Problem
Unfortunately, passwords alone are not secure enough. Stolen or cracked passwords give attackers access to sensitive information.
Solution
In addition to requesting the password (secret knowledge), a one-time password, usually a pin, is sent via SMS to the owner of the account (secret possession).
Result
Even if the password has been guessed or stolen, an attacker cannot gain access to the account because he is not in possession of the phone or the stored phone number.
User-friendly 2FA via SMS
Implementing two-factor authentication is always a usability constraint. This is the main reason why you should always offer your customers SMS or a voice call.
The handling of pins sent via SMS is practiced by all age groups and there is no need to install an additional app or go through cumbersome verification procedures.
It is recommended to offer a 2FA app in addition to the SMS and a voice call. The different paths complement each other and also serve as a good fallback solution. For example, an installed 2FA app can also be verified via SMS to spare customers cumbersome activation processes.
The problem of costs
Of course, the SMS also has disadvantages. Thus, costs are incurred for each verification process. Therefore, it is common today to secure only the login from a new system or after the expiration of a certain period of time via SMS. In some cases, only critical processes such as opening a mailbox or an order transaction are secured via SMS.
SMS prices at LOX24 are much better from the beginning. In addition, further costs can be saved by relying on a voice call instead of an SMS.
LOX24’s anti-fraud check is also cheaper than a normal SMS and can thus identify cases when the use of two-factor authentication is particularly recommended. Other operations can be performed without 2FA.
SMS security - SMS spoofing & co
Of course, SMS do not offer absolute protection with two-factor authentication either. A wide variety of attack scenarios are conceivable. Most are very complex or require massive customer misconduct.
However, when weighing up user-friendliness, risk and security, one usually comes to the conclusion that the level of security can be significantly increased by means of SMS without losing the customer with too much security at the same time.
SMS-based 2FA is a popular option because it is relatively easy to set up and use. However, there are some potential usability issues that users should be aware of. For example, if a user loses their phone, they will no longer be able to log into their account unless they have another form of 2FA set up. If a user’s phone is stolen, the thief may be able to access the account if they have the credentials and access to the phone. Overall, SMS-based 2FA is a convenient and effective security measure.
Nevertheless, the level of security should be constantly expanded and, in particular, investments should be made in phishing awareness. With all methods of authentication, phishing is still the biggest issue.
Implementation of 2FA SMS with LOX24
Using LOX24’s API interface, SMS and voice calls can be sent directly to your customers. You only need a single interface for both paths. Our system can distinguish between mobile and landline numbers automatically, but of course you can also send voice calls to mobile numbers.
The only thing you need is an SMS account and you can integrate the interface into your system. You can get a test account here.