Build the future of communications.
Start Building for Free

Verify posts

  • By Kelley Robinson
    Cómo agregar la autenticación de clientes a Twilio Flex autenticación de clientes en el encabezado de Flex

    La seguridad del centro de llamadas es un punto débil conocido para muchas empresas. Esto se debe a que la mayoría de los centros de llamadas solo identifican y no autentifican realmente a los usuarios cuando llaman.

    La información de identidad suele ser un dato estático, como el número de teléfono o la fecha de nacimiento, cosas que mucha gente sabe sobre mí y sobre usted. La información de identidad suele ser fácil de encontrar o comprar y probablemente no cambia. Con un poco de búsqueda, los hackers pueden utilizar la ingeniería social para eludir la “verificación” común basada en el conocimiento de la identidad de un usuario. La autenticación es la forma de probar la identidad con un factor que puede ser algo que se conoce como una contraseña, algo que se tiene como una clave, o algo que se es como una huella digital.

    Las opciones para autenticar …

    Read More
  • By Aaron Goldsmid
    Treat Genuine Users Like VIPs with Frictionless Authentication Frictionless Authentication Hero

    The average American checks their phone 344 times a day. That’s roughly once every 4 minutes.

    That near-constant and now second-nature interaction has set the bar on experiences that mobile apps have to match - or exceed - if they’re to attract and retain new customers.

    For the customer today, life’s about the destination, not the journey. They’re with you for your product or service, not the sign-up process. Through the customer’s ever-present devices, hundreds if not thousands of businesses constantly compete for their attention. Even a fraction of a delay or a small point of friction in your sign-up process can make the difference between a successful sign-up and a lost customer opportunity. The margins between a great customer experience and an abandoned one are oftentimes fine.

    Business has an abandonment issue

    Businesses know that friction, particularly around identity verification, results in lost and wasted revenue, with 42% …

    Read More
  • By Kelley Robinson
    What is Silent Network Authentication? What is Silent Network Authentication?

    Silent Network Authentication (SNA) is a form of secure consumer authentication to protect end-users, accounts, and transactions without requiring users to wait or leave your app. It uses direct carrier connections to verify possession of a phone number in the background without requiring user input. There are neither 6 digit passcodes nor authenticator app downloads, which also means there is nothing for a fraudster to phish. Because of this, SNA is immune to social engineering while continuing to be a user friendly solution.

    Silent Network Authentication is built on top of the same system that carriers use to authenticate mobile phone calls and data sessions on the network so your business has a high level of assurance for each verified phone number.

    The underlying authentication system is standardized and well trusted but extending this type of authentication to businesses via an API like Verify's Silent Network Authentication channel is relatively …

    Read More
  • By Kelley Robinson
    Twilio VerifyとTwilio Functionsによるサーバーレス電話認証 Serverless Verify

    この記事はTwilioデベロッパーエバンジェリストのKelley Robinsonが執筆したこちらの記事(英語)を日本語化したものです。日本語化作業時点(2022年8月)の状況に合わせて記事内のコードを一部、変更しています。

    セキュリティは誰もが気になる項目でしょう。その中で電話認証はアプリケーションの保護やbotアカウントの防止に役立つ簡単な方法と言えます。そのため、ユーザーの電話番号にワンタイムパスワードを送信して所有番号の検証をするやり方は、製品の登録時や電話番号の初回登録時によく使われる方法です。

    ユーザーの電話番号を確認することで、不正の低減や通知の信頼性を高められます。今回は、TwilioのサーバーレスファンクションとTwilio Verify APIを使用してWebアプリケーションから電話番号を検証する方法を紹介します。

    クイックリンク:

    Twilio Verifyをアプリケーションに追加するための前提条件

    この記事に沿ってコーディングを行う際に必要なもの:

    Twilioコンソールで作成したVerifyサービスのService SID(先頭がVA)を控えておきます。

    Verify Service SID

    Twil …

    Read More
  • By Kelley Robinson
    ユーザーに2要素認証(2FA)の有効化を促す方法 2FA incentivize header

    この記事はデベロッパーエバンジェリストのKelley Robinsonが執筆したこちらの記事(英語)を日本語化したものです。

    2要素認証(2FA)に対応したところで、それを利用することを選択してもらえなければ顧客のセキュリティは強化できません。1つ目の要素(通常はパスワード)が侵害されても、2FAがあればユーザーを守れます。推測しやすいパスワードを使用したり、別のサイトで侵害されているパスワードを再利用したりすると侵害が発生しやすくなります。セキュリティに対する意識が特に高いユーザーであれば、サイトごとに強力なパスワードを使い分けているため、2FAを有効化する必要性を感じない可能性があります。では、侵害を受ける可能性が特に高いユーザーに追加のセキュリティ機能を有効化してもらうにはどうすればよいのでしょうか。

    2019年に2FAについて調査したところ、セキュリティが強化されるのであれば、面倒な2FAを利用してもかまわないと考えているユーザーは、全体のわずか29%にすぎないことが明らかになりました。「誰かが欲しがるような情報は何も持ち合わせていないため、これまで特に心配してきませんでした」とある参加者は述べています。

    セキュリティ研究者のCormac Herley氏は10年程前にユーザーのこのような感情を指摘していました。「攻撃を受けた時にユーザーが失う可能性があるのは、金銭ではなく主に時間です。セキュリティに関するアドバイスを読む時にかかるのも金銭ではなく時間です。」追加のセキュリティ対策を講じることに対してインセンティブをユーザーに提供することにより、時 …

    Read More
  • By Kelley Robinson
    How to do phone verification in Go with Twilio Verify Phone verification in Go with Twilio Verify

    Phone verification is an essential part of the user onboarding process: whenever you collect new contact methods from users you should make sure those are valid. You can also use a similar workflow to authenticate users on an ongoing basis with a one-time passcode (OTP) sent to the user's phone. This is a user-friendly way to do either primary or two-factor authentication (2FA).

    This blog post will show you how to send an SMS OTP in Go using Twilio's Verify API. Best of all, once you implement the code you can send an OTP via WhatsApp, voice calls, and emails with one parameter change.

    This post uses the Twilio Go Helper Library which is currently in Pilot and under active development. If you identify any issues, please open an issue on GitHub. Learn more about support for Pilot products.

    Prerequisites for sending an SMS OTP

    To follow along …

    Read More
  • By Kelley Robinson
    How is Push Authentication different from Push Notifications? How is push authentication different from push notifications

    Push authentication is one of the most secure and user friendly forms of authentication. Instead of typing in a one-time passcode, a user taps "approve" or "deny" (or "yes" or "no") on an authorized mobile device. Twilio Verify offers an SDK to embed push authentication directly into your mobile application, especially useful if you have a large mobile user base.

    Some customers already have a push notification system built and consider using that for delivering authentication. This blog post will outline some of the key differences between push authentication and push notifications and why we recommend an authentication-specific solution.

    login screen with mobile phone showing push authentication challenge

    Why you should use push authentication instead of just push notifications

    Push authentication is more secure than push notifications

    Push authentication relies on public-key infrastructure. Our SDK turns each device into a secure key, making push authentication phishing resistant. A push notification alone doesn't have the same assurance.

    Push authentication …

    Read More
  • By Ashi Garg
    Build a Passwordless Authentication System Using Django, Twilio Verify, and SendGrid Build a Passwordless Authentication System Using Django, Twilio Verify, and SendGrid

    Requiring passwords to sign up for a service has many demerits, such as a high chance of passwords being stolen and requiring users to remember passwords all the time. On the contrary, a passwordless authentication system has many benefits. For instance, it saves users from being a victim of the most common attack—the Brute Force Attack. Additionally, many users have a tendency to use the same password for multiple websites/applications, which then can lead to a Credential Stuffing Attack. A passwordless authentication system helps save users from such an attack as well.

    A passwordless authentication system lets users access the applications by verifying their identity using a secure token, biometric signature or any other secure proof of identity which is not knowledge based or does not require any private information.

    In this tutorial, you will learn how to create a passwordless authentication system using Twilio Verify, SendGrid, …

    Read More
  • By Michael Piccirilli
    Reduce OTP Fraud with Twilio Verify’s Fraud Detection Verify Fraud Detection OTP Hero

    Including additional layers of security in an application’s authentication process is an important step to secure your users’ accounts. One of the most popular two-factor authentication methods is to use one-time passwords (OTP). Twilio offers multiple products to send OTPs such as Programmable Messaging and Verify.

    Fraudsters, however, continue to find novel ways of taking advantage of OTP user flows, resulting in billions of dollars of charges each year at the expense of individual companies. One such method of exploiting OTPs is called SMS Traffic Pumping (otherwise known as SMS Toll Fraud, or Artificially Inflated Traffic). SMS Pumping occurs when fraudsters take advantage of phone number input fields to receive a one-time password, an app download link, or anything else that is used via SMS. The fraudsters send SMS to a set of numbers they control and receive a share of the generated revenue.

    There are a few actions …

    Read More
  • By Kelley Robinson
    How to filter out VoIP numbers before sending an SMS OTP How to filter out VoIP numbers before sending an SMS OTP

    SMS one-time passwords (OTP) are a user-friendly solution for adding additional security to your application. One benefit of using phone numbers is that they're more likely to be associated with a unique user. However, VoIP numbers are often correlated with bots and don't have the same assurance that you're interacting with a real and unique user.

    This blog post will show you how to detect VoIP phone numbers before sending an OTP using the Lookup API's new Line Type Intelligence package.

    Line Type Intelligence is an improvement on an earlier version of carrier Lookup with more line type options and improved global support.

    Prerequisites for detecting line type

    Before you can detect a phone number's line type you'll need a Twilio account for using the Lookup API. Grab your Account SID and Auth Token (found in the Console) and use them in your API requests.

    Determine the line …

    Read More
  • Newer
    Older
    Sign up and start building
    Not ready yet? Talk to an expert.