Two Factor Authentication

Two-Factor Authentication

Fortytwo’s Two-Factor Authentication (2FA) API allows you to add an additional layer of security to your users’ login credentials and limits the risk of fraudulent access to your website.

Using our API, you can verify the identity of your users by sending them a one-time password (OTP) and asking the user to confirm back the code received, ensuring that the user is the true holder of an account.

What is Two-Factor Authentication?

2FA is a deceptively simple security process which is used to confirm the identity of an authorised user, involving a combination of any two of the following identifiers:

Something the user knows
password or PIN
Something the user has
mobile phone, token or smart code
Something the user is
biometrics, such as a fingerprint

In the case of Fortytwo’s 2FA solution – following the initial login with their username and password (something they know) – the user receives a verification code which is sent via SMS directly to their mobile phone (something they own) allowing users to verify their identity. The benefits for a company are two-fold, as 2FA not only validates the user’s identity, but also adds a secondary layer of security to the user’s account.

What is 2FA ?

Why 2FA ?

Why use Two-Factor Authentication?

With advances in technology, the simplest form of authentication combining both a username and password, may no longer protect your more sensitive resources. Your client’s passwords can be stolen or compromised through hacking techniques including phishing, keystroke logging and brute force.

Inadequate security may not only negatively affect your business, but can also put your clients at risk of unauthorised use of their personal online accounts, fraudulent payment transactions or undesired access to their bank account information.

By simply adding an additional layer of security to an existing login process, Fortytwo’s 2FA API significantly reduces the possibility of unauthorised individuals acquiring your client’s personal login details and compromising their accounts.

How does it work?

Fortytwo’s 2FA messaging solution generates dynamic one-time passwords (OTPs) to accurately authenticate users using a mobile phone.

Your website captures the user’s credentials.
Your website sends an authentication request to Fortytwo through our API which specifies the user’s pre-registered mobile phone number.
Fortytwo process the request and send a one-time password to the user’s number via SMS.
Your website prompts the user to input the code, triggering a validation request to Fortytwo.
Fortytwo check the validity of the code and return a valid or invalid response.

Hows does 2FA work?

Fortytwo’s API

Our API supports the following user-configurable parameters:

Mobile phone number to deliver the 2FA code
Verification code complexity and length
Call-back URL for delivery reports
Configurable Sender ID per request
Transaction ID per authentication request

Verification Code

A unique one-time code is sent to the users mobile phone which is either numeric, alpha or alphanumeric. As a client you can choose the character length and case sensitivity of the code as required. The code will automatically default to 6 digits if particular requirements are not defined. As an additional level of security, codes automatically expire within 5 minutes if they are not validated.