What is SMS two-factor authentication (2FA) and why you should add it to your mobile app in 2021

December 15, 2020

App and data security have been a big issue for developers for quite a while now and it is only becoming more important. With millions of applications available online and millions more through the Apple and Google app marketplaces, the hunting grounds for hackers engaged in cybercrime have become massive. If there was ever a time to add two-factor authentication (2FA) to your applications, it is now.

Two-factor authentication (2FA) is an essential first step to securing your mobile application, and if you are not doing this in 2020, you need to start. Using the 46elks API to send one-time passwords to your users is a simple and effective way to increase the security of your IOS, Android and web-based applications. As a developer, it provides you with a smooth way to integrate improved security without needing operator connections or third party software. As a consumer, SMS 2FA is familiar and something most of us have immediate access to.

Get the TLDR version -->here

What is two-factor SMS authentication (2FA)?

SMS Two Factor Authentication (2FA) is a security verification procedure that allows a company to more safely identify their users. The company usually triggers the authentication process when users of their service are logging into their website, software, or mobile application. During the login process, the user provides their mobile number so they can receive a one-time password (OTP), token or other identifier and an SMS is sent to that number. When an OTP is time-limited it is known as TOTP and this type of password offers increased levels of security and decreases the chance that brute force attacks are successful.

Once the user has received their OTP, they can then use this code to log into the service of the company. This process significantly reduces the ability for online data to be compromised as only the user with the linked phone number will be able to access the account at the time.

Flowchart showing how SMS auth works

What are the benefits of SMS 2FA to your mobile app?

2FA provides security and ensures your users are verified

The primary reason we want to use 2FA is to confirm that the person requesting to use our service actually is who they say they are and not someone attempting to gain access to that person’s account. Thus, we need to match information a person may have with the information we have in our system. There are several types of information a person may have that we can use to identify them. Three common ways to view these different types of information are:

  1. Something the user knows (password, PIN, pattern, etc.)
  2. Something the user has (SIM card, one-time password generator, or hardware token)
  3. A biometric property of the user (fingerprint, retina, voice)

By sending an OTP to your users via SMS or a phone call you are utilizing option 2; verifying something the user has (or, more accurately, has just now been given 😊). If this is done in combination with a username and a password, you have successfully implemented two-factor authentication.

Verifying with SMS provides a good customer experience

SMS and phone call authentication provide your users with an experience they are familiar with, and most people have a phone within arms reach. Unique mobile phone usage in Europe was above 85% in 2020. If you are not sending SMS to your customers for authentication (or anything else for that matter), you should be.

But aside from the fact that nearly everyone has a mobile phone, SMS is a technology that we are all familiar with. It behaves similarly on all devices and doesn’t require any extra applications to be installed. Whilst the way you trigger sending SMS and Phone calls from IOS and Android might differ, the outcome will be identical. This ease of use and familiarity is making your customers' lives easier, thus improving their experience with your products and services.

Flarie is a 46elks customer that has over 800,000 active users in their mobile gaming service. Given that users can win real prizes with Flarie, fraudulent accounts and scammers are a real financial concern. Flarie decided to use 46elks to send OTP SMS to their customers and found that not only did it decrease fraud but it also provided added convenience for their users. Read more about Flarie here.

Automate SMS authentication integration with 46elks

Using the 46elks API to add OTP means you can implement authentication processes in the way your team wants them to. Here are the basic building blocks to adding SMS OTP authentication to your mobile app:

  1. Create a 46elks account: Sign up here
  2. Create a database to record the expected OTPs and user information
  3. Create a trigger in your application that does two things:
    • Generate an OTP and add it to the database along with the appropriate user information (and time if necessary)
    • Sends an SMS to the customer with the same OTP using the 46elks API
    
        

  4. Once the user has attempted to enter the password in your application you can assess this entry attempt against the expected OTP in your database
    • If it matches then you can allow entry
    • If it does not match then you can offer reattempts or simply deny the service

These are the basic building blocks and depending on your application you may need to tweak this flow slightly to provide your users with a smooth experience and secure your applications.

Key Takeaways