Home Posts tagged two factor authentication

two factor authentication

All In One Phone Verification Solution by OnVerify

Posted on by No Comments ↓

OnVerify.com announces the complete phone verification solution services. At www.onverify.com, we provide:

1. Phone Verification

This is an automated phone verification call. The pin is announced on the phone. Announced pin needed to be entered on the web form to complete a transaction. This model is used for transaction verification, user verification, two factor authentication, one time password, lead verification.

2. Reverse Phone Verification or Phone Confirmation.

In this automated phone verification call, pin is provided at web site or email but entered on the phone. This model is very useful for confirming online orders with predefined pin/pass, or according to the order number. Order confirmation, user verification, authentication are common uses.

3. Sms / Text Message Verification

Instead of automated phone call, if your users can provide mobile numbers, pin is delivered to the mobile phone as sms text message. The received pin must be entered on web form to complete. This model is very similar to phone verification, so best suitable usages are same. Differences are;

a. Technology. One is phone call, other is text message. On phone call user must listen and note pin. On text message user must read the text.
b. Phone call is an immediate action, where short message delivery may be delayed due to operators.
c. For phone verification, all types of phones can be used. On sms, only mobile phones can be used. On this sense, sms verification may be unsuitable for business type verifications.

4. Call In Phone Verification

Instead of automated call to the number of the customer, the customer has to call a predetermined number from the registered call. The called number can be normal phone line or toll-free. Coupon validation, user authentication, customer verification are common uses.

Mobile Number Verification with Reverse SMS

Posted on by No Comments ↓

OnVerify.com announces today a new service to verify mobile numbers worldwide with a very strong security feature: Reverse SMS Verification.

This verification method works in two-way; an sms is sent to mobile number, and a response required from the mobile number to be verified.

We believe that this method is one of the most secure two factor authentication methods, due to the response required from mobile number in order to complete a transaction.

To summarize the method:

1. A secret pin/token is sent to the mobile number via SMS

2. When receiver gets the SMS he has to reply with the pin/token in the SMS

3. OnVerify gets the reply and compares it with the right pin

4. Authorization takes place

The online demo is available at http://www.onverify.com/reverse-sms-verification-demo

Developer documentation is available in the member area of onverify.com. Account opening is free with OnVerify.com; there is no setup or monthly fee or monthly minimums. Give a test drive today, if it helps you, go ahead with the solution. As you grow, we will grow

How to add two factor authentication to your web site using phone verification by onverify.com

Posted on by No Comments ↓

Securing a web business has never been hard as now. As a web business owner or developer, you may have added several mechanisms to combat hacker from stealing passwords. To access a membership site, you probably implemented username and password checking together with several anti-hacker solutions, like checking last ip, checking logs for suspicious activity, etc. But still passwords, shared computers, passwords in e-mail are your weakest part in overall security.

I want to show how you can add more security to your web site, as a general algorithm. In my example, I will point to phone verification, but it’s also possible to do it with reverse phone verification or sms verification.

Your current flow is possibly as this way, providing you a one point to check the user

  1. Display login form
  2. Get username and password
  3. Check username and password from database
  4. If matches, give access

I do not suggest you to change this flow, it will be same. But I will suggest you to add another step, to get a two factor authentication with otp (One Time Password) tokens, tokens to be announced on the phone:

  1. Display login form
  2. Get username and password
  3. Check username and password from database
  4. If matches, start a phone verification to the number on file
  5. Ask for the “token”/”pin” that’s announced on the phone
  6. Check entered pin
  7. If matches, let the user access

With this method, you’ll have a real two factor authentication and a second password token that is generated on the fly; cannot be stolen by a third party.

Check out a live Phone Verification Demo at onverify.com. Drop us an e-mail to get ideas, and implementations. We like to hear and help.