Choosing what form of 2FA authentication your website or app needs can be difficult. There are four main types of 2FA and below is an overview of each to help you make an informed choice.
The simplest and most convenient form of two-factor authentication. Also has the option of receiving one-time password via phone call if end user only has access to a landline. While newer forms of 2FA are gaining popularity, even the biggest companies still default to SMS verification when resetting passwords (yes, Google, I’m talking about you!).
SMS verification is the ideal solution for verifying users during onboarding and login, verifying phone numbers during checkout, verifying users during low-value transactions.
Companies with a global user base should definitely consider using SMS for 2FA, especially if they have users in developing countries - remember that only ⅓ of the world’s population have a smartphone.
SMS verification has received some bad publicity over the past few years due to its vulnerability. We agree, SMS 2FA is not ideal for every situation. It’s most suitable for verification during onboarding and during low-value transactions (i.e. fintech, e-commerce), where high-levels of security aren’t as important. Check out the blog post we wrote on this topic.
Authentication apps have become increasingly popular of the last few years. The underlying technology for this style of 2FA is called Time-Based One Time Password (TOTP). Authentication apps are a more secure form of two-factor authentication but requires you to download and set up an app, so it’s not suited to every use case.
The safest form of two-factor authentication that’s starting to become more popular. A physical authentication key is just a small USB key you put on your keychain. Big companies from the technology and financial sectors are creating a standard known as U2F. With this form of 2FA, whenever you want to log into your account from a new computer, you’ll have to insert the USB key and press a button on it.
Receive a prompt to one of your devices during login. This prompt will indicate that someone (possibly you) is trying to verify. You can then approve or deny the attempt. Some offerings have an estimated location for the login attempt to increase security.
Push notifications have three main advantages over authentication apps:
Each form of two-factor authentication has multiple 2FA authentication services. So regardless of what form you choose, look at a couple of different providers and make an informed decision.
If you’re considering SMS 2FA, we’d love to speak with you. There are many 2FA SMS service providers out there so it can be difficult to choose one. Thankfully, with RingCaptcha you don’t have to choose one. We’re connected with over ten different providers, both international and region-specific, to ensure your traffic has some of the highest deliverability rates in the industry.
Have questions? Feel free to write to us via our live chat (blue button on bottom right of your screen) or drop us a line - hello@ringcaptcha.com. Looking forward to hearing from you!