Increasing Security with Two-Factor Authentication and RingCentral
Nowadays, web applications handle a lot of user accounts and sensitive data. While most users use apps in legitimate ways, hackers don’t. Hackers are hard at work: They try to steal users’ login credentials by phishing or brute-force attacks. Online services must have some mechanism to control access to sensitive systems and data and to prevent their users’ data from being accessed by hackers who are attempting to steal or have stolen a password.
Password-only solutions are vulnerable because a password can be easily stolen and used without the user’s knowledge. Phishing attacks are especially effective at stealing passwords by having users enter their passwords into fake websites. Brute-force attacks can be used when password hashes are stolen from online services. Passwords are especially prized because they can also be used repeatedly in what is known as a replay attack.
Two-factor authentication (2FA) is one of the best ways to protect against remote attacks such as phishing, brute-force attacks, and other attempts to either take over a user’s account — for instance, resetting a password — or to access high-value information such as a user’s Social Security number.
In the context of authentication security, security solutions are rated by the number of factors they use for authentication, with a factor being one of the following: something you know (e.g., a password); something you have (e.g., a mobile phone); or something you are (a biometric like your face or fingerprint). A 2FA solution is much stronger than a password because it uses two different factors. For example, in the case of a password and a mobile phone, the user must prove they know the password and are in possession of a physical device — the phone. The device itself is hard to duplicate so it dramatically reduces the attack possibility. By contrast, a password-only solution is known as a single-factor-authentication (SFA) solution as it only relies on something the user knows — a password — which can be stolen and used repeatedly, often without the owner’s knowledge.
There are numerous ways to implement 2FA, such as using a hardware device (via SMS or phone call), a hardware token, a software token, or biometric verification. These approaches all have their advantages and disadvantages, but all significantly increase the security of user accounts when implemented.
SMS-based two-factor authentication is inexpensive, easy to implement, and considered very user friendly. This method just requires a service provider with the capability of sending SMS messages, such as RingCentral’s messaging capability. And from a user’s perspective, it requires possession of a mobile phone number for receiving SMS messages.
If you are interested in learning more about using SMS-based 2FA, see our tutorials on implementing SMS-based 2FA using the RingCentral SMS API:
Node.js / JavaScript: https://ringcentral-tutorials.github.io/sms-2fa-nodejs-demo/
PHP: https://ringcentral-tutorials.github.io/sms-2fa-php-demo/
Learn more about our Developer Program here:
