Meet Verify: Our new API for Two Factor Authentication

The Telnyx team is excited to announce the beta launch of our newest product — Verify API. Verify was created to deliver easy two-factor authentication (2FA) using messaging and voice — all through a simple API and self service platform.

Our developer-friendly API makes it easy to build and automate two factor authentication flows to help authorized customers log on to accounts, verify transactions or confirm account changes with an extra layer of security. Before we take a deep dive into the product features, let’s talk about what two factor authentication is and its relevance to today’s world.

Two Factor Authentication: What is it?

Authentication is a means of verifying one’s identity, or confirming that someone really is who they claim to be. Two factor authentication is a method of establishing access to an online destination, by requiring users to provide two different types of information. The factors, or types of information, fall under three categories: something you know, something you have, and something you are.

Here are some examples of each factor:

• Something you know: Username, password, answer to a security question
• Something you have: A physical device, such as a phone, laptop or SIM
• Something you are: Biometrics like a fingerprint, a retina or iris scan, voice recognition
  

The most common mode of single factor authentication is the username password pair. With two factor authentication, users need to both provide a password and prove their identity some other way to gain access. Mobile device based authentication methods, allows businesses to send a time expiring one time password via SMS or voice. This is what the Telnyx Verify API provides. In this case, the OTP is of a different factor of information than the username and password combination, fulfilling the two factor authentication requirement.

Two Factor Authentication: How Necessary is it?

So, you might be thinking, “All of this makes sense, but is two factor authentication really necessary?” To give you the short answer: Absolutely. If you consider a username and password combination to be enough to safeguard your account, then consider these stats:

• 90% of passwords can be cracked in less than six hours.
• Two-thirds of people use the same password everywhere.
• Sophisticated cyber attackers have the power to test billions of passwords every second.

Compromised usernames and passwords can lead to unauthorized access, which can lead to fraudulent transactions and data breaches. In the first half of 2020, there were 540 publicly reported data breaches impacting a total of 163,551,023 individuals. On average, data breaches cost businesses $4 million per incident. Adding a second layer of authentication is a necessary step to make transactions and other high risk actions more secure, as well as protecting both your business’s assets and your customers’ privacy.

Global Two Factor Authentication Market

Research in the information security space has shown that the global market for vtwo factor authentication will be expanding at 17.28% CAGR between 2018 and 2024, with a valuation of 8.98 billion dollars by the end of the forecast period. Specifically, the market for one time passwords is expected to grow from 1.54 billion dollars in 2018 to 3.26 billion by 2024. Among other factors, the popularity and growth of this technology is due to a growing awareness regarding the importance of protecting and limiting access to individual and corporate information.

Verify API Pricing

A business’s needs for two factor authentication OTPs can vary based on size, customer base, and the number of logins or transaction confirmations that occur in a month. Due to this variability, it’s important to choose a two factor authentication solution with a flexible pricing model so that your organization can easily scale up or down based on use case, volume, and needs. Another thing to keep in mind is the total cost of ownership for a two factor authentication solution, and whether it provides upfront value to your organization and customers, or if there are hidden costs and drawbacks.

Telnyx Verify API for Next Generation Two Factor Authentication

We built Telnyx Verify to empower developers to build compliant, scalable two factor authentication solutions with minimal resources. Our robust developer documentation and API reference make it easy to get started with Verify in just two simple steps. Our built-in features make it possible to deploy and provision OTPs quickly, so that you can gain visibility into digital environments and immediately start reducing risks to security. Some of these features include:

• Reliable authentication channels: we offer reliable messaging for scalable OTP delivery and crystal clear calling on our global, private IP network which bypasses the public internet.
• Analytics: client based DLRs give detailed insight into how customers interact with your messages.
• Verified sender IDs: our fully owned inventory of numbers makes it possible to choose from short codes, long codes, and alphanumeric sender ID.
• Automatic time expiration: OTPs sent on our platform automatically expire after a given time period.
• Easy-to-use platform: get complete visibility and granular level insight of your messaging or calling activity via our portal or API.
• Flexible pay-as-you-go pricing: Verify API pricing scales as your business needs grow.

What can I Build with Telnyx Verify API?

The world of internet security can be hard to navigate, and two factor authentication best practices can sometimes be industry specific. But overall, cyber security is a concern for all. In fact a risk index by Travelers, based on a study conducted by Hart Research of 1,200 American businesses, found that it was the top concern for businesses in 2019 across several industries and regardless of size. 75% of study respondents agreed that the proper preventative measures, such as implementing an effective two factor authentication solution, are "critical to the well-being of a business."

Here’s a few examples of how text and voice based OTPs can be applied to everyday business operations.

• Secure Login requests Username and password combinations are not enough to ensure secure login requests. Incorporating SMS or Voice authentication into any login sequence helps to keep out any unauthorized users into accessing and entering guarded digital environments.

• Device Authentication There are other forms of proving your identity with “what you have,” through hardware like SIM cards and USBs. However, mobile devices are ubiquitous, making OTP via SMS or Voice the most effective way to accomplish this goal.

• Confirm Account Changes Requiring customers to enter one-time passwords sent by SMS or Voice before they make high value purchases, transactions, or drastic changes to account settings, can help reduce the risk of fraudulent activity.

Industry Specific Use Cases

Let’s take a look at how industry leaders are using mobile device based two factor authentication to implement preventative security measures.

E-Commerce and Retail

E-commerce fraud has increased year over year since 2010, with payment card fraud losses incurred by merchants and card holders totaling $9.47 billion in 2018, in the United States alone. These financial burdens include the cost of lost merchandise, shipping and handling on fraudulent orders, and chargeback fees from the issuing bank. Not to mention, these instances can also decrease company reputation and, if severe enough, can result in the loss of merchant accounts.

Thankfully, two factor authentication adds extra layers of security that fraudsters must overcome to break into these systems. Even if they do correctly guess the password and username at login, it is unlikely that they have access to the mobile device with the time expiring OTP. As a result, many online merchants and e-commerce companies are implementing OTPs to confirm e-commerce transactions, or validate buyers and sellers before money transfers. In addition to the immediate benefits, additional security layers also bring shoppers peace of mind which allows them to remain loyal and continue making purchases on the platform.

Healthcare

It goes without saying that patient information is considered highly sensitive, and therefore robust safety measures should be put in place to protect access to this information at all costs. The vast amount of sensitive data -- social security numbers, home addresses, date of birth -- collected by healthcare companies make them a major target in cyberattacks. Peter Carlisle, head of EMEA at cloud and data security company Thales eSecurity, warns that cyber-criminals can sell this data, use it for identity theft, fraudulently acquire benefits like Medicaid and Medicare, or obtain prescriptions. In 2015, in a cyber-attack on Anthem, Inc., the largest for-profit managed health care company in the Blue Cross Blue Shield Association, hackers stole 78.8 million patient records.

To combat these high stake risks, many healthcare providers and companies have included two factor authentication into their cyber security strategies, which requires additional authentication to log into online patient portals and databases.

Education

Since the outbreak of the global COVID-19 pandemic, many higher education institutions have moved at least some part of their curriculum to remote learning. Some institutions in states with high outbreaks have even announced full time remote for the entire school year. In the age of digital learning, this means that lectures and discussions have been delivered through online tools like Zoom which, like all other technologies, come with security concerns.

Fortune reported earlier this year on several reports of hacks targeting online Zoom classes, called “zoombombing,” at large institutions like Arizona State University. The problem has become so prevalent that at the end of March, the FBI issued a warning about video conference hijacking and offered steps to mitigate the threat.

These disruptions clearly lower the quality of education and act as barriers to learning, but they also have the potential to escalate into something more dangerous -- at UCLA, a Zoom classroom was hacked and was used to deliver cyber attacks in the form of hate speech and racial slurs.

Following these instances and public pushback to protect its students, many institutions have turned to two factor authentication as a tactic to keep unauthorized users from accessing institutional resources, in order to cultivate a safe online learning environment and protect student information.

Voting and Civic Engagement

As of August 2020, a total of 40 states offer online registration, with one other state (Oklahoma) currently phasing in implementation. Moving voter registration -- the foundation for voting in this country -- online has made civic engagement more accessible for many. However, it has also resurfaced national conversations in the months leading up to a critical election, regarding concerns about the security of voter data and of the registration process at large. In the 2016 election, at least 18 state voter registration databases were scanned by Russian-affiliated cyber actors in 2016; online voter registration websites house millions of records of online voters, and unauthorized access into these systems can result in alteration, or even deletion of critical voter registration data.

Legislators are turning concerns about cybersecurity and voter registration into policy, and in addition to state action, experts are suggesting that two methods of authentication are used to verify the identity of those registering to vote. Many states across the country have adopted these measures, including in Iowa, where Secretary of State Paul Pate put multifactor authentication in place for anyone who accesses the state’s voter registration database.

Getting Started with Telnyx Verify

Our digital landscape has created a need for effective, robust cybersecurity solutions across all industries. Thankfully, Telnyx has made it possible for your organization to achieve its security goals with our Verify API. To get started using our two factor authentication services, simply sign up for an account on our Mission Control Portal and navigate to the Verify API section on the left hand side. Once you’ve done that, follow the steps in this quickstart guide to start using your data.

You’ll find tutorials and product information in our Developer Center, plus complete API reference.

If you have any questions along the way, get in touch with our technical experts via our dedicated developer Slack channel.