Securing a web business has never been hard as now. As a web business owner or developer, you may have added several mechanisms to combat hacker from stealing passwords. To access a membership site, you probably implemented username and password checking together with several anti-hacker solutions, like checking last ip, checking logs for suspicious activity, etc. But still passwords, shared computers, passwords in e-mail are your weakest part in overall security.

I want to show how you can add more security to your web site, as a general algorithm. In my example, I will point to phone verification, but it’s also possible to do it with reverse phone verification or sms verification.

Your current flow is possibly as this way, providing you a one point to check the user

1. Display login form
2. Get username and password
3. Check username and password from database
4. If matches, give access

I do not suggest you to change this flow, it will be same. But I will suggest you to add another step, to get a two factor authentication with otp (One Time Password) tokens, tokens to be announced on the phone:

1. Display login form
2. Get username and password
3. Check username and password from database
4. If matches, start a phone verification to the number on file
5. Ask for the “token”/”pin” that’s announced on the phone
6. Check entered pin
7. If matches, let the user access

With this method, you’ll have a real two factor authentication and a second password token that is generated on the fly; cannot be stolen by a third party.

Check out a live Phone Verification Demo at onverify.com. Drop us an e-mail to get ideas, and implementations. We like to hear and help.