Password: SMS. How can a text message become an element of multi-factor authentication?

Companies operating online try various ways to defend themselves against illegal access to their clients’ data. Even a very strong password, created in accordance with the guidelines required by network administrators, may not be the best weapon against online thieves. Then, multi-factor authentication including SMS verification may become the right choice to avoid data leakages.

Data that can be captured while using the internet can lead not only to the loss of accounts on social networks. Worse things happen when the target of thieves is a bank account or sensitive company data. This situation forces companies to implement tools to authenticate the login process in their systems.

Single-factor Verification

A one-factor method is the most popular way to protect your data and accounts with two simple information: a login and password. Another form of unified authentication is biometrics, i.e. fingerprints. This time we will focus on the more complicated way – multi-factor authentication (so-called MFA).

Multi-factor Authentication

The multi-factor authentication (MFA) method involves using at least three elements: something you are (inherence factor), something that you possess (possession factor), something you know (knowledge factor).

In fact, it is possible to use 2, 3, 4 and even 5-elements of authentication. Access to important data requires a minimum of three factors, the diversity of which is shown in the following illustration:


1. Something you know

It can be a typical password or pin should be entered in the appropriate window. The level of security of this kind of factor depends on the length and complexity (use of different types of alphanumeric characters- both 1,2,3 and XyZ).

It is also important to protect and preserve access to your passwords (it is also good not to write them on yellow cards on the monitor).

2. Something you are

The ability to identify faces or read fingerprints is not yet widely used and has already been partially questioned as effective security methods. It turns out that even the fingerprint can be faked, just like you can trick FaceID with a face mask.

3. Something you have

It can be a FlashDrive plugged to a computer, a door opening card or other items that will allow you to authorize your access. But! At the same time, it is going to work with the phone in your pocket! Using the last solution, the user has to pass particular stages and in the end, receives a code via SMS.

In comparison with other methods, this one is easy to implement as banks and tech companies have been using such solutions for a long time. What is also important, choosing this factor ensures that the device will always be close to the user (in his/her pocket/bag).

How to plan data protection?

Current development of technology allows us to implement a security system worthy of the White House, but we should always remember about its usability. The authentication method has to be adapted to the type of protected data and the level of their secrecy. Every regular user will be upset if you force him to go through a 5-steps control so that he can check e-mail.

On the other hand, along with the development of technology, the possibilities of digital robbers also grow. Therefore it is worth taking into account the dangers of hiding in the network, properly secure yourself, but in a useful and intuitive way for the client. From this, among others, the popularity of text messages with code follows.

SMSAPI introduces SMS Authenticator

With reference to the data protection needs, we have prepared a service that will confirm user’s identity with an SMS code sent automatically to his/her mobile phone (using factor “Something that you have” – so-called SMS Verification). You just have to enter the number to be checked and SMSAPI will send the security code and check if it is correct.

SMS Authenticator

If you want to know more details about the brand new SMS verification feature – go here!

The weakest authentication aspect is…

When the login procedure is built of several elements, the certainty that any unauthorized person will be able to get possession of the protected data is almost one hundred percent.

Almost because there is always one weakest link, regardless of method – a user who can inadvertently leave behind traces, bringing digital thieves to the data they are looking for. It is worth to make their operation as difficult as possible, expanding your defense with multi-factor authentication.