Verification is an essential first step in your online relationship with a user. By verifying that a new registree on your website has the device, they claim in his or her possession (and the provided phone number or email is accurate) you reduce spam and fraud while signaling your concern for the user's security.
We've come up with some best practices and practical guidelines that can assist you while implementing user verification. These best practices are also built into our Verify quickstart - we suggest running through it to see some implementation details.
User verification is an important first step when signing up a user, but should be considered holistically in your application's registration and usage flow. Checking that a phone number or email is legitimate, associated with a device, and in possession of a new registrant will cut down on spam sign-ups before you even grant a new user an account.
Our currently suggested signup and usage flow is as follows (only proceed to the next step if the previous step is successful):
- Use Verify to determine if the user has the device they claim currently in possession.
- If your customer relationship will continue:
- Register the user for continuous Two-factor Authentication usage.
- Require Twilio Two-factor Authentications to protect any combination of log-ins, high-risk operations, and high-value transactions.