- By Wilson Mazaiwana
- In security
- Posted Dec 17, 2015
I’m sure you can agree with me that the safety and security of your clients’ data on any website or web service is of utmost importance. The safety and security of their data is one thing that they want to be assured of. Unfortunately with the recent news and stories in which people’s passwords have been stolen it has become a more important subject to dwell on. Usually the answer to problems like this is to beef up the security algorithms and method so that even when the passwords are stolen or exposed the thief would not be able to crack the passwords and ultimately have access to your information.
As a web service provider you always hope that the person who has logged in to your service is who they say they are, i.e. the account holder. However, unless you are there in person to witness the login you can never be sure.
Hello 2-factor Authentication
As a web service provider you are always thinking how can I ensure security without compromising the user experience by adding cumbersome complicated steps? The good thing is that there are ways to lessen the chances of another person being an impostor of your client. By sending a text message with an extra code to your client to authenticate them you significantly lessen the chances of someone else accessing your client’s data. Our mobile phones are very personal, and we have them with us almost all the time. This means any impostor cannot login to the service you provide for your client unless if they
- have your client’s mobile phone
- have access to your client’s mobile phone
Whilst this is still possible the chances of an online hacker having your password and also having access to your text messages at the same time are very slim. This means when your clients login to your service they now have 2 different and yet simple paths to authenticate themselves. The first part is authenticating them online via password, the second part of the whole process is sending them a unique random code that only they can access through their phone. This is why it is called 2-factor authentication. This 2-factor process makes sure that:
- The person accessing your service is human
- They have entered the right details to access the account
- They are who they say they are (the account holder)
The advantages of a web service provider having this as their validation process is that they
- Stop impostors who try to login after having access to security details.
- Make the stealing of password of no effect since the password is useless without the person’s phone.
- Makes accessing another person’s phone for unauthorised access of no effect if the online password is not available to them
How does it work?
- Prompt your client for a password as you always do on your web application
- Your system sends a unique random SMS code through our API. Prompt for a random code that they receive on their phone.
The image below is an example of a web application asking for a login password as well as the passcode from the phone of the user.
Image of 2-factor Authentication Login Example
At SMSJuice we provide developer APIs that help with 2-factor authentication. We deliver the SMS code to your clients for the extra layer of authentication. They can either then enter it on your web application to satisfy the access requirements for your web application/service. To get a free trial signup here and get 20 free messages to try out with our developer API.