Level up your Twilio API skills in TwilioQuest, an educational game for Mac, Windows, and Linux. Download Now
Build the future of communications.
Start building for free

2FA posts

  • By Oluyemi Olususi
    Create One-Time Passwords in PHP with Symfony and Twilio's Verify API Create One-Time Passwords in PHP with Symfony and Twilio's Verify API

    As security threats continue to grow and their impacts become ever-more significant, Two-factor Authentication (2FA) is progressively becoming a de facto security standard. As an extra layer of security to the traditional username/email and password combination normally provided by the user(s) of an application, Two-factor authentication works and can be implemented by:

    • Generating and sending a numeric code to the user's mobile device either via SMS, email, or phone call. This is popularly called One-Time Password (OTP) as it is a short-live password that can only be used once during authentication.
    • Using an authenticator app to provide a constantly rotating set of codes that can be used for authentication when needed.
    • Using push authentication where a user responds to a device push notification to either approve or reject an in-application event.

    In this article, I will show you how to generate an OTP and send it to the user via …

    Read More
  • By Darragh O'Connor
    Smishing: SMS Phishing Explained SMS Phishing Explained.png

    With the rise of attacks using familiar everyday tech as vectors, it is important to discuss the difference between a legitimate, bulk SMS and a well-crafted, malicious SMS designed to access your data or use your device for more nefarious actions.

    In this article, we provide an overview of an increasingly common cyber-attack that relies on the common usage of SMS as a platform, SMS phishing, and how it differs from bulk SMS. We’ll walk through examples of SMS phishing, highlight what you should watch out for, and help you recognize legitimate SMS communications.

    What is phishing?

    Phishing is a cyber-attack that disguises common communication platforms, such as email or messaging services, as a weapon. The goal of this attack is to trick the recipient into believing that the message is urgent and something that they want or need.

    Typically, these attacks can include:

    • A request from their bank to …
    Read More
  • By Kelley Robinson
    2要素認証の運用ニーズに対してTwilio Verifyサービスをご提案可能です! Blog header: Migrate from Programmable SMS to Verify JP

    この記事は、デベロッパー エバンジェリストのKelley Robinsonが、こちら(英語)で執筆した記事を日本語化したものです。

    Twilio Verifyは、ワンタイムパスコード(OTP)をSMS/電話/メール/プッシュ/TOTP(Time-based One-Time Password)を介して送信・検証し、ユーザーID認証を行う専用ソリューションです。企業が独自のOTPソリューションを構築する際に、Twilioが提供するProgrammable Messaging APIを、その基盤部分で利用できますが、社内でOTPソリューションを維持管理することは複雑で、多くのリソースを必要とします。特に、メッセージングの市況やコンプライアンス要件が変化し続ける中では、その複雑性はなおさらです。こういった中、多くの企業がTwilio Verifyに移行している背景として、Programmable Messagingと変わらないグローバルな信頼性や、圧倒的な大規模配信性に加えて、以下のような利点があるものと考えています。

    • 規制やコンプライアンス管理: 例 - 米国のA2P 10DLC (application-to-person 10 digit long codeの略)
    • Twilio Verifyの一環として確保済みの送信電話番号プールがサービスに含まれていること (ショートコード、ロングコード、フリーダイヤル、グローバルな英数字の送信者ID*など)
    • Twilio Verifyの一環として最適化されたワールドワイドな配信 (送信元種別やコンプライアンスなどへ …
    Read More
  • By Kelley Robinson
    Best practices for managing retry logic with SMS 2FA best practices for managing retry logic with SMS 2FA

    Humans are impatient creatures, so while SMS verification or two-factor authentication (2FA) codes may come through quickly in most parts of the world, we always recommend building retry buffers into verification workflows. This helps prevent:

    • Accidentally spamming a user with repeated text messages
    • Hitting API rate limits
    • Toll fraud or unnecessary spend

    While the best practices in this post are written with the Twilio Verify API in mind, many apply regardless of your 2FA provider. Combined with other best practices like building an allow list of country codes to verify, these steps can help make sure your user verification workflow is as seamless as possible.

    Launch a demo application with SMS retry best practices

    This project is also available to Quick Deploy on the Twilio Code Exchange -- no code required!

    I built an application that shows off the best practices outlined in this post. The application is quick to …

    Read More
  • By Luís Leão
    Cómo incentivar a los usuarios a activar 2FA Cómo incentivar a los usuarios a activar 2FA

    Ofrecer la autenticación de dos factores (2FA) no ayuda a asegurar a sus clientes si no se suscriben a la función. 2FA ayuda a proteger a los usuarios si el primer factor, generalmente una contraseña, se ve afectado. Es frecuente que se vean afectadas las contraseñas fáciles de adivinar y la reutilización de contraseñas que se vulneran en otro sitio. Es posible que los usuarios más conscientes de la seguridad ya tengan contraseñas seguras y únicas, y es posible que no sea necesario convencerlos de que activen 2FA, pero ¿cómo convence a los usuarios más vulnerables de activar funciones de seguridad adicionales?

    Un estudio del 2019 sobre el uso de 2FA reveló que solo el 29 % de las personas pensó que la inconveniencia de 2FA siempre valía la pena a cambio de seguridad. “No creo que tenga nada que alguien quiera de mí, así que creo que es por …

    Read More
  • By Luís Leão
    Crie a autenticação de dois fatores no Angular com Twilio Authy Crie a autenticação de dois fatores no Angular com Twilio Authy

    A autenticação do usuário é um requisito fundamental para muitos aplicativos do Angular e simplesmente fazer login com ID de usuário e senha é uma segurança cada vez menos adequada. A autenticação de dois fatores (2FA) oferece segurança baseada em dispositivo que é substancialmente mais difícil de invadir, mas criar seu próprio sistema 2FA é um grande desafio. O Twilio Authy facilita a adição da 2FA em aplicativos criados com Angular.

    Esta publicação mostrará como adicionar o Authy no projeto do Angular. Você também aprenderá como melhorar a experiência do usuário e a segurança do app usando o Angular Universal para implementar o processo de login.

    Nesta publicação, iremos:

    • Criar um app básico do Angular com uma página de login
    • Configurar um serviço de proteção de autorização e um serviço de autorização
    • Adicionar a renderização no lado do servidor com o Angular Universal
    • Configurar a autenticação do lado do servidor …
    Read More
  • By Phil Nash
    HTML-Attribute für eine bessere Benutzererfahrung bei der Zwei-Faktor-Authentisierung HTML-Attribute für eine bessere Benutzererfahrung bei der Zwei-Faktor-Authentisierung


    Hallo und Danke fürs Lesen! Dieser Blogpost ist eine Übersetzung von HTML attributes to improve your users' two factor authentication experience. Während wir unsere Übersetzungsprozesse verbessern, würden wir uns über Dein Feedback an help@twilio.com freuen, solltest Du etwas bemerken, was falsch übersetzt wurde. Wir bedanken uns für hilfreiche Beiträge mit Twilio Swag :)

    Es gibt viele Reibungspunkte, die sich auf die Benutzererfahrung bei der Anmeldung auswirken können, vor allem bei der Eingabe eines Codes für die Zwei-Faktor-Authentisierung. Unsere Aufgabe als Entwickler ist es, Anwendungen zu erstellen, die zwar die Kontosicherheit im Auge behalten, aber nicht die Benutzererfahrung beeinträchtigen. Manchmal erscheint es einem aber fast so, als ob sich diese beiden Anforderungen ausschließen.

    In diesem Blog betrachten wir uns das bescheidene <input>-Element und die HTML-Attribute, die zu einer besseren Erfahrung unserer Benutzer bei der Zwei-Faktor-Authentisierung führen können.

    Die Standarderfahrung

    Wenn wir eine Zwei-Faktor-Authentisierung für eine Webanwendung implementieren, vielleicht sogar …

    Read More
  • By Kelley Robinson
    3 Methoden zum Umsetzen der Erfordernisse der starken Kundenauthentifizierung im Rahmen der PSD2 3 Methoden zum Umsetzen der Erfordernisse der starken Kundenauthentifizierung im Rahmen der PSD2


    Hallo und Danke fürs Lesen! Dieser Blogpost ist eine Übersetzung von 3 ways to implement PSD2's strong customer authentication (SCA) requirement. Während wir unsere Übersetzungsprozesse verbessern, würden wir uns über Dein Feedback an help@twilio.com freuen, solltest Du etwas bemerken, was falsch übersetzt wurde. Wir bedanken uns für hilfreiche Beiträge mit Twilio Swag :)

    Die Zweite Zahlungsdiensterichtlinie (PSD2) des Europäischen Parlaments und des Rates erfordert eine starke Kundenauthentifizierung, wenn der Zahler:

    • einen elektronischen Zahlungsvorgang von mehr als 30 € auslöst*
    • online auf sein Zahlungskonto zugreift
    • über einen Fernzugang eine Handlung vornimmt, „die das Risiko eines Betrugs im Zahlungsverkehr oder anderen Missbrauchs birgt“

    Dies gilt für:

    • Unternehmen und/oder Kunden im Europäischen Wirtschaftsraum
    • Online-Transaktionen bzw. Transaktionen ohne Vorlage einer Debit- oder Kreditkarte (CNP, Card not present)

    Ursprünglich sollte die Richtlinie bis zum September 2019 in Kraft treten, aber diese Frist wurde bis zum 31. Dezember 2020 verlängert (die Frist zur Umsetzung der …

    Read More
  • By Luís Leão
    Como usar a API Authy com o Google Authenticator (ou qualquer app autenticador compatível) Como usar a API Authy com o Google Authenticator (ou qualquer app autenticador compatível)

    TOTP, ou Time-based One-time Password (senha de uso único), é uma maneira de gerar tokens de autenticação de curta duração que são comumente usados para autenticação de dois fatores (2FA). O algoritmo de TOTP é definido no RFC 6238, o que significa que o padrão aberto pode ser implementado de forma compatível em vários aplicativos. Você pode estar familiarizado com a TOTP de aplicativos como o Authy ou o Google Authenticator, mas há muitas outras opções, incluindo o Duo e o Microsoft Authenticator.

    Fazer com que os usuários habilitem a 2FA é metade da batalha para melhorar a segurança da conta. Portanto, recomendo dar flexibilidade aos clientes para que eles escolham o app autenticador de sua preferência.

    A API Authy (conectado a, mas diferente do app Authy) tem como padrão inscrever o usuário no Authy App mas esta publicação mostrará como a API pode permitir que seus clientes usem …

    Read More
  • By Kelley Robinson
    Migrate from Programmable Messaging to Verify Blog header: Migrate from Programmable SMS to Verify

    The Verify API is a purpose-built solution for sending One-Time Passcodes (OTP) for user verification and authentication via SMS, voice, email, push and TOTP. Twilio's Programmable Messaging API provides many businesses with the foundation to build their own OTP solutions. However, maintaining an in-house OTP solution can be complex and resource intensive, especially as the messaging landscape and compliance requirements continue to shift. Many companies are migrating to Verify for the same global reliability and unparalleled delivery at scale as Twilio's programmable messaging with the added benefits of:

    • Regulatory and compliance management, including A2P 10DLC
    • Managed sending phone number pool included, including short codes, long codes, toll free, and global alpha-sender IDs*
    • Managed worldwide delivery such as sender types and compliance on a global scale
    • Stateless API for handling token generation and checking (with an option to bring-your-own code)
    • Templatized OTP message translations in dozens of languages
    • Multi-channel support for …
    Read More
  • Newer
    Older
    Sign up and start building
    Not ready yet? Talk to an expert.