Two-factor authentication provides a second layer of security to any type of login by requiring extra information or a physical device for access, in addition to the username and password. 2FA uses a combination of any two of the following identifiers:
Something you know
A unique username and password
Something you have
A mobile phone, token or smart code
Something you are
Biometric fingerprint / voice print / retina scan.
A password is now the weakest link
Passwords aren’t as secure as they used to be and if someone gets a hold of a user’s password, they may be able to compromise the account without any difficulty. Even stronger passwords are at risk of compromise.
2-Factor Authentication solves this problem
Two-factor authentication is one of the best ways to protect against remote attacks such as phishing, brute-force, credential exploitation and other attempts to take over an account. Without the physical device, remote attackers can’t pretend to be the account holder in order to gain unauthorized access.
With advances in technology, the simplest form of authentication combining both a username and password, may no longer protect your more sensitive resources. Your client’s passwords can be stolen or compromised through hacking techniques including phishing, keystroke logging and brute force.
How does Fortytwo’s 2FA work?
Your website captures the user’s credentials, it sends an authentication request to Fortytwo through our API, specifying your user’s mobile phone number.
Fortytwo will process the request and send a one-time verification code or OTP to the given number via SMS.
Your website then prompts the user to input that code, which in turn triggers a validation request to Fortytwo.
Fortytwo will provide a valid or invalid response upon checking the code.
The verification code sent to the user’s mobile phone is a one-time code. The code can either be numeric, alpha or alphanumeric. As a client, you can also choose the character length of the code and if it’s case sensitive. As a default, codes are 6 digits and numeric.
The code is only valid for 5 minutes for each transaction request.
Our API supports the following user-configurable parameters:
Mobile phone number to deliver the 2FA code
Verification code complexity and length
Call-back URL for delivery reports
Configurable Sender ID per request
Transaction ID per authentication request
You will only be charged for the SMS sent, no additional charges apply for this service.
Are you a developer?
Connect to our Two-Factor Authentication Service using the following options! The possibilities are endless.