Securing a web business has never been hard as now. As a web business owner or developer, you may have added several mechanisms to combat hacker from stealing passwords. To access a membership site, you probably implemented username and password checking together with several anti-hacker solutions, like checking last ip, checking logs for suspicious activity, etc. But still passwords, shared computers, passwords in e-mail are your weakest part in overall security.
I want to show how you can add more security to your web site, as a general algorithm. In my example, I will point to phone verification, but it’s also possible to do it with reverse phone verification or sms verification.
Your current flow is possibly as this way, providing you a one point to check the user
I do not suggest you to change this flow, it will be same. But I will suggest you to add another step, to get a two factor authentication with otp (One Time Password) tokens, tokens to be announced on the phone:
With this method, you’ll have a real two factor authentication and a second password token that is generated on the fly; cannot be stolen by a third party.
Check out a live Phone Verification Demo at onverify.com. Drop us an e-mail to get ideas, and implementations. We like to hear and help.
Today, I want to discuss One Time Password solution with Phone Verification, definition, benefits and how to implement it with OnVerify.com.
One Time Password is a password that’s valid only for the current session or transaction, by it’s definition. So, rather than asking the same password, your customer needs to enter a password that can be used only once and specific to the transaction he wants to conduct. It helps to solve a couple of problems like
One Time Password adds another security level to the transaction.
On the implementation side, you need to provide One Time Passwords to your customers before they want to do a transaction. One of the solutions is to sending a token generating small device to your customer. But this brings delivery issues with itself, and it’s not immediate.
Another solution is sending the One Time Password via SMS (short text message) to the mobile number on file. OnVerify.com provides worldwide delivery of SMS. It’s suitable if you have the mobile number of the customer. This method has got a high security property. You don’t need to send a device to your customer. It’s immediate. But this method won’t work if you do not have the mobile phone number of the customer.
A %100 working solution would be sending the One Time Password via an automated Phone Verification call. The password is generated on the fly, that’s bound to specific transaction. When your customer wants to login your services, an Automated Phone Verification will be initiated to the phone number on file. When customer picks up the phone, he will hear the password as voice. He needs to enter the password on your system to access and complete a transaction.
For more information how to setup One Time Password with Phone Verification please contact us or send us an email to firstname.lastname@example.org