FAQ | Authenticate

Utilize tyntec’s FAQs to help solve any issues you may have. Additionally, learn about cloud communications, CPaaS, SMS for business, authentication, and more. If any questions arise while reading, don’t hesitate to contact us.

Why Should I Use SMS for Authentication?

FAQs

Authenticate

Getting Started

Overview

How Can I Create My tyntec 2FA Account?

How Does the 2FA API Work?

Why Should I Use SMS for Authentication?

What Are the Benefits of Using Phone Numbers As a Digital Identifier?

What Usecases Does the 2FA API Support?

What Is the Difference Between 2FA API and tyntec’s OTP SMS API?

Can I Use the 2FA API With Any Number in the World?

How Much Does tyntec’s 2FA API Cost?

Is There a Charge for Additional Verification Attempts?

How Long Does It Take to Verify a Phone Number With tyntec’s Two-factor Authentication Codes?

How Are PIN Codes for 2FA Generated?

What Is the Length of a 2FA PIN Code/ One-time Password?

Can I Provide My Own 2FA Codes?

How Can I Retry a Verification Attempt?

What Is the Validity Period for 2FA API’s PIN Codes?

How Many Times Can a Customer Enter a PIN Code?

Where Can I See the Status of a PIN Code/otp?

How Do I Map the PIN Code/OTP the Customer Enters for the Original Request?

What Should I Do If I Haven’t Received a 2FA PIN Code?

Why Is My 2FA SMS/TTS (Text-to-Speech) Call Not in the Primary Language of the Destination Country?

What Happens If the Line Is Busy or There Is No Answer When Receiving a TTS Call?

How Do I Know Whether TTS or SMS Will Be Used?

Why should I use SMS for authentication?

Perhaps one of the most widely used methods by digital consumer services in digital registration processes, SMS has been at the center of few hacking cases. The SMS “deprecation” (now softened to “restricted” by NIST – National Institute of Standards and Technology in the United States) has led many enterprises to back away from it. Indeed, SMS alone may be vulnerable to man-in-the-middle attacks and one-time password (OTP) interception.

However, there are two main reasons why enterprises stick with SMS:

  • To discontinue email-based authentication or use it as a complement to email.

  • To keep 2FA user-friendly, as using SMS does not require an app download, a smartphone or data connection.

There is no doubt that there are a few issues with SMS in authentication scenarios. However, most people see the use of OTP messages in isolation. When SMS is used as part of a comprehensive verification and authentication solution, the scenario becomes something more positive altogether. For instance:

  • The combined use with context-based solutions, such as phone intelligence to identify suspicious activity — like phone numbers used from locations where fraud is rife.

  • The proactive monitoring of SIM activity to detect potential SS7 attacks, SIM swaps and spoofing.

  • The proactive use of SMS alerts to communicate with users in case suspicious activity has been detected.

  • The provision of contextual information to users within the OTP message, which may include: the company ID, purpose (account access? password reset?), transaction amount and payee information (as required by the Payment Services Directive 2, or PSD2, an EU payment regulation).

In addition, there are a few other best practices that may increase security in two-factor authentication:

  • Messages should be programmed to expire quickly (e.g. 10 minutes)

  • The use of high-quality routes, backed by reliable operator connectivity. In most cases, hackers are able to intercept OTPs from low-quality SMS routes

  • The combination with other authentication methods for use cases that require stronger security, such as push notifications and biometrics.

When used wisely, SMS (and text-to-speech, as a fallback) can step up to higher grades of security, and enable enterprises to combine usability and strong two-factor authentication. SMS is certainly not perfect, but none of the other authentication methods is. To increase security, it is essential to keep the authentication process user-friendly.

Get an overview of most common authentication methods in our Multifactor Authentication Guide.