Two-Factor Authentication

Verify users by reaching their mobile device with SMS or voice codes

Try it freeContact Sales
  • Using Nexmo’s SMS API, Grab implemented a phone number-based verification process for new drivers and passengers.
  • Zenly uses Nexmo Verify to confirm its user’s identity, prevent fraudulent sign ups and assign phone numbers to each user.
  • BitQuick significantly decreases fraudulent and illegitimate transactions using Nexmo’s Verify API.
  • RogerVoice enables deaf to make voice calls using Nexmo SMS capabilities to verify inbound numbers.
  • Learn More
  • BlaBlaCar partnered with Nexmo to instantly send SMS pin codes to securely verify new app registrants.
  • Learn More
  • Roadmap relies on Nexmo to enable globally scalable user verification for its travelers.
  • 99.co leverages Nexmo verify to authenticate the phone numbers of new property seeking registrants to ensure agents received high quality, legitimate leads.
  • PinU uses Nexmo Verify SDK to authenticate new users and enable contextual communications for its users.

BENEFITS

Easily add a layer of security

Complete
  • A single API provides the full 2FA solution, from authentication management to message automation, spanning SMS and Voice.
Simple
  • Just give us a phone number and we’ll take care of the rest. We generate the codes, localize, use the fastest channel available, even fall back from SMS to voice when needed.
Convenient
  • Unlike other 2FA methods that may require special hardware or an authenticator app, our solution works with any phone number.
Smartly-priced
  • Pay only for successful conversions or a flat monthly fee for frequent logins.
How it works
Validate the user’s number
Intercept the login
A user logging into an account first confirms their username and password, but to be certain that the user is who they say they are, Nexmo Verify gets involved.
Nexmo Verify reaches out
Nexmo sends a one-time code — via SMS, voice, or push notification — to the phone associated with that username and password.
The account owner confirms
When the code arrives on the phone belonging to the user associated with the account, the owner keys in the short verification code into the input box presented by the app.
Allow account access
Your app verifies that the entered code matches the code that was sent, confirming that the person attempting to access the account has the phone linked to that account. Your app can then give full access to the user.

BUILDING BLOCKS

Programmable elements used in this solution

Verify Control
Verify Check
Verify Request

TUTORIAL

Step-by-step guide to building 2FA

CHALLENGES

It sounds easy, but...

Application complexity
  • Building a 2FA mechanism from the ground up is hard. There’s much more to 2FA than sending messages. You have to generate, store, and expire secure codes, as well as design and build a system to relate user identities to devices.
One channel is not enough
  • Once you’ve obtained a user’s phone number, you want to be able to verify them, no matter the line type. This means you have to first detect the line type (mobile or landline), and then deliver a message via either SMS or voice, depending on the type of device.
Deliverability is critical
  • Because the user is in the process of logging in, timeliness of message delivery is critical. Your 2FA solution falls apart if you can’t get the required code to the user within a few seconds.
Development cost
  • To bring 2FA to your mobile app, you may also have to design and build the UI for each device, increasing development time and expense.

HOW CAN NEXMO HELP?

We would not be able to achieve virality without a reliable, scalable phone number authentication solution, and we would not have been able to do that without Nexmo and the Verify API.
Alexis Bonillo
Co-Founder & COO, Zenly
THE NEXMO EXPERIENCE
Quality, Support, Scalability