One of the reasons SMS 2FA is such a popular option is because most people have a mobile device and phone number that can send/receive text messages. It’s convenient, accessible, and quick—all important elements if you want to get users onboard for a security feature.
Newer 2FA iterations, often known as “push” authentication solutions also make use of a mobile device, but somewhat differently—a mobile app that uses an API like Twilio Verify sends a push notification to the user rather than using SMS. When users receive the notification, they simply confirm the action in-app or use a timed one-time-passcode displayed on the screen. Overall, the convenience level of the experience is incredibly similar.
Push verification can also enhance user experience in a few ways: one is offering users information about the confirmation request they’re receiving (location of a log-in attempt, device type, etc), and another is integrating with a brand’s existing mobile app. Both of these can help users identify which verification attempts are genuine and which might be suspicious while building recognition and trust for your business in the process.
As with any solution, there are some security risks to consider when using SMS for 2FA, but it still offers users far more protection than a password alone. Push verification offers a somewhat enhanced level of security thanks to public key cryptography, which ensures codes and verifications can’t be remotely breached from an unfamiliar device. Because they’re integrated into a mobile app, they can also leverage biometric authentication to provide further security.
Another factor to consider with push authentication is data hygiene: you don’t have to rely on collecting and storing a user’s phone number to deliver verifications. Not only does this enable a simpler data management strategy, it gives users greater control over what personal information they want to share with your business.
Push authentication doesn’t rely on the telephony network, which means you don’t need to own an authorized number in order to send verifications, and users won’t face possible SMS delivery problems. In general, this can mean greater reliability and lower, more predictable costs when compared to SMS.
However, carriers are currently rolling out new systems and regulations to help make SMS delivery more secure, trusted, and predictably priced—which will help it remain a viable option for your business.