Build the future of communications.
Start building for free

verify api posts

  • By Kelley Robinson
    Bonnes pratiques de nouvelle tentative A2F par SMS Bonnes pratiques de nouvelle tentative A2F par SMS

    Les êtres humains sont des créatures impatientes. Ainsi, bien que les codes de vérification SMS ou d'authentification à double facteur (A2F ou 2FA) puissent être rapidement générés dans la plupart des régions du monde, nous recommandons toujours de créer des tampons de nouvelles tentatives dans les workflows de vérification. Cela permet d'éviter :

    • Le spamming accidentel d'un utilisateur avec des messages texte répétés
    • L'atteinte des limites de taux d'API
    • La fraude à la tarification ou les dépenses inutiles

    Les bonnes pratiques de ce post sont rédigées pour l'API Twilio Verify, mais beaucoup d'entre elles s'appliquent indépendamment de votre fournisseur d'A2F. Associées à d'autres bonnes pratiques, comme la création d'une liste d'autorisation des codes de pays à vérifier, ces étapes peuvent vous aider à garantir que votre workflow de vérification utilisateur est aussi fluide que possible.

    Lancer une application de démonstration avec les bonnes pratiques de nouvelle tentative par …

    Read More
  • By Diane Phan
    Build a Site with Flask and Twilio Verify for Users to Upload a File header - Build a Flask Site that Allows Authenticated Users to Upload a File

    When it comes to building a website that allows users to upload files and provide their own input, you need to consider what is necessary to protect not only your users, but your project as well.

    This application incorporates Twilio Verify to generate one-time passcodes for your user to verify their identity and access your app. Verify provides an easy to use form of authentication with passcodes delivered to the user's mobile phone. For even more security, consider implementing two-factor authentication.

    After authenticating the users, you can give them the option to upload an image file through your site and store the files in your project directory.

    In this article, you will learn how to develop a functional website to authenticate your users and protect their identity before allowing them to upload an image file to your directory.

    Tutorial requirements

    • Python 3.6 or newer. If your operating system does not …
    Read More
  • By Kelley Robinson
    Understanding push authentication understanding push authentication

    Push authentication is one of the most secure and easy to use forms of user authentication. When a company issues an authentication challenge, the user only has to tap allow or deny when they receive the push notification on their phone—much easier than typing in a one-time password (OTP).

    push authentication gif showing a user logging in on desktop, receiving a notification on their mobile phone, tapping approve, and the desktop login succeeding.

    Using push authentication means a company can also add useful context about the authentication event. Think of things like payments: instead of just sending a code, the authentication request can include information about the payment like the amount and recipient. Even better, because it's one of the few forms of authentication that lets the user deny an authentication attempt, companies can take advantage of that information to identify real time phishing attacks or other malicious activity.

    Push authentication also uses public key cryptography under the hood to link a single device (like a user's phone) to their identity. That makes it …

    Read More
  • By Kelley Robinson
    Comprendre l'authentification Push Comprendre l'authentification Push

    L’authentification Push est l’une des formes d’authentification utilisateur les plus sécurisées et faciles à utiliser. Lorsqu’une compagnie émet un défi d’authentification, l’utilisateur n’a qu’à appuyer sur allow (autoriser) ou deny (refuser) lorsqu’il reçoit la notification push sur son téléphone - bien plus simple que devoir entrer un mot de passe à usage unique (One-Time Passcode, OTP).

    gif d'authentification push montrant un utilisateur se connectant sur le bureau, recevant une notification sur son téléphone mobile, appuyant sur approuver et la connexion au bureau réussissant.

    Utiliser l’authentification Push signifie qu’une entreprise peut aussi ajouter un contexte utile sur l’évènement d’authentification. Pensez à des actions comme des paiements : au lieu de simplement envoyer un code, la requête d’authentification peut inclure des informations à propos du paiement comme le montant et le bénéficiaire. Encore mieux, parce que c’est l’une des rares formes d’authentification qui laisse l’utilisateur refuser la tentative d’authentification, les compagnies peuvent prendre avantage de cette information pour identifier les attaques de phishing ou autres activités malveillantes.

    L’authentification Push utilise aussi sous le capot une cryptographie de clé publique …

    Read More
  • By Kelley Robinson
    Best practices to secure inbound calls to your contact center Best practices to secure your contact center header

    As companies firm up their website authentication with increased security like two-factor authentication, attackers are flocking to less secure channels like call centers to impersonate their victims and gain access to their accounts. Account takeover (ATO) like this is growing at a staggering rate, up 72% in 2019 according to the 2020 Javelin Identity Fraud Study, "due in large part to technological advancements that have made it easier for criminals to manipulate and socially engineer information". As businesses move more of their operations away from in-person stores in the wake of COVID-19, call center security is more important than ever.

    While ATO is possible on your website, over half of financial services companies said call centers were the primary attack channel for ATO. That's because call center agents are fallible to social engineering, a form of hacking that uses psychological manipulation to bypass security measures guarded by humans. …

    Read More
  • By Kelley Robinson
    Les bonnes pratiques pour sécuriser les appels entrants de votre centre de contact Les bonnes pratiques pour sécuriser les appels entrants de votre centre de contact

    Alors que les entreprises durcissent l’authentification à leurs sites web avec une sécurité accrue comme l’authentification à deux facteurs (A2F), les hackers affluent sur des canaux moins sécurisés comme les centres d’appels en se faisant passer pour leurs victimes et ainsi gagner l’accès à leurs comptes. Les piratages de comptes (account takeover, ATO) comme ceux-là s’expandent a un taux stupéfiant, en hausse de 72% en 2019 selon l’étude Javelin Identity Fraud Study de 2020, qui explique que c’est dû, en majeure partie, aux avancées technologiques qui ont rendu plus facile la manipulation et d’orchestration sociale de l’information”. A l’heure où les entreprises décalent plus de leurs opérations loin des magasins physiques à l’aube du COVID-19, la sécurité des centres d’appels est plus importante que jamais.

    Alors qu’une ATO est possible sur votre site web, plus de la moitié entreprises de services financiers ont dit que les centres d’appels étaient le …

    Read More
  • By Kelley Robinson
    Secure your video conference with one-time passcodes How to protect your video conference with one-time passcodes

    As we dutifully practice social distancing, live video conferencing is increasingly popular. From company meetings to yoga classes and magic shows, traditional in person events are going virtual. But while technology connects us, it also comes with privacy and security risks.

    This post will show you how to add one-time passcode authentication on top of your Twilio Video application to ensure that only registered users are able to access the conference.

    While passwords may help protect against war dialing, they don't guarantee that the people joining the video conference should be allowed to participate. A lot of people are still widely sharing Zoom meeting IDs and passwords.

    One-time passcode authentication is useful for gating:

    • Paid content like workout classes, political fundraisers, or live dating shows.
    • Sensitive content with an access control list (ACL)

    This tutorial will walk you through adding Twilio Verify SMS verification to …

    Read More
  • By Kelley Robinson
    Sécurisez votre visioconférence avec des mots de passe à usage unique (OTP) Sécurisez votre visioconférence avec des mots de passe à usage unique

    Comme on respecte consciencieusement la distanciation sociale, les conférences par vidéo en direct deviennent de plus en plus populaires. Des réunions d’entreprise jusqu’aux cours de yoga, en passant par des spectacles de magie, les événements traditionnels “en personne” passent tous au virtuel. Mais bien que la technologie nous connecte, elle s’accompagne aussi de risques de confidentialité et de sécurité.

    Ce post vous montrera comment ajouter l’authentification de One-Time Passcodes (mots de passe à usage unique = OTP) à votre application Twilio Video pour garantir que seuls les utilisateurs inscrits sont capables d’accéder à la conférence.

    Bien que les mots de passe puissent aider à se protéger du war dialing (la composition intensive de numéro de téléphone), ils ne garantissent pas que les personnes rejoignant la visioconférence sont autorisées à participer. Beaucoup de personnes partagent largement les identifiants et mots de passe des réunions Zoom.

    L'authentification par mots de …

    Read More
  • By Nabeel Saeed
    Alphanumeric Sender IDs For Improved Authentication and User Verification Security AUTHMSG_hdr.png

    When using SMS to verify a phone number or for two-factor authentication, it’s essential that the message successfully gets to the intended user, without delay, in order to maximize conversion. However, there are a lot of variables in ensuring reliable and fast delivery of messages globally. Some routes are faster than others, while certain destinations only allow messages from specific kinds of numbers, and carriers will often filter repeated messages, thinking they’re spam.

    Because configuring efficient and reliable SMS delivery can be complex, and will likely require constant maintenance, Twilio offers two pre-built APIs, Verify and Authy, which spare developers the hassle of trying to making sure your verification and authentication SMS messages get to their intended recipients quickly and consistently.

    As part of our ongoing improvements to these APIs, we are announcing the introduction of AUTHMSG, an Alphanumeric Sender ID, for use in 79 countries, which will further increase …

    Read More
  • By Simon Thorpe
    Authy API Configuration has moved to the Twilio Console WelcomeToTheConsole

    Effective immediately, developers looking for the configuration and settings for the Authy API will find them within two new sections of the Twilio Console at twilio.com/console. Our Two-factor Authentication API (Authy) and our Phone Verification API (Verify) can be found in the “Authy” and “Verify” sections of the Twilio Console respectively.

    Since Twilio acquired Authy back in 2015, The Authy API has been carefully and deeply integrated to take advantage of Twilio’s systems, scale, and expertise. This has improved the deliverability of 2FA and Phone Verification messages and voice calls, and hardened the reliability of our API infrastructure. Leveraging the Twilio Console as a central place for our customers to manage their account security products is another improvement we’re making in the quality of our offerings. With this change, you can get access to the following new features within the Twilio Console.

    • Improved Authy user …
    Read More
  • Newer
    Older
    Sign up and start building
    Not ready yet? Talk to an expert.