Two-factor authentication or 2FA is the process of authenticating a user with two types of information. These two types of information are generally:
Knowledge: something that you know (such as a password)
Possession: something that you have (such as a security token or mobile phone)
Enabling 2FA provides a higher level of security than authentication methods that depend on single-factor authentication, usually a password. In 2FA, users have to provide their password as well as a One-Time Password sent via SMS to their mobile phones, to access their account.
To enable two-factor authentication, application developers have to maintain a list of users that can access their applications, along with their passwords. They need to have the support to not only generate a One-Time Password, but also store this OTP for a few minutes as the users get ready to enter the password.
SignalWire addresses those needs by providing two APIs that can be added without making any significant changes to the application logic or making any changes to the database structure. The two APIs will:
Generate and send the OTP to a phone number via text or voice.
Verify that the phone number & OTP combination is valid and not expired.
By adding 2FA to your application, you’re providing your users an effective protection against many security threats that target user passwords and accounts. Since now they will need a password and a device that they have in possession to login, it makes their account more secure.
Application developers can enable two-factor authentication for their users with ease and without making any changes to the application logic or database structure.
The API will generate and verify the phone number and OTP combination ensuring deliverability of the OTP via SMS to the phone number
Each verification request costs $0.04 in addition to the cost of sending the OTP via either SMS or a voice call.
To get started, check out our detailed documentation at https://docs.signalwire.com/topics/relay-rest/#resources-multi-factor-authentication
If you don’t already have a SignalWire account, please create one (it's free!) by going to: https://signalwire.com/signup)