Fortytwo’s Two-Factor Authentication (2FA) API allows you to add an additional layer of security to your users’ login credentials and limits the risk of fraudulent access to your website.
Using our API, you can verify the identity of your users by sending them a one-time password (OTP) and asking the user to confirm back the code received, ensuring that the user is the true holder of an account.
2FA is a deceptively simple security process which is used to confirm the identity of an authorised user, involving a combination of any two of the following identifiers:
Something the user knows
password or PIN
Something the user has
mobile phone, token or smart code
Something the user is
biometrics, such as a fingerprint
In the case of Fortytwo’s 2FA solution – following the initial login with their username and password (something they know) – the user receives a verification code which is sent via SMS directly to their mobile phone (something they own) allowing users to verify their identity. The benefits for a company are two-fold, as 2FA not only validates the user’s identity, but also adds a secondary layer of security to the user’s account.
With advances in technology, the simplest form of authentication combining both a username and password, may no longer protect your more sensitive resources. Your client’s passwords can be stolen or compromised through hacking techniques including phishing, keystroke logging and brute force.
Inadequate security may not only negatively affect your business, but can also put your clients at risk of unauthorised use of their personal online accounts, fraudulent payment transactions or undesired access to their bank account information.
By simply adding an additional layer of security to an existing login process, Fortytwo’s 2FA API significantly reduces the possibility of unauthorised individuals acquiring your client’s personal login details and compromising their accounts.
Fortytwo’s 2FA messaging solution generates dynamic one-time passwords (OTPs) to accurately authenticate users using a mobile phone.
Our API supports the following user-configurable parameters:
A unique one-time code is sent to the users mobile phone which is either numeric, alpha or alphanumeric. As a client you can choose the character length and case sensitivity of the code as required. The code will automatically default to 6 digits if particular requirements are not defined. As an additional level of security, codes automatically expire within 5 minutes if they are not validated.
There are no monthly fees or one time payments required to use this service. Charges only apply for each SMS sent.
SMS technology is widespread and with 6.1 billion mobile phone users worldwide, the majority of the world’s population own a mobile device and can receive an SMS. As a result, high profile gaming companies are capitalising on the ubiquity of SMS and using text messages as their Two-Factor Authentication (2FA) tool of choice.