You may have heard about Apple’s recent rollout of two-factor authentication (2FA for short) to iMessage and Facetime. If you’re unfamiliar with the term, here’s a simple breakdown: if you’ve ever received a pin code via SMS at to enter for verification, perhaps when registering for a new mobile app or when making an online transaction with your bank, you’ve participated in two-factor authentication (2FA). So, what’s the deal?
A username and password was once all you needed to successfully verify and protect a user, but with numerous warnings of cybercrime on the rise and increasing sophistication of attacks, two-factor authentication has become an essential component in ensuring the legitimacy and identity of your user base.
Two-factor authentication is a two-step verification process by which a user provides two means of identification – the combination of something they know with something they have. The scenario most people have experienced is entering a username and password (this is the “something you know” factor — your password), followed by a unique pin identifier (the “something you have” factor — your smartphone).
Adding a pin or some other measure as a second factor in authentication helps to ensure that a user’s identity can’t be hacked with password alone, providing a much-needed extra layer of security.
With mobile apps, for example, a user will create an account with a username and password and then receive an SMS with a pin that he or she must manually enter. In this case, the pin serves as the second factor for authentication. A cybercriminal would have to have the user’s mobile phone in hand, in addition to the password, to be able to complete the sign in process. Though not a foolproof solution to keep attackers at bay, the second step required of two-factor authentication makes an attack that much more difficult. As a result, two-factor authentication has seen growing interest, usage, and adoption, and has long been the standard of Facebook, Amazon, Google, Twitter, and others. If you’re interested in finding out which companies employ two-factor authentication and how, check out Two-Factor Auth, a site dedicated to sharing just that.
In 2013, researchers found that more than 42,000 apps in Google’s play store were infected with spyware and information-stealing programs. According to AppAnnie, Google Play and the Apple stores have over 2.6 million available apps, which means not only is the competition steep, but establishing your app as a trustworthy and legitimate download is an essential first step in user engagement.
Most apps today setup 2FA by generating a random, unique code for each user and sending that user an SMS on their mobile phone. The user must then enter that code back into the app to verify that, yes, they are who they say they are. There are many providers out there who can help you send SMS from your app, backend, or website.
Most SMS providers will either assign or rent out a short code, a 5- or 6-digit code designed for app-to-person communications, so that your app is equipped to send SMS for user verification. When it comes to high-volume app to person communication, short codes are a best practice in the US.
For SMS solutions, pricing is typically dependent on the countries to which SMS are being sent, and most providers charge per message. Depending on the size of your user base and your plans for growth, sending an SMS to every single user can quickly become a costly endeavor.
Sinch Flash Call User Verification validates user phone numbers without sending SMS, so that you can lower your costs but maintain the level of security required in today’s mobile landscape. Instead of sending SMS to the user number, a call is placed to the user’s device and intercepted before the phone rings. If the number is verified, a callback will be sent and you will be notified of the results.
We’ve got a new tutorial for you! Our resident petrol head Christian Jensen has been on a steep learning curve, hanging out at racetracks and coming up with a really cool way to use SMS to manage signups and… read more
Since 1957, when a five-year-old boy with perfect pitch first phreaked AT&T switches and invented phreaking, phones have been a target for different types of fraud that costs customers and phone companies billions of dollars. However, if you’re using the… read more