Phone Verification Best Practices
Phone verification is an essential first step in your online relationship with a user. By verifying that a new registree on your website has the device, they claim in his or her possession (and the provided number is accurate) you reduce spam and fraud while signaling your concern for the user's security.
We've come up with some best practices and practical guidelines that can assist you while implementing phone verification. These best practices are also built into our Verify quickstart - we suggest running through it to see some implementation details.
Plan a User Registration Flow
Phone verification is an important first step when signing up a user, but should be considered holistically in your application's registration and usage flow. Checking that a phone number is legitimate, associated with a device, and in possession of a new registrant will cut down on spam sign-ups before you even grant a new user an account.
Suggested User Registration Flow
Our currently suggested signup and usage flow are as follows (only proceed to the next step if the previous step is successful):
Our currently suggested signup and usage flow is as follows (only proceed to the next step if the previous step is successful):
- Use Phone Verification to determine if the user has the device they claim currently in possession.
- If your customer relationship will continue:
- Register the user for continuous Two-factor Authentication usage.
- Require Twilio Two-factor Authentications to protect any combination of log-ins, high-risk operations, and high-value transactions.
Need some help?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd browsing the Twilio tag on Stack Overflow.