SMS is the most popular channel for phone number verification and two-factor authentication (2FA). That's because most people can receive text messages and onboarding is seamless. Plus, SMS 2FA works: Google found that SMS 2FA helped block "100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks."
After starting a Verification with SMS, you'll want to validate if the code a user provided was correct with the Verification Check API.
- API Reference
- SMS Phone Verification on CodeExchange
- Send an SMS verification code in 5 minutes
Before sending a recipient’s first Verify SMS verification, you must obtain opt-in consent from the user to receive OTP messages. You must keep a record of this consent and be able to provide it to Twilio on request. For example, you could add a notice in the sign-up flow that indicates to the user that they are requesting OTP messages to be sent to their provided number and then record a timestamp of when the user completed the sign-up flow.
Verify SMS follows the Twilio Messaging Policy, please see the policy for more detailed information on consent and opt-in rules.