Two-factor authenticationVerify users by reaching their mobile device with SMS or voice codes: adding a layer of security easily.
CompleteA single API provides the full 2FA solution, from authentication management to message automation, spanning SMS and Voice.
SimpleJust give us a phone number and we’ll take care of the rest. We generate the codes, localise, use the fastest channel available, even fall back from SMS to voice when needed.
ConvenientUnlike other 2FA methods that may require special hardware or an authenticator app, our solution works with any phone number.
Priced flexiblyPay only for successful conversions or per verification request
How two-factor authentication works
Intercept the login
A user logging into an account first confirms their username and password but, to be certain that the user is who they say they are, our Verify API gets involved.
Our Verify API reaches out
We send a one-time code — via SMS, voice or push notification — to the phone associated with that username and password.
The account owner confirms
When the code arrives on the phone belonging to the user associated with the account, the owner keys in the short verification code into the input box presented by the app.
Allow account access
Your app verifies that the entered code matches the code that was sent, confirming that the person attempting to access the account has the phone linked to that account. Your app can then give full access to the user.
Programmable elements used in this solution
It sounds easy, but...
Application complexityBuilding a 2FA mechanism from the ground up is hard. There’s much more to 2FA than sending messages. You have to generate, store and expire secure codes, as well as design and build a system to relate user identities to devices.
One channel is not enoughOnce you’ve obtained a user’s phone number, you want to be able to verify them, no matter the line type. This means you have to detect the line type (mobile or landline) first and then deliver a message via either SMS or voice, depending on the type of device.
Deliverability is criticalBecause the user is in the process of logging in, timeliness of message delivery is critical. Your 2FA solution falls apart if you can’t get the required code to the user within a few seconds.
Development costTo bring 2FA to your mobile app, you may also have to design and build the UI for each device, increasing development time and expense.
Why choose Vonage APIs for two-factor-authentication?
Comprehensive solutionWe designed the Verify API to make it simple to implement. Your application simply gives us a phone number and we take care of the rest. We’ve got you covered for SMS, voice and SMS to voice failover scenarios. We even make sure the messages comply with local regulations so they are not filtered by the carriers. Our comprehensive backend provides secure code and identity management capabilities, all behind a simple to use API.
Highest deliverabilityOur many direct-to-carrier relationships around the world, combined with our proprietary Adaptive Routing algorithm, allow us to work in real-time to find the best routes for your messages. Add to that our Compliance Engine, which knows how and when to deliver messages according to country and carrier requirements and you have the industry’s highest deliverability rates.
Pay only for successWe priced Verify in the way that makes the most sense to you and is easy to ROI -- you pay only one flat fee for successful conversions.
Pre-built user experienceThe Verify SDK for mobile apps includes a customisable user experience framework that lets you build the 2FA UI into your app very quickly. You can implement cross-device logins and specify expiry times to re-authenticate users without building a complex authentication back-end.
"We would not be able to achieve virality without a reliable, scalable phone number authentication solution and we would not have been able to do that without [Vonage APIs] and the Verify API."