top of page


The smartest way to safeguard from login vulnerability


Two-Factor Authentication

Two-factor authentication provides a second layer of security to any type of login by requiring extra information or a physical device for access, in addition to the username and password. 2FA uses a combination of any two of the following identifiers:

Something you know

A unique username and password

icons-V4_Phone_2 copy 2.png
Something you have

A mobile phone, token or smart code 

Something you are

Biometric fingerprint / voice print / retina scan.

A password is now the weakest link

Passwords aren’t as secure as they used to be and if someone gets a hold of a user’s password, they may be able to compromise the account without any difficulty. Even stronger passwords are at risk of compromise.

2-Factor Authentication solves this problem

Two-factor authentication is one of the best ways to protect against remote attacks such as phishing, brute-force, credential exploitation and other attempts to take over an account. Without the physical device, remote attackers can’t pretend to be the account holder in order to gain unauthorized access.

Why use
Two-Factor Authentication?

With advances in technology, the simplest form of authentication combining both a username and password, may no longer protect your more sensitive resources. Your client’s passwords can be stolen or compromised through hacking techniques including phishing, keystroke logging and brute force.


How does Fortytwo’s 2FA work?

  • Your website captures the user’s credentials, it sends an authentication request to Fortytwo through our API, specifying your user’s mobile phone number. 


  • Fortytwo will process the request and send a one-time verification code or OTP to the given number via SMS.

  • Your website then prompts the user to input that code, which in turn triggers a validation request to Fortytwo.


  • Fortytwo will provide a valid or invalid response upon checking the code.



Verification Code

The verification code sent to the user’s mobile phone is a one-time code. The code can either be numeric, alpha or alphanumeric. As a client, you can also choose the character length of the code and if it’s case sensitive. As a default, codes are 6 digits and numeric.

The code is only valid for 5 minutes for each transaction request.

Fortytwo’s API

Our API supports the following user-configurable parameters:

  • Mobile phone number to deliver the 2FA code

  • Verification code complexity and length

  • Call-back URL for delivery reports

  • Configurable Sender ID per request

  • Transaction ID per authentication request


You will only be charged for the SMS sent, no additional charges apply for this service.

Are you a developer?

Connect to our Two-Factor Authentication Service using the following options! The possibilities are endless.

Product API

Connect to the Two-Factor Authentication application via API.

SDK & Plugins

You can download our SDKs and Plugins for 2FA. Find us also on Github and Packagist.


FAQs, Acronym Buster, Videos and more support info.

bottom of page