Jun 11 / admin

How to add two factor authentication to your web site using phone verification by onverify.com

Securing a web business has never been hard as now. As a web business owner or developer, you may have added several mechanisms to combat hacker from stealing passwords. To access a membership site, you probably implemented username and password checking together with several anti-hacker solutions, like checking last ip, checking logs for suspicious activity, etc. But still passwords, shared computers, passwords in e-mail are your weakest part in overall security.

I want to show how you can add more security to your web site, as a general algorithm. In my example, I will point to phone verification, but it’s also possible to do it with reverse phone verification or sms verification.

Your current flow is possibly as this way, providing you a one point to check the user

  1. Display login form
  2. Get username and password
  3. Check username and password from database
  4. If matches, give access

I do not suggest you to change this flow, it will be same. But I will suggest you to add another step, to get a two factor authentication with otp (One Time Password) tokens, tokens to be announced on the phone:

  1. Display login form
  2. Get username and password
  3. Check username and password from database
  4. If matches, start a phone verification to the number on file
  5. Ask for the “token”/”pin” that’s announced on the phone
  6. Check entered pin
  7. If matches, let the user access

With this method, you’ll have a real two factor authentication and a second password token that is generated on the fly; cannot be stolen by a third party.

Check out a live Phone Verification Demo at onverify.com. Drop us an e-mail to get ideas, and implementations. We like to hear and help.

Leave a Comment

*