December 15, 2018
Authentication flow: The better way to verify users
In one of the previous articles, we discussed that account authentication is a very important feature that every website and mobile application with user registration should add these days. Let’s now find out about ways to implement it.
There are many verification solutions, but most of the CPaaS providers offer the option to send a one-time password (OTP) over SMS or Voice. Additionally, you can verify users via Flash Call. It is also advisable to use Phone Number Lookup before you start sending passwords.
While all of these authentication methods are good in their own ways, they have some minor drawbacks as well. Some of them can be too expensive in some countries or the delivery rates of specific operators might not be as high as one would wish.
This leads us only to one logical conclusion: don’t rely on just one option. Use all of them and create a successive verification flow. Even if one of the methods is somehow overpriced or unreliable, there is always another one to back it up. It will help you to reduce costs and offer users a backup solution in case something goes wrong with the first authentication attempt.
At first, you would typically start with Number Lookup to make sure that:
– a given phone number exists
– it is not virtual, premium, or toll-free;
– it is not in the database of spam or fraud numbers;
– it is able to receive SMS (check if number is mobile or landline);
– it is online;
– its country code corresponds to the IP address of the device.
With the help of these valuable phone number insights you can greatly reduce fake users from your app and prevent service abuse. It also helps to filter out suspicious or incorrect numbers so as not to send passwords to them and optimize expenses.
After number validation, you can proceed to the next step: initiate a Flash Call for cost-effective authentication. The client will get a call that they do not need to answer. They then simply use the last 4 digits of an incoming number for verification. The lucky ones with Android devices can just sit back as the application automates the process.
If the latter fails to work, then send an SMS. The customer will receive a text message with a one time code to enter in a special field in the app or on a website – a classic option that, in 2019, causes no user discomfort at all.
Do not forget to provide an extra backup option with voice verification. If the period for entering the OTP sent over SMS times out, do not leave the potential clients unauthenticated. Give them one more chance to access the service by making a call with a password read by robovoice. Voice authentication will also be your only viable method of verifying a landline number or being used by visually impaired people.
By using all the four methods in sequence, you can get rid of fake users and create a successive verification flow. Now the only barrier between you and your customer can be on the client side (such as when they mistype a phone number or the one time code). Even this problem can be addressed with a decent in-app design and UI. Just give clear instructions, enable autofill and ask users to double check the entered info.
With so many options backing up each other, the chances of excessive expenditures and unsuccessful signups are as close to zero as possible. Follow these recommendations, reduce your verification costs and start seeing higher successful authentication rates with automated control of everyone who registers on your app or site.
The order and the number of options does not necessarily have to be as described above. Use and combine the channels as you like. After all, you are the ones who know your target audience best.
However, it is still advisable to have at least one back-up solution; and this recommendation is not just words. More and more applications and sites provide additional verification methods in case the previous one fails to work. So now, it has become a kind of new industry standard. Follow it and pave a way to success.We look forward to seeing you build better apps and services by integrating verification into them. Our support team is always happy to help you create your own successive authentication flow with our powerful APIs and SDKs.Get back