && prevAuthType === 'guest'
-                    if (shouldMergeBasket) {
-                        mergeBasket.mutate({
-                            headers: {
-                                // This is not required since the request has no body
-                                // but CommerceAPI throws a '419 - Unsupported Media Type' error if this header is removed.
-                                'Content-Type': 'application/json'
-                            },
-                            parameters: {
-                                createDestinationBasket: true
-                            }
-                        })
-                    }
                 } catch (error) {
                     const message = /Unauthorized/i.test(error.message)
                         ? formatMessage(LOGIN_ERROR)
@@ -194,6 +217,17 @@ export const AuthModal = ({
         }[currentView](data)
     }
 
+    const handleOtpVerification = async (pwdlessLoginToken) => {
+        try {
+            await loginPasswordless.mutateAsync({pwdlessLoginToken})
+            return {success: true}
+        } catch (e) {
+            const errorData = await e.response?.json()
+            const message = formatMessage(getLoginPasswordlessErrorMessage(errorData.message))
+            return {success: false, error: message}
+        }
+    }
+
     // Reset form and local state when opening the modal
     useEffect(() => {
         if (isOpen) {
@@ -225,14 +259,16 @@ export const AuthModal = ({
         // Lets determine if the user has either logged in, or registed.
         const loggingIn = currentView === LOGIN_VIEW
         const registering = currentView === REGISTER_VIEW
-        const isNowRegistered = isOpen && isRegistered && (loggingIn || registering)
+        const isNowRegistered =
+            (isOpen || isOtpAuthOpen) && isRegistered && (loggingIn || registering)
         // If the customer changed, but it's not because they logged in or registered. Do nothing.
         if (!isNowRegistered) {
             return
         }
 
-        // We are done with the modal.
+        // We are done with the modal. Close any modals that are open.
         onClose()
+        setIsOtpAuthOpen(false)
 
         // Show a toast only for those registed users returning to the site.
         if (loggingIn) {
@@ -258,6 +294,7 @@ export const AuthModal = ({
 
             // Execute action to be performed on successful login
             onLoginSuccess()
+            handleMergeBasket()
         }
 
         if (registering) {
@@ -270,67 +307,77 @@ export const AuthModal = ({
         initialView === PASSWORD_VIEW ? onClose() : setCurrentView(LOGIN_VIEW)
 
     return (
-        <Modal
-            size="sm"
-            closeOnOverlayClick={false}
-            data-testid="sf-auth-modal"
-            isOpen={isOpen}
-            onOpen={onOpen}
-            onClose={onClose}
-            {...props}
-        >
-            <ModalOverlay />
-            <ModalContent>
-                <ModalCloseButton
-                    aria-label={formatMessage({
-                        id: 'auth_modal.button.close.assistive_msg',
-                        defaultMessage: 'Close login form'
-                    })}
-                />
-                <ModalBody pb={8} bg="white" paddingBottom={14} marginTop={14}>
-                    {!form.formState.isSubmitSuccessful && currentView === LOGIN_VIEW && (
-                        <LoginForm
-                            form={form}
-                            submitForm={(data) => {
-                                const shouldUsePasswordless =
-                                    isPasswordlessEnabled && !data.password
-                                return submitForm(data, shouldUsePasswordless)
-                            }}
-                            clickCreateAccount={() => setCurrentView(REGISTER_VIEW)}
-                            //TODO: potentially remove this prop in the next major release since
-                            // we don't need to use this props anymore
-                            handlePasswordlessLoginClick={noop}
-                            handleForgotPasswordClick={() => setCurrentView(PASSWORD_VIEW)}
-                            isPasswordlessEnabled={isPasswordlessEnabled}
-                            isSocialEnabled={isSocialEnabled}
-                            idps={idps}
-                            setLoginType={noop}
-                        />
-                    )}
-                    {!form.formState.isSubmitSuccessful && currentView === REGISTER_VIEW && (
-                        <RegisterForm
-                            form={form}
-                            submitForm={submitForm}
-                            clickSignIn={onBackToSignInClick}
-                        />
-                    )}
-                    {currentView === PASSWORD_VIEW && (
-                        <ResetPasswordForm
-                            form={form}
-                            submitForm={submitForm}
-                            clickSignIn={onBackToSignInClick}
-                        />
-                    )}
-                    {currentView === EMAIL_VIEW && (
-                        <PasswordlessEmailConfirmation
-                            form={form}
-                            submitForm={submitForm}
-                            email={form.getValues().email || initialEmail}
-                        />
-                    )}
-                </ModalBody>
-            </ModalContent>
-        </Modal>
+        <>
+            <Modal
+                size="sm"
+                closeOnOverlayClick={false}
+                data-testid="sf-auth-modal"
+                isOpen={isOpen}
+                onOpen={onOpen}
+                onClose={onClose}
+                {...props}
+            >
+                <ModalOverlay />
+                <ModalContent>
+                    <ModalCloseButton
+                        aria-label={formatMessage({
+                            id: 'auth_modal.button.close.assistive_msg',
+                            defaultMessage: 'Close login form'
+                        })}
+                    />
+                    <ModalBody pb={8} bg="white" paddingBottom={14} marginTop={14}>
+                        {!form.formState.isSubmitSuccessful && currentView === LOGIN_VIEW && (
+                            <LoginForm
+                                form={form}
+                                submitForm={(data) => {
+                                    const shouldUsePasswordless =
+                                        isPasswordlessEnabled && !data.password
+                                    return submitForm(data, shouldUsePasswordless)
+                                }}
+                                clickCreateAccount={() => setCurrentView(REGISTER_VIEW)}
+                                //TODO: potentially remove this prop in the next major release since
+                                // we don't need to use this props anymore
+                                handlePasswordlessLoginClick={noop}
+                                handleForgotPasswordClick={() => setCurrentView(PASSWORD_VIEW)}
+                                isPasswordlessEnabled={isPasswordlessEnabled}
+                                isSocialEnabled={isSocialEnabled}
+                                idps={idps}
+                                setLoginType={noop}
+                            />
+                        )}
+                        {!form.formState.isSubmitSuccessful && currentView === REGISTER_VIEW && (
+                            <RegisterForm
+                                form={form}
+                                submitForm={submitForm}
+                                clickSignIn={onBackToSignInClick}
+                            />
+                        )}
+                        {currentView === PASSWORD_VIEW && (
+                            <ResetPasswordForm
+                                form={form}
+                                submitForm={submitForm}
+                                clickSignIn={onBackToSignInClick}
+                            />
+                        )}
+                        {currentView === EMAIL_VIEW && (
+                            <PasswordlessEmailConfirmation
+                                form={form}
+                                submitForm={submitForm}
+                                email={form.getValues().email || initialEmail}
+                            />
+                        )}
+                    </ModalBody>
+                </ModalContent>
+            </Modal>
+            <OtpAuth
+                isOpen={isOtpAuthOpen}
+                onClose={() => setIsOtpAuthOpen(false)}
+                form={form}
+                handleSendEmailOtp={handlePasswordlessLogin}
+                handleOtpVerification={handleOtpVerification}
+                hideCheckoutAsGuestButton={true}
+            />
+        </>
     )
 }
 
diff --git a/packages/template-retail-react-app/app/hooks/use-auth-modal.test.js b/packages/template-retail-react-app/app/hooks/use-auth-modal.test.js
index 2c9834d92d..6d94d4554f 100644
--- a/packages/template-retail-react-app/app/hooks/use-auth-modal.test.js
+++ b/packages/template-retail-react-app/app/hooks/use-auth-modal.test.js
@@ -11,9 +11,15 @@ import userEvent from '@testing-library/user-event'
 import {
     renderWithProviders,
     createPathWithDefaults,
-    guestToken
+    guestToken,
+    registerUserToken,
+    clearAllCookies
 } from '@salesforce/retail-react-app/app/utils/test-utils'
-import {AuthModal, useAuthModal} from '@salesforce/retail-react-app/app/hooks/use-auth-modal'
+import {
+    AuthModal,
+    useAuthModal,
+    EMAIL_VIEW
+} from '@salesforce/retail-react-app/app/hooks/use-auth-modal'
 import {BrowserRouter as Router, Route} from 'react-router-dom'
 import Account from '@salesforce/retail-react-app/app/pages/account'
 import {rest} from 'msw'
@@ -109,6 +115,7 @@ beforeEach(() => {
 })
 afterEach(() => {
     localStorage.clear()
+    clearAllCookies()
     jest.resetModules()
     jest.restoreAllMocks()
 })
@@ -199,6 +206,20 @@ describe('Passwordless enabled', () => {
         global.server.use(
             rest.post('*/oauth2/passwordless/login', (req, res, ctx) => {
                 return res(ctx.delay(0), ctx.status(200), ctx.json({}))
+            }),
+            rest.post('*/oauth2/passwordless/token', (req, res, ctx) => {
+                return res(
+                    ctx.delay(0),
+                    ctx.status(200),
+                    ctx.json({
+                        customer_id: 'registeredCustomerId',
+                        access_token: registerUserToken,
+                        refresh_token: 'testrefeshtoken',
+                        usid: 'testusid',
+                        enc_user_id: 'testEncUserId',
+                        id_token: 'testIdToken'
+                    })
+                )
             })
         )
     })
@@ -216,11 +237,11 @@ describe('Passwordless enabled', () => {
     })
 
     test('Allows passwordless login', async () => {
-        jest.spyOn(window, 'location', 'get').mockReturnValue({
-            pathname: '/',
-            origin: 'https://example.com'
+        const {user} = renderWithProviders(<MockedComponent isPasswordlessEnabled={true} />, {
+            wrapperProps: {
+                bypassAuth: false
+            }
         })
-        const {user} = renderWithProviders(<MockedComponent isPasswordlessEnabled={true} />)
         const validEmail = 'test@salesforce.com'
 
         // open the modal
@@ -238,30 +259,38 @@ describe('Passwordless enabled', () => {
         const passwordlessLoginButton = screen.getByText(/Continue/i)
         await user.click(passwordlessLoginButton)
 
-        // check that check email modal is open
-        await waitFor(
-            () => {
-                const withinForm = within(screen.getByTestId('sf-form-resend-passwordless-email'))
-                expect(withinForm.getByText(/Check Your Email/i)).toBeInTheDocument()
-                expect(withinForm.getByText(validEmail)).toBeInTheDocument()
-            },
-            {timeout: 5000}
-        )
+        // check that the auth modal is closed
+        expect(authModal.isOpen).toBe(false)
+
+        // check that OTP auth modal is open
+        await waitFor(() => {
+            expect(
+                screen.getByText(/To log in to your account, enter the code/i)
+            ).toBeInTheDocument()
+        })
 
         // resend the email
-        await user.click(screen.getByText(/Resend Link/i))
+        await user.click(screen.getByText(/Resend Code/i))
+
+        // enter the code manually
+        const code = '12345678'
+        const otpInputs = screen.getAllByRole('textbox')
+        for (let i = 0; i < 8; i++) {
+            await user.type(otpInputs[i], code[i])
+        }
 
-        // check that check email modal is still open
         await waitFor(() => {
-            expect(screen.getByText(/Check Your Email/i)).toBeInTheDocument()
+            expect(
+                screen.queryByText(/To log in to your account, enter the code/i)
+            ).not.toBeInTheDocument()
+        })
+
+        await waitFor(() => {
+            expect(screen.getByText(/You're now signed in./i)).toBeInTheDocument()
         })
     })
 
     test('allows passwordless login via Enter key', async () => {
-        jest.spyOn(window, 'location', 'get').mockReturnValue({
-            pathname: '/',
-            origin: 'https://example.com'
-        })
         const {user} = renderWithProviders(<MockedComponent isPasswordlessEnabled={true} />)
         const validEmail = 'test@salesforce.com'
 
@@ -279,15 +308,15 @@ describe('Passwordless enabled', () => {
         // simulate Enter key press in email field
         await user.keyboard('{Enter}')
 
-        // check that check email modal is open
-        await waitFor(
-            () => {
-                const withinForm = within(screen.getByTestId('sf-form-resend-passwordless-email'))
-                expect(withinForm.getByText(/Check Your Email/i)).toBeInTheDocument()
-                expect(withinForm.getByText(validEmail)).toBeInTheDocument()
-            },
-            {timeout: 5000}
-        )
+        // check that the auth modal is closed
+        expect(authModal.isOpen).toBe(false)
+
+        // check that the OtpAuthModal is open
+        await waitFor(() => {
+            expect(
+                screen.getByText(/To log in to your account, enter the code/i)
+            ).toBeInTheDocument()
+        })
     })
 
     test('sends callbackURI when passwordless callback is configured', async () => {
@@ -304,11 +333,6 @@ describe('Passwordless enabled', () => {
             }
         })
 
-        jest.spyOn(window, 'location', 'get').mockReturnValue({
-            pathname: '/',
-            origin: 'https://example.com'
-        })
-
         const {user} = renderWithProviders(<MockedComponent isPasswordlessEnabled={true} />)
         const validEmail = 'test@salesforce.com'
 
@@ -322,6 +346,33 @@ describe('Passwordless enabled', () => {
         await user.type(screen.getByLabelText('Email'), validEmail)
         await user.click(screen.getByText(/Continue/i))
 
+        // check that the auth modal is closed
+        expect(authModal.isOpen).toBe(false)
+
+        // check that the OtpAuthModal is open
+        await waitFor(() => {
+            expect(
+                screen.getByText(/To log in to your account, enter the code/i)
+            ).toBeInTheDocument()
+        })
+    })
+
+    test('shows check your email view when initial view is set to email', async () => {
+        const {user} = renderWithProviders(
+            <MockedComponent isPasswordlessEnabled={true} initialView={EMAIL_VIEW} />
+        )
+
+        // open the modal
+        const trigger = screen.getByText(/open modal/i)
+        await user.click(trigger)
+
+        await waitFor(() => {
+            expect(screen.getByText(/Check Your Email/i)).toBeInTheDocument()
+        })
+
+        await user.click(screen.getByText(/Resend Link/i))
+
+        // check that the Check Your Email view is still open
         await waitFor(() => {
             expect(screen.getByText(/Check Your Email/i)).toBeInTheDocument()
         })
diff --git a/packages/template-retail-react-app/app/pages/checkout-one-click/partials/one-click-contact-info.jsx b/packages/template-retail-react-app/app/pages/checkout-one-click/partials/one-click-contact-info.jsx
index a31f4e309a..bb5f1aece4 100644
--- a/packages/template-retail-react-app/app/pages/checkout-one-click/partials/one-click-contact-info.jsx
+++ b/packages/template-retail-react-app/app/pages/checkout-one-click/partials/one-click-contact-info.jsx
@@ -47,7 +47,7 @@ import {
     useShopperCustomersMutation
 } from '@salesforce/commerce-sdk-react'
 import {API_ERROR_MESSAGE} from '@salesforce/retail-react-app/app/constants'
-import {getPasswordlessErrorMessage} from '@salesforce/retail-react-app/app/utils/auth-utils'
+import {getAuthorizePasswordlessErrorMessage} from '@salesforce/retail-react-app/app/utils/auth-utils'
 import {isValidEmail} from '@salesforce/retail-react-app/app/utils/email-utils'
 import {formatPhoneNumber} from '@salesforce/retail-react-app/app/utils/phone-utils'
 import useMultiSite from '@salesforce/retail-react-app/app/hooks/use-multi-site'
@@ -242,7 +242,7 @@ const ContactInfo = ({isSocialEnabled = false, idps = [], onRegisteredUserChoseG
                 lastEmailSentRef.current = normalizedEmail
                 return {isRegistered: true}
             } catch (error) {
-                const message = formatMessage(getPasswordlessErrorMessage(error.message))
+                const message = formatMessage(getAuthorizePasswordlessErrorMessage(error.message))
                 setError(message)
                 // Keep continue button visible if email is valid (for unregistered users)
                 if (isValidEmail(email)) {
diff --git a/packages/template-retail-react-app/app/pages/checkout/partials/contact-info.jsx b/packages/template-retail-react-app/app/pages/checkout/partials/contact-info.jsx
index c001dee17a..05e0eebd6c 100644
--- a/packages/template-retail-react-app/app/pages/checkout/partials/contact-info.jsx
+++ b/packages/template-retail-react-app/app/pages/checkout/partials/contact-info.jsx
@@ -45,7 +45,7 @@ import {AuthHelpers, useAuthHelper, useShopperBasketsMutation} from '@salesforce
 import {getConfig} from '@salesforce/pwa-kit-runtime/utils/ssr-config'
 import {
     getPasswordlessCallbackUrl,
-    getPasswordlessErrorMessage
+    getAuthorizePasswordlessErrorMessage
 } from '@salesforce/retail-react-app/app/utils/auth-utils'
 import useMultiSite from '@salesforce/retail-react-app/app/hooks/use-multi-site'
 
@@ -92,7 +92,7 @@ const ContactInfo = ({isSocialEnabled = false, isPasswordlessEnabled = false, id
             setAuthModalView(EMAIL_VIEW)
             authModal.onOpen()
         } catch (error) {
-            const message = formatMessage(getPasswordlessErrorMessage(error.message))
+            const message = formatMessage(getAuthorizePasswordlessErrorMessage(error.message))
             setError(message)
         }
     }
diff --git a/packages/template-retail-react-app/app/pages/login/index.jsx b/packages/template-retail-react-app/app/pages/login/index.jsx
index fd44f2322b..62c5ff40cb 100644
--- a/packages/template-retail-react-app/app/pages/login/index.jsx
+++ b/packages/template-retail-react-app/app/pages/login/index.jsx
@@ -25,17 +25,14 @@ import {useLocation} from 'react-router-dom'
 import useEinstein from '@salesforce/retail-react-app/app/hooks/use-einstein'
 import useDataCloud from '@salesforce/retail-react-app/app/hooks/use-datacloud'
 import LoginForm from '@salesforce/retail-react-app/app/components/login'
-import PasswordlessEmailConfirmation from '@salesforce/retail-react-app/app/components/email-confirmation/index'
-import {
-    API_ERROR_MESSAGE,
-    INVALID_TOKEN_ERROR,
-    INVALID_TOKEN_ERROR_MESSAGE
-} from '@salesforce/retail-react-app/app/constants'
+import OtpAuth from '@salesforce/retail-react-app/app/components/otp-auth'
+import {API_ERROR_MESSAGE} from '@salesforce/retail-react-app/app/constants'
 import {usePrevious} from '@salesforce/retail-react-app/app/hooks/use-previous'
 import {isServer, noop} from '@salesforce/retail-react-app/app/utils/utils'
 import {
-    getPasswordlessCallbackUrl,
-    getPasswordlessErrorMessage
+    getAuthorizePasswordlessErrorMessage,
+    getLoginPasswordlessErrorMessage,
+    getPasswordlessCallbackUrl
 } from '@salesforce/retail-react-app/app/utils/auth-utils'
 import {getConfig} from '@salesforce/pwa-kit-runtime/utils/ssr-config'
 import useMultiSite from '@salesforce/retail-react-app/app/hooks/use-multi-site'
@@ -79,9 +76,8 @@ const Login = ({initialView = LOGIN_VIEW}) => {
         {enabled: !!customerId && !isServer, keepPreviousData: true}
     )
     const mergeBasket = useShopperBasketsMutation('mergeBasket')
-    const [currentView, setCurrentView] = useState(initialView)
-    const [passwordlessLoginEmail, setPasswordlessLoginEmail] = useState('')
     const [redirectPath, setRedirectPath] = useState('')
+    const [isOtpAuthOpen, setIsOtpAuthOpen] = useState(false)
 
     const handleMergeBasket = () => {
         const hasBasketItem = baskets?.baskets?.[0]?.productItems?.length > 0
@@ -119,39 +115,42 @@ const Login = ({initialView = LOGIN_VIEW}) => {
                 locale: locale.id,
                 ...(passwordlessConfigCallback && {callbackURI: passwordlessConfigCallback})
             })
-            setPasswordlessLoginEmail(email)
-            setCurrentView(EMAIL_VIEW)
+            setIsOtpAuthOpen(true)
         } catch (error) {
-            const message = formatMessage(getPasswordlessErrorMessage(error.message))
+            const message = formatMessage(getAuthorizePasswordlessErrorMessage(error.message))
             form.setError('global', {type: 'manual', message})
         }
     }
 
-    const submitForm = async (data, isPasswordless = false) => {
+    const handleOtpVerification = async (pwdlessLoginToken) => {
+        try {
+            await loginPasswordless.mutateAsync({pwdlessLoginToken})
+            return {success: true}
+        } catch (e) {
+            const errorData = await e.response?.json()
+            const message = formatMessage(getLoginPasswordlessErrorMessage(errorData.message))
+            return {success: false, error: message}
+        }
+    }
+
+    const submitForm = async (data) => {
         form.clearErrors()
 
-        return {
-            login: async (data) => {
-                if (isPasswordless) {
-                    const email = data.email
-                    await handlePasswordlessLogin(email)
-                    return
-                }
-
-                try {
-                    await login.mutateAsync({username: data.email, password: data.password})
-                } catch (error) {
-                    const message = /Unauthorized/i.test(error.message)
-                        ? formatMessage(LOGIN_ERROR_MESSAGE)
-                        : formatMessage(API_ERROR_MESSAGE)
-                    form.setError('global', {type: 'manual', message})
-                }
-                handleMergeBasket()
-            },
-            email: async () => {
-                await handlePasswordlessLogin(passwordlessLoginEmail)
-            }
-        }[currentView](data)
+        // If passwordless is enabled and the password is not provided, handle passwordless login
+        if (isPasswordlessEnabled && !data.password) {
+            const email = data.email
+            await handlePasswordlessLogin(email)
+            return
+        }
+
+        try {
+            await login.mutateAsync({username: data.email, password: data.password})
+        } catch (error) {
+            const message = /Unauthorized/i.test(error.message)
+                ? formatMessage(LOGIN_ERROR_MESSAGE)
+                : formatMessage(API_ERROR_MESSAGE)
+            form.setError('global', {type: 'manual', message})
+        }
     }
 
     // Handles passwordless login by retrieving the 'token' from the query parameters and
@@ -166,24 +165,14 @@ const Login = ({initialView = LOGIN_VIEW}) => {
                 setRedirectPath('')
             }
 
-            const passwordlessLogin = async () => {
-                try {
-                    await loginPasswordless.mutateAsync({pwdlessLoginToken: token})
-                } catch (e) {
-                    const errorData = await e.response?.json()
-                    const message = INVALID_TOKEN_ERROR.test(errorData.message)
-                        ? formatMessage(INVALID_TOKEN_ERROR_MESSAGE)
-                        : formatMessage(API_ERROR_MESSAGE)
-                    form.setError('global', {type: 'manual', message})
-                }
-            }
-            passwordlessLogin()
+            handleOtpVerification(token)
         }
     }, [path, isSuccessCustomerBaskets])
 
     // If customer is registered push to account page and merge the basket
     useEffect(() => {
         if (isRegistered) {
+            setIsOtpAuthOpen(false)
             handleMergeBasket()
             const redirectTo = redirectPath ? redirectPath : '/account'
             navigate(redirectTo)
@@ -211,28 +200,24 @@ const Login = ({initialView = LOGIN_VIEW}) => {
                 marginBottom={8}
                 borderRadius="base"
             >
-                {!form.formState.isSubmitSuccessful && currentView === LOGIN_VIEW && (
-                    <LoginForm
-                        form={form}
-                        submitForm={(data) => {
-                            const shouldUsePasswordless = isPasswordlessEnabled && !data.password
-                            return submitForm(data, shouldUsePasswordless)
-                        }}
-                        clickCreateAccount={() => navigate('/registration')}
-                        handlePasswordlessLoginClick={noop}
-                        handleForgotPasswordClick={() => navigate('/reset-password')}
-                        isPasswordlessEnabled={isPasswordlessEnabled}
-                        isSocialEnabled={isSocialEnabled}
-                        idps={idps}
-                    />
-                )}
-                {currentView === EMAIL_VIEW && (
-                    <PasswordlessEmailConfirmation
-                        form={form}
-                        submitForm={submitForm}
-                        email={passwordlessLoginEmail}
-                    />
-                )}
+                <LoginForm
+                    form={form}
+                    submitForm={submitForm}
+                    clickCreateAccount={() => navigate('/registration')}
+                    handlePasswordlessLoginClick={noop}
+                    handleForgotPasswordClick={() => navigate('/reset-password')}
+                    isPasswordlessEnabled={isPasswordlessEnabled}
+                    isSocialEnabled={isSocialEnabled}
+                    idps={idps}
+                />
+                <OtpAuth
+                    isOpen={isOtpAuthOpen}
+                    onClose={() => setIsOtpAuthOpen(false)}
+                    form={form}
+                    handleSendEmailOtp={handlePasswordlessLogin}
+                    handleOtpVerification={handleOtpVerification}
+                    hideCheckoutAsGuestButton={true}
+                />
             </Container>
         </Box>
     )
diff --git a/packages/template-retail-react-app/app/pages/login/index.test.js b/packages/template-retail-react-app/app/pages/login/index.test.js
index df8bc97b26..6f6e3edf67 100644
--- a/packages/template-retail-react-app/app/pages/login/index.test.js
+++ b/packages/template-retail-react-app/app/pages/login/index.test.js
@@ -20,7 +20,6 @@ import ResetPassword from '@salesforce/retail-react-app/app/pages/reset-password
 import mockConfig from '@salesforce/retail-react-app/config/mocks/default'
 import {mockedRegisteredCustomer} from '@salesforce/retail-react-app/app/mocks/mock-data'
 import {getConfig} from '@salesforce/pwa-kit-runtime/utils/ssr-config'
-import {AuthHelpers} from '@salesforce/commerce-sdk-react'
 
 const mockMergedBasket = {
     basketId: 'a10ff320829cb0eef93ca5310a',
@@ -328,6 +327,21 @@ describe('Passwordless login tests', () => {
         global.server.use(
             rest.post('*/oauth2/passwordless/login', (req, res, ctx) => {
                 return res(ctx.delay(0), ctx.status(200), ctx.json({}))
+            }),
+            rest.post('*/oauth2/passwordless/token', (req, res, ctx) => {
+                return res(
+                    ctx.delay(0),
+                    ctx.status(200),
+                    ctx.json({
+                        customer_id: 'customerid_1',
+                        access_token:
+                            'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXQiOiJHVUlEIiwic2NwIjoic2ZjYy5zaG9wcGVyLW15YWNjb3VudC5iYXNrZXRzIHNmY2Muc2hvcHBlci1teWFjY291bnQuYWRkcmVzc2VzIHNmY2Muc2hvcHBlci1wcm9kdWN0cyBzZmNjLnNob3BwZXItZGlzY292ZXJ5LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnJ3IHNmY2Muc2hvcHBlci1teWFjY291bnQucGF5bWVudGluc3RydW1lbnRzIHNmY2Muc2hvcHBlci1jdXN0b21lcnMubG9naW4gc2ZjYy5zaG9wcGVyLWV4cGVyaWVuY2Ugc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5vcmRlcnMgc2ZjYy5zaG9wcGVyLWN1c3RvbWVycy5yZWdpc3RlciBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5hZGRyZXNzZXMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wcm9kdWN0bGlzdHMucncgc2ZjYy5zaG9wcGVyLXByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItcHJvbW90aW9ucyBzZmNjLnNob3BwZXItYmFza2V0cy1vcmRlcnMucncgc2ZjYy5zaG9wcGVyLW15YWNjb3VudC5wYXltZW50aW5zdHJ1bWVudHMucncgc2ZjYy5zaG9wcGVyLWdpZnQtY2VydGlmaWNhdGVzIHNmY2Muc2hvcHBlci1wcm9kdWN0LXNlYXJjaCBzZmNjLnNob3BwZXItbXlhY2NvdW50LnByb2R1Y3RsaXN0cyBzZmNjLnNob3BwZXItY2F0ZWdvcmllcyBzZmNjLnNob3BwZXItbXlhY2NvdW50Iiwic3ViIjoiY2Mtc2xhczo6enpyZl8wMDE6OnNjaWQ6YzljNDViZmQtMGVkMy00YWEyLTk5NzEtNDBmODg5NjJiODM2Ojp1c2lkOjhlODgzOTczLTY4ZWItNDFmZS1hM2M1LTc1NjIzMjY1MmZmNSIsImN0eCI6InNsYXMiLCJpc3MiOiJzbGFzL3Byb2QvenpyZl8wMDEiLCJpc3QiOjEsImF1ZCI6ImNvbW1lcmNlY2xvdWQvcHJvZC96enJmXzAwMSIsIm5iZiI6MTY3ODgzNDI3MSwic3R5IjoiVXNlciIsImlzYiI6InVpZG86ZWNvbTo6dXBuOmtldjVAdGVzdC5jb206OnVpZG46a2V2aW4gaGU6OmdjaWQ6YWJtZXMybWJrM2xYa1JsSEZKd0dZWWt1eEo6OnJjaWQ6YWJVTXNhdnBEOVk2alcwMGRpMlNqeEdDTVU6OmNoaWQ6UmVmQXJjaEdsb2JhbCIsImV4cCI6MjY3ODgzNjEwMSwiaWF0IjoxNjc4ODM0MzAxLCJqdGkiOiJDMkM0ODU2MjAxODYwLTE4OTA2Nzg5MDM0ODA1ODMyNTcwNjY2NTQyIn0._tUrxeXdFYPj6ZoY-GILFRd3-aD1RGPkZX6TqHeS494',
+                        refresh_token: 'testrefeshtoken_1',
+                        usid: 'testusid_1',
+                        enc_user_id: 'testEncUserId_1',
+                        id_token: 'testIdToken_1'
+                    })
+                )
             })
         )
     })
@@ -338,7 +352,7 @@ describe('Passwordless login tests', () => {
                 siteAlias: 'uk',
                 locale: {id: 'en-GB'},
                 appConfig: mockConfig.app,
-                bypassAuth: true
+                bypassAuth: false
             }
         })
 
@@ -349,13 +363,27 @@ describe('Passwordless login tests', () => {
         // Click the submit button
         await user.click(screen.getByRole('button', {name: /Continue/i}))
 
-        // check that check email page is open
+        // check that OTP auth modal is open
         await waitFor(() => {
-            expect(screen.getByText(/Check Your Email/i)).toBeInTheDocument()
+            expect(
+                screen.getByText(/To log in to your account, enter the code/i)
+            ).toBeInTheDocument()
         })
 
         // resend the email
-        await user.click(screen.getByText(/Resend Link/i))
+        await user.click(screen.getByText(/Resend Code/i))
+
+        // enter the code manually
+        const code = '12345678'
+        const otpInputs = screen.getAllByRole('textbox')
+        for (let i = 0; i < 8; i++) {
+            await user.type(otpInputs[i], code[i])
+        }
+
+        await waitFor(() => {
+            expect(window.location.pathname).toBe('/uk/en-GB/account')
+            expect(screen.getByText(/My Profile/i)).toBeInTheDocument()
+        })
     })
 
     test.each([
diff --git a/packages/template-retail-react-app/app/pages/reset-password/index.test.jsx b/packages/template-retail-react-app/app/pages/reset-password/index.test.jsx
index 0d7186d076..ae52da27cd 100644
--- a/packages/template-retail-react-app/app/pages/reset-password/index.test.jsx
+++ b/packages/template-retail-react-app/app/pages/reset-password/index.test.jsx
@@ -13,7 +13,6 @@ import {
 } from '@salesforce/retail-react-app/app/utils/test-utils'
 import ResetPassword from '.'
 import mockConfig from '@salesforce/retail-react-app/config/mocks/default'
-import {TOO_MANY_PASSWORD_RESET_ATTEMPTS_ERROR_MESSAGE} from '@salesforce/retail-react-app/app/utils/auth-utils'
 
 const mockUseRouteMatch = jest.fn(() => ({path: '/'}))
 
diff --git a/packages/template-retail-react-app/app/utils/auth-utils.js b/packages/template-retail-react-app/app/utils/auth-utils.js
index 199725cb6b..4b8772553c 100644
--- a/packages/template-retail-react-app/app/utils/auth-utils.js
+++ b/packages/template-retail-react-app/app/utils/auth-utils.js
@@ -10,7 +10,9 @@ import {getAppOrigin} from '@salesforce/pwa-kit-react-sdk/utils/url'
 import {getEnvBasePath} from '@salesforce/pwa-kit-runtime/utils/ssr-namespace-paths'
 import {
     API_ERROR_MESSAGE,
-    FEATURE_UNAVAILABLE_ERROR_MESSAGE
+    FEATURE_UNAVAILABLE_ERROR_MESSAGE,
+    INVALID_TOKEN_ERROR,
+    INVALID_TOKEN_ERROR_MESSAGE
 } from '@salesforce/retail-react-app/app/constants'
 import {isAbsoluteURL} from '@salesforce/retail-react-app/app/page-designer/utils'
 
@@ -62,13 +64,13 @@ export const getPasswordlessCallbackUrl = (callbackURI) => {
 }
 
 /**
- * Maps an error message to the appropriate user-friendly error message descriptor
+ * Maps error message from authorizePasswordless mutation to the appropriate user-friendly error message descriptor
  * for passwordless login feature errors.
  *
  * @param {string} errorMessage - The error message from the API
  * @returns {Object} - The message descriptor object (from defineMessage) that can be passed to formatMessage
  */
-export const getPasswordlessErrorMessage = (errorMessage) => {
+export const getAuthorizePasswordlessErrorMessage = (errorMessage) => {
     if (PASSWORDLESS_FEATURE_UNAVAILABLE_ERRORS.some((msg) => msg.test(errorMessage))) {
         return FEATURE_UNAVAILABLE_ERROR_MESSAGE
     }
@@ -79,7 +81,7 @@ export const getPasswordlessErrorMessage = (errorMessage) => {
 }
 
 /**
- * Maps an error message to the appropriate user-friendly error message descriptor
+ * Maps error message from getPasswordResetToken mutation to the appropriate user-friendly error message descriptor
  * for password reset feature errors.
  *
  * @param {string} errorMessage - The error message from the API
@@ -94,3 +96,17 @@ export const getPasswordResetErrorMessage = (errorMessage) => {
     }
     return API_ERROR_MESSAGE
 }
+
+/**
+ * Maps error message from loginPasswordless mutation to the appropriate user-friendly error message descriptor
+ * for OTP verification errors (passwordless login token verification).
+ *
+ * @param {string} errorMessage - The error message from the API
+ * @returns {Object} - The message descriptor object (from defineMessage) that can be passed to formatMessage
+ */
+export const getLoginPasswordlessErrorMessage = (errorMessage) => {
+    if (INVALID_TOKEN_ERROR.test(errorMessage)) {
+        return INVALID_TOKEN_ERROR_MESSAGE
+    }
+    return API_ERROR_MESSAGE
+}
diff --git a/packages/template-retail-react-app/app/utils/auth-utils.test.js b/packages/template-retail-react-app/app/utils/auth-utils.test.js
index e2e4eb5096..ccd7dbcf86 100644
--- a/packages/template-retail-react-app/app/utils/auth-utils.test.js
+++ b/packages/template-retail-react-app/app/utils/auth-utils.test.js
@@ -6,12 +6,14 @@
  */
 import {
     API_ERROR_MESSAGE,
-    FEATURE_UNAVAILABLE_ERROR_MESSAGE
+    FEATURE_UNAVAILABLE_ERROR_MESSAGE,
+    INVALID_TOKEN_ERROR_MESSAGE
 } from '@salesforce/retail-react-app/app/constants'
 import {
     getPasswordlessCallbackUrl,
-    getPasswordlessErrorMessage,
+    getAuthorizePasswordlessErrorMessage,
     getPasswordResetErrorMessage,
+    getLoginPasswordlessErrorMessage,
     TOO_MANY_LOGIN_ATTEMPTS_ERROR_MESSAGE,
     TOO_MANY_PASSWORD_RESET_ATTEMPTS_ERROR_MESSAGE
 } from '@salesforce/retail-react-app/app/utils/auth-utils'
@@ -52,7 +54,7 @@ describe('getPasswordlessCallbackUrl', function () {
     })
 })
 
-describe('getPasswordlessErrorMessage', () => {
+describe('getAuthorizePasswordlessErrorMessage', () => {
     test.each([
         ['no callback_uri is registered for client', FEATURE_UNAVAILABLE_ERROR_MESSAGE],
         ["callback_uri doesn't match the registered callbacks", FEATURE_UNAVAILABLE_ERROR_MESSAGE],
@@ -74,7 +76,7 @@ describe('getPasswordlessErrorMessage', () => {
     ])(
         'maps passwordless error "%s" to the correct message descriptor',
         (errorMessage, expectedMessage) => {
-            expect(getPasswordlessErrorMessage(errorMessage)).toBe(expectedMessage)
+            expect(getAuthorizePasswordlessErrorMessage(errorMessage)).toBe(expectedMessage)
         }
     )
 })
@@ -100,3 +102,16 @@ describe('getPasswordResetErrorMessage', () => {
         }
     )
 })
+
+describe('getLoginPasswordlessErrorMessage', () => {
+    test.each([
+        ['invalid token', INVALID_TOKEN_ERROR_MESSAGE],
+        ['unexpected error message', API_ERROR_MESSAGE],
+        [null, API_ERROR_MESSAGE]
+    ])(
+        'maps login passwordless error "%s" to the correct message descriptor',
+        (errorMessage, expectedMessage) => {
+            expect(getLoginPasswordlessErrorMessage(errorMessage)).toBe(expectedMessage)
+        }
+    )
+})
diff --git a/packages/template-retail-react-app/app/utils/test-utils.js b/packages/template-retail-react-app/app/utils/test-utils.js
index bdb8790495..6fd8ee0e3b 100644
--- a/packages/template-retail-react-app/app/utils/test-utils.js
+++ b/packages/template-retail-react-app/app/utils/test-utils.js
@@ -40,6 +40,7 @@ import {
 } from '@salesforce/retail-react-app/app/constants'
 import jwt from 'jsonwebtoken'
 import userEvent from '@testing-library/user-event'
+import Cookies from 'js-cookie'
 // This JWT's payload is special
 // it includes 3 fields that commerce-sdk-react cares:
 // exp, isb and sub
@@ -287,3 +288,16 @@ export const withPageProvider = (Component, options) => {
 
     return WrappedComponent
 }
+
+/**
+ * Clears all cookies. Useful for test cleanup to ensure clean auth state.
+ * @returns {void}
+ */
+export const clearAllCookies = () => {
+    document.cookie.split(';').forEach((cookie) => {
+        const name = cookie.split('=')[0].trim()
+        if (name) {
+            Cookies.remove(name, {path: '/'})
+        }
+    })
+}
diff --git a/packages/template-retail-react-app/config/default.js b/packages/template-retail-react-app/config/default.js
index acdcd7e59f..a00e2bb735 100644
--- a/packages/template-retail-react-app/config/default.js
+++ b/packages/template-retail-react-app/config/default.js
@@ -6,7 +6,7 @@
  */
 /* eslint-disable @typescript-eslint/no-var-requires */
 const sites = require('./sites.js')
-const {parseSettings} = require('./utils.js')
+const {parseSettings, validateOtpTokenLength} = require('./utils.js')
 
 module.exports = {
     app: {
@@ -30,6 +30,9 @@ module.exports = {
             interpretPlusSignAsSpace: false
         },
         login: {
+            // The length of the token for OTP authentication. Used by passwordless login and reset password.
+            // If the env var `OTP_TOKEN_LENGTH` is set, it will override the config value. Valid values are 6 or 8. Defaults to: 8
+            tokenLength: validateOtpTokenLength(process.env.OTP_TOKEN_LENGTH),
             passwordless: {
                 enabled: false,
                 mode: 'email',
diff --git a/packages/template-retail-react-app/config/mocks/default.js b/packages/template-retail-react-app/config/mocks/default.js
index 5545771b0c..a212cf0faa 100644
--- a/packages/template-retail-react-app/config/mocks/default.js
+++ b/packages/template-retail-react-app/config/mocks/default.js
@@ -33,6 +33,7 @@ module.exports = {
             showDefaults: true
         },
         login: {
+            tokenLength: 8,
             passwordless: {
                 enabled: false,
                 mode: 'email',
diff --git a/packages/template-retail-react-app/config/utils.js b/packages/template-retail-react-app/config/utils.js
index cc1b17e5c7..2aad9cfd7a 100644
--- a/packages/template-retail-react-app/config/utils.js
+++ b/packages/template-retail-react-app/config/utils.js
@@ -5,6 +5,42 @@
  * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
  */
 
+/**
+ * Valid OTP token lengths supported by the authentication system.
+ * These values are enforced to ensure compatibility with the OTP verification flow.
+ */
+const VALID_OTP_TOKEN_LENGTHS = [6, 8]
+const DEFAULT_OTP_TOKEN_LENGTH = 8
+
+/**
+ * Validates and normalizes the OTP token length configuration.
+ * Throws an error if the token length is invalid.
+ *
+ * @param {string|number|undefined} tokenLength - The token length from config or env var
+ * @returns {number} Validated token length (6 or 8)
+ * @throws {Error} If tokenLength is invalid (not 6 or 8)
+ */
+function validateOtpTokenLength(tokenLength) {
+    // If undefined, return default
+    if (tokenLength === undefined) {
+        return DEFAULT_OTP_TOKEN_LENGTH
+    }
+
+    // Parse to number (handles string numbers like "6" or "8")
+    const parsedLength = Number(tokenLength)
+
+    // Check if it's one of the allowed values (includes() will return false for NaN or invalid numbers)
+    if (!VALID_OTP_TOKEN_LENGTHS.includes(parsedLength)) {
+        throw new Error(
+            `Invalid OTP token length: ${tokenLength}. Valid values are ${VALID_OTP_TOKEN_LENGTHS.join(
+                ' or '
+            )}. `
+        )
+    }
+
+    return parsedLength
+}
+
 /**
  * Safely parses settings from either a JSON string or object
  * @param {string|object} settings - The settings
@@ -30,5 +66,8 @@ function parseSettings(settings) {
 }
 
 module.exports = {
-    parseSettings
+    parseSettings,
+    validateOtpTokenLength,
+    DEFAULT_OTP_TOKEN_LENGTH,
+    VALID_OTP_TOKEN_LENGTHS
 }
diff --git a/packages/template-retail-react-app/config/utils.test.js b/packages/template-retail-react-app/config/utils.test.js
new file mode 100644
index 0000000000..20a25233d7
--- /dev/null
+++ b/packages/template-retail-react-app/config/utils.test.js
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2024, salesforce.com, inc.
+ * All rights reserved.
+ * SPDX-License-Identifier: BSD-3-Clause
+ * For full license text, see the LICENSE file in the repo root or https://opensource.org/licenses/BSD-3-Clause
+ */
+/* eslint-disable @typescript-eslint/no-var-requires */
+const {validateOtpTokenLength, DEFAULT_OTP_TOKEN_LENGTH} = require('./utils.js')
+
+describe('validateOtpTokenLength', () => {
+    describe('valid values', () => {
+        test.each([
+            [6, 6],
+            [8, 8],
+            ['6', 6],
+            ['8', 8]
+        ])('returns %s when tokenLength is %s', (tokenLength, expected) => {
+            expect(validateOtpTokenLength(tokenLength)).toBe(expected)
+        })
+
+        test('returns default when tokenLength is undefined', () => {
+            expect(validateOtpTokenLength(undefined)).toBe(DEFAULT_OTP_TOKEN_LENGTH)
+        })
+    })
+
+    describe('invalid values', () => {
+        test.each([7, '7', 'abc', null, 0, '', true, false])(
+            'throws error when tokenLength is "%s"',
+            (tokenLength) => {
+                expect(() => validateOtpTokenLength(tokenLength)).toThrow(
+                    new RegExp(`Invalid OTP token length: ${tokenLength}. Valid values are 6 or 8`)
+                )
+            }
+        )
+    })
+})
diff --git a/packages/template-retail-react-app/package.json b/packages/template-retail-react-app/package.json
index 790745410d..d6ee9bbf89 100644
--- a/packages/template-retail-react-app/package.json
+++ b/packages/template-retail-react-app/package.json
@@ -101,7 +101,7 @@
   "bundlesize": [
     {
       "path": "build/main.js",
-      "maxSize": "88 kB"
+      "maxSize": "89 kB"
     },
     {
       "path": "build/vendor.js",