Documente Academic
Documente Profesional
Documente Cultură
E-Book
Introduction
With the digital landscape growing every day and
passwords being at the risk of being compromised, it is
the only effective way to thwart hacks and force attacks.
You might have the world’s strongest password with
alphanumeric characters, numbers, and even an
enigmatic hieroglyph, but still be at risk for cyberattack.
2FA is an extra layer of security on your password.
Username
Users have relied on simple attributes like, email to verify their identity in two unique ways before
address, username, phone numbers and a granting them access to a system. The most
password to access their accounts. Come to think common way for this authentication is for a user to
of it, except the password, it is fairly easy to find enter a one time password that gets dynamically
out the rest of the information. A 2 step verification generated and sent via a channel that only the user
is the absolute need of the hour to add a layer of has access to.
security on your existing password. According to cybersecurity market leader
Symantec, 80% of security breaches can be
Two factor authentication solutions require a user avoided by using 2FA.
PH
7 0
#
OT
O
VE
RI
FIE
D
In the 2000s, organizations were enabled with software to authenticate a user. For example, a
infrastructure to enforce two factor authentication code is sent from a software to your email account
in their own ways. Tokens were the predominantly in order for authentication.
used method of two- factor authentication. They
These were the solutions that were available to
were of two types—hardware token and software
large organizations to secure their data. As this
token (also known as hard token and soft token
was not in the interest of the common man, it was
interchangeably).
viewed and thought of as an “extra step to
A hardware token is a device such as a USB stick complicate their lives”.
or a dongle with the security key, that is to be
plugged into the system to allow access. Fortunately, many companies worked on easing
this process and soon two factor authentication
A software token, on the other hand, uses a went from “can have” to “must have” for users.
PASSWORD ACCESS
Is that
you
+ =
Username
Success!
Pros: Cons:
Connectivity
Simple
cell signal needs to be strong to
almost everyone is familiar with SMS
receive the code
Availability Security
every mobile phone is SMS capable SMS text messages can be intercepted
Cost Device
economical to setup and manage mobile device presence is required
to authenticate
Pros: Cons:
Easy Delivery failure
users can receive emails on both their email can go to spam, bounced by
personal computer and mobile phone
server, delivery can be delayed, etc.
Cost
Security
economical to setup and manage
emails are susceptible to hacks
Choice
can give the user additional option to
verify, by clicking a link
Pros: Cons:
Cost Connectivity
inexpensive to setup and manage
cell signal strength is required, and
the device has to be with the user at
Reliability all times.
voice consumes less bandwidth than
data, so this is a fine alternative to
email based verification when mobile
data is not available
How it works
1 2 3
8088919888
Your number is verified
Missed call Verify
Verify
On clicking “verify” Exotel Exotel SDK intercepts the Exotel pings the server
triggers a call to the call and disconnets it after with the information, and
customer’s number. veryfing the user. the number is now verified.
Cost comparison - SMS OTP v/s nOTP Verification duration - SMS OTP v/s nOTP
3 15
2 10
Time
Cost
1 5
0 0
SMS OTP nOTP SMS OTP nOTP
Seamless user experience: The user doesn’t have Control spam registrations, and avoid fake
to wait for the OTP, or enter the code to verify. signups.
Introduce an extra layer of security, without Do away with passwords as users can be
adding complexity to your customers. verified using nOTP every time they log in
OTP via SMS to verify their new OTP via call as a fallback if nOTP to authenticate mobile
customers and vendors on the there is a delay in SMS OTPs to phone recharges made by the
platform. reach the users. vendors for their customers.
A platform with several million In the event that the user failed At 1/3rd the cost of a SMS, nOTP
customers is bound to have a lot to receive the SMS due to is a big hit with just a missed
of duplicate signups. It is network issues, an OTP is sent call received on the vendor’s
imperative to ensure that the via phone call (voice OTPs) to phone verifying their identity.
user is who they claim they are. finish the verification process
An OTP sent to their registered and create a seamless user
phone number validates their experience.
identity.
At Exotel, we have worked in easing 2FA implementation for businesses, while also bearing the customer
comfort in mind. Our powerful authentication solutions are built for speed and scale.
Not every business has the same risk factor or the security needs. So why should you have to choose a “one
size fits all” approach to 2FA? Our robust APIs offer a variety of authentication options such as SMS OTP, OTP
over voice, OTP without SMS (nOTP) to help prioritize your needs accordingly.
Ready to implement 2FA for your business? Schedule a demo to see how it’s done.
SCHEDULE A DEMO