Take A Multivendor Approach To 2FA

Authentication is a critical business function because it allows organizations to keep their systems safe. Only authorized users should be able to access protected resources, including data and computing services. 

Since computing systems first came online they’ve employed user IDs and passwords to authenticate users, but with today’s powerful systems in the hands of hackers, passwords are easier than ever to crack, potentially leaving systems vulnerable to unauthorized users.

To increase security, organizations often turn to two-factor authentication (2FA), a process that requires users to provide a second form of authorization. That other factor might be something users have (such as a hardware token like a Titan Security Key or Yubikey), something that’s part of them (like a fingerprint, voiceprint, or facial image), or something they know (like the answer to a security question). Many organizations use SMS to get that second factor: Users enter a password and the authentication process sends them a code via SMS that they have to enter in order to get access. This ensures that the person logging in is the person holding the authorized user’s mobile device.

To implement 2FA, businesses integrate their applications with a communications platform — nowadays generally a cloud communications platform, also known as communications platform as a service (CPaaS). These systems provide APIs that developers can add to their applications to integrate sending and receiving text messages for 2FA and many other use cases.

But SMS platforms aren’t bulletproof. Sometimes a CPaaS provider’s messages have trouble getting through to the users that depend on them — and when you’re talking about a critical service like authentication, dropped and delayed text messages are critical failures.

You can make your SMS-based 2FA process more fault-tolerant by taking advantage of a second 2FA provider. That way, if one service fails to deliver, you can quickly switch to the second, which is unlikely to be subject to the same faults. (Disclaimer: Availability of second provider not guaranteed in the event of a global thermonuclear war.)

If you already use a cloud communications platform to power your 2FA process, we suggest you add Plivo as a secondary provider. Plivo offers a 99.99% service-level agreement (SLA) — and earned an overall satisfaction score of 92 on G2’s latest cloud communications report, making us the highest-rated cloud communication platforms on the market.

See for yourself how easy it is to add Plivo to your portfolio of communications tools. Sign up for free today.

comments powered by Disqus