Smart 2FA Overview
Introduction
The Restcomm Smart 2FA application provides an intuitive out-of-the-box omni-channel smart 2FA solution that communications service providers (CSPs) can rebrand to offer to their enterprise and small-to-medium sized business customers.
What is 2FA?
2FA helps organizations protect user accounts and verify the identity of online users. For example, companies like WhatsApp have built their empire of over 1 billion users on top of 2FA as a method for verifying user identity using SMS. Many other popular companies have followed the same method in their user sign-up process. These include Oracle Cloud, Expedia, SAP, Bank Of America, Amex, Uber, Microsoft, Apple, Airbnb, and many more.
Enhanced Security with 2FA
Today, almost every popular application relies on 2FA as the best method to verify user identity when signing up or logging into an application online. According to a recent report by Google, NYU, and the University of California San Diego, receiving a secondary SMS code blocked 100 percent of automated attacks, 96 percent of bulk phishing attacks, and most direct, targeted attacks.
How 2FA Works?
User enters Enterprise application
User visits Enterprise website or mobile app and attempts to log into his account, authorize a transaction, or perform another action that requires two-factor authentication from a new device. Enterprise Application will have a user profile including Mobile Number.
PIN code is sent to the user via SMS, phone call or email depending on API called
Once the user enters a valid phone number, from Enterprise application, the developer will need to ask Restcomm 2FA to send a verification code to that phone number by using the HTTP REST API Call.
Verification of 2FA Code
Once the user receives 2FA code, they will try to authenticate by entering same to Enterprise App. The enterprise application developer will need to pass the same 2FA Code also known as One Time Password (OTP) back to Restcomm 2FA. Restcomm 2FA will verify the code and provide appropriate response.
Flexible, Dependable 2FA
The flexibility of using any channel (SMS, voice, email) makes sure your users get the OTP even when they experience issues with one of the channels. For example, if the user doesn’t get the OTP on their handset due to issues like “storage full,” the Smart 2FA can send the OTP via email or via a voice call in hundreds of languages using a text-to-speech (TTS) engine.
For over a decade, enterprises depended on over-the-top (OTT) players and their APIs to easily integrate 2FA into service offerings. The reason for this was because most CSPs do not offer APIs directly to the enterprise. With Telestax Smart 2FA we make it easy and straightforward for CSPs to provide their enterprise customers with branded APIs and developer documentation.
This is great news for enterprise customers as well, including popular ones like Microsoft, Facebook, and more. When CSPs offer 2FA APIs directly to companies, this will enable them to have better cost, higher delivery rate, faster support when an incident happens, and that results in more signups, more revenue, fewer tickets, and better overall customer experience.
Smart 2FA for Communications Service Providers - 5 Distinct Advantages
-
BYOC – Bring-your-own-carrier (BYOC) to reduce costs and enable better delivery rates. The CSP is able to control routing from their existing core softswitch / SMSC to quickly address delivery or routing issues.
-
Simple API – Simple APIs to Send OTP via various channels including SMS, voice, or email.
-
Control API – Control APIs like canceling existing OTP (while it is still active) to resend a new one. Or keep an old OTP active for a period of time while a new one is also sent. Many times there are network delays and users receive the first OTP after a delay while the system would have already generated a second OTP. In that case, allowing both the OTPs offers more options for users.
-
Rich API Set – Rich API set allows users to select any language for voice calls via text-to-speech (TTS) with support for engines like VoiceRSS, Acapella, Amazon Poly, and Google Text-to-Speech.
-
Intuitive Console – Allows users to view usage reports by day, month, or year and search using filter criteria like country code, channel, delivery status, and more.