Security is always at the forefront of an organization's mind, particularly cybersecurity. It’s not surprising when you consider that Verizon found 95% of security incidents involved stealing credentials from customer devices. In an increasingly mobile world, we’re now exposed to more threats than ever, and to put it bluntly, a password just doesn’t cut it.
Enter two-factor authentication
With that in mind, implementing two or multi-factor authentication is a best practice. Taking two-factor authentication (2FA) as an example, it simply adds a second level of authentication to an account log-in. This is more secure than a standard username and password log-in as it requires double the amount of security information, and thus, is more difficult to hack.
2FA requires users to provide 2 out of three types of credentials before granting them access:
- Something you know, e.g., a PIN, password or pattern
- Something you have, e.g., a bank card, phone or fob
- Something you are, e.g., a biometric (fingerprint/voice)
Using SMS User Authentication
A common approach for some companies is to use SMS User Authentication, which is the use of SMS text messaging to confirm a user’s identity and perform 2FA.
Why? Well, phones are typically more secure than online accounts, and in most cases, they’ll be unaffected if your online accounts are compromised. SMS is a universal technology in many ways as 80% of adults have an SMS-enabled phone. For that reason, SMS is a go-to channel for delivering or confirming two-factor authentication.
In some cases, using SMS user authentication makes more sense than other types of authentication. For example, Twitter made the decision to use SMS to deliver its second layer of authentication, because most of their users are mobile users or have their phone nearby.
How does it work?
Without getting into the technical details, the process of using SMS as a means of user authentication is fairly straightforward. When requested, a one-time password or token will be generated and sent to a number associated with the user attempting to log in or access protected information.
The mobile phone will receive that token and the user then enters it (usually 6 characters long) into the authentication process, and it will either be verified or rejected based on the characters entered.
Additional security best practices to protect your information
Even if you’re planning on using 2FA or Multi-factor authentication, it’s still important to maintain efficient security practices. These can include, but are not limited to:
- Unifying authentication protocols across your entire suite of products and user interactions.
- Contextualizing authentication using user location, network or even device to spot suspicious sign-ins from genuine ones
- Reusing authentication across other processes, such as:
- Password resets
- New devices
- Unusual behavior
- Significant changes to user settings or profiles
Share on Social