One glimpse at the headlines and it’s pretty clear that cybercrime is huge right now. And it’s growing, with the Australian Cyber Security Centre (ACSC) citing a 13% increase in reported cyber attacks in the last financial year. No wonder businesses are so focused on boosting their cyber defences.
One of the proven recommended ways to add an extra layer of security is with two-factor authentication (2FA), also known as multi-factor authentication. In fact, it’s one of the key strategies identified by the ACSC for stopping cybercriminals in their tracks.
What is two-factor authentication?
- It’s universal. Any mobile device can receive an OTP in real-time, independent of device and operating system.
- It builds trust and confidence. By showing your customers that you’re doing what you can to protect them, you’ll earn their trust.
- It protects internal information. 2FA isn’t just for your customers. Using 2FA can improve security for important internal documents, files, software, passwords and sensitive information, which helps protect your business from ex-employees or scammers.
- It automates tasks like password resets. Free up your customer service team’s time from pesky ‘password reset’ calls. Instead of customers calling in to verify their identity before resetting a password, set up 2FA to do the job.
And one of the easiest ways to enable 2FA? Using SMS messages to send an OTP.
How does SMS 2FA work?
To illustrate how SMS for two-factor authentication could work in your business, here’s an example of a typical ‘log in’ flow that uses 2FA.
- Enter username and password
First, the customer is prompted to enter their usual login details. This is typically a username and password, but it could also be an email address or phone number. This is the first verification.
- Receive a one-time code
If SMS 2FA is set up, then an OTP is then sent to the customer’s mobile phone via text message. This is a temporary, unique code.
- Enter the 2FA code
Once the customer receives the code, they enter the digits into your login portal and can finish signing in. The whole process adds mere seconds to the login experience—plus a whole lot more security and peace of mind.
Why use SMS for 2FA?
If you were to do a poll of customers, you’d no doubt find that the vast majority rate SMS OTPs as the easiest way to deal with 2FA. Here’s why.
- It’s super convenient. Most people have their phones next to them all day. They don’t want to rely on a backup email, app or (gasp) phone call to prove themselves—particularly when a quick and unobtrusive text message can do the trick.
- Codes are temporary. OTPs are time-sensitive. So, by the time a scammer successfully cracks the code, it’s likely to have expired.
- Guessing leads to lockout. The way 2FA systems work is that, after a certain number of unsuccessful attempts, scammers will be locked out of an account. The real user can be alerted to change their password.
- Easy integration. If you have an existing 2FA solution, it’s easy to integrate MessageMedia’s OTP feature. Check out our Integrations Marketplace.
- It’s safer. SMS is one of the safest choices for 2FA. Other people may have access to your backup email or know the answer to your personalised questions, but it’s unlikely they’ll have your phone in their pocket.