The simplest and most convenient form of two-factor authentication. Also has the option of receiving a one-time password via phone call if the end user only has access to a landline. While newer forms of 2FA are gaining popularity, even the biggest companies still default to SMS verification when resetting passwords (yes, Google, I’m talking about you!).
SMS verification is the ideal solution for verifying users during onboarding and login, verifying phone numbers during checkout, and verifying users during low-value transactions.
Companies with a global user base should definitely consider using SMS for 2FA, especially if they have users in developing countries—remember that only ⅓ of the world’s population have a smartphone.
SMS verification has received some bad publicity over the past few years due to its vulnerability. We agree, SMS 2FA is not ideal for every situation. It’s most suitable for verification during onboarding and during low-value transactions (i.e. fintech, e-commerce), where high-levels of security aren’t as important. Check out the blog post we wrote on this topic.
Straightforward and easy to use
No setup or app download required
Verified phone number tied to user
Not as secure as other forms
User may not always have cell coverage
User not comfortable giving phone number
Authentication apps have become increasingly popular in the last few years. The underlying technology for this style of 2FA is called Time-Based One Time Password (TOTP). Authentication apps are a more secure form of two-factor authentication but require you to download and set up an app, so it’s not suited to every use case.
Does not require cell coverage, just an internet connection
OTP stored on the device itself - it can’t get intercepted or redirected
Difficult to replace if phone gets stolen and you don’t have printed backup codes
Internal clocks can desync between device and service resulting in invalid codes
Physical Authentication Keys
The safest form of two-factor authentication that’s starting to become more popular. A physical authentication key is just a small USB key you put on your keychain. Big companies from the technology and financial sectors are creating a standard known as U2F. With this form of 2FA, whenever you want to log into your account from a new computer, you’ll have to insert the USB key and press a button on it.
A true physical factor
Not widely supported yet
Not all browsers support
Receive a prompt to one of your devices during login. This prompt will indicate that someone (possibly you) is trying to verify. You can then approve or deny the attempt. Some offerings have an estimated location for the login attempt to increase security.
Push notifications have three main advantages over authentication apps:
- Acknowledging the prompt is slightly more convenient than typing in a code.
- Somewhat more resistant to phishing.
- Downloading an app is not always required.
Some solutions don’t require app download
No input required from user
Allows for quicker login
Requires an internet connection
Network-based — can be hacked
The most important thing to remember:
Any form of 2FA is better than no 2FA!
Each form of two-factor authentication has multiple 2FA authentication services. So regardless of what form you choose, look at a couple of different providers and make an informed decision.
If you’re considering SMS 2FA, we’d love to speak with you. There are many 2FA SMS service providers out there, so it can be difficult to choose one. Thankfully, with RingCaptcha, you don’t have to choose one. We’re connected with over ten different providers, both international and region-specific, to ensure your traffic has some of the highest deliverability rates in the industry.
Have questions? Feel free to write to us via our live chat (blue button on bottom right of your screen) or drop us a line — firstname.lastname@example.org. Looking forward to hearing from you!
GET STARTED NOW
Over 1 million fake leads blocked by RingCaptcha and counting!
50 SMS Free Trial • No Credit Card Required