Jul 12, 2021
How to combine SMS, 电子邮件 and 语音 for multi-factor authentication (MFA)
验证需要的不仅仅是一个密码。
当涉及到认证时,仅靠密码并不足以保证你的企业和客户的安全。
今天的行业标准和法规要求你的企业建立安全机制,保护用户数据和账户。
80%的已知数据泄露是由于薄弱、重复使用或被盗的证书(最后一关)
You’ve adopted an SMS authentication process — the most common, easiest and quickest verification method to implement and distribute to users worldwide.
对于终端用户来说,SMS认证提供了快速、无缝的体验来验证他们的账户。客户和员工都已经习惯于在整个客户旅程中使用短信验证,以便: 1:
create an account
登录
完成交易
对其账户进行修改
While SMS-based authentication can block 100% of automated bots, 96% of bulk phishing attacks and 76% of targeted attacks (谷歌), multi-factor (multi-channel) authentication will strengthen the security across the customer journey to improve conversion rates, prevent fraud and protect your users.
Take your verifications 到 next level with multi-factor authentication (MFA).
利用短信、电子邮件和语音启用强大的多因素认证(MFA),以增加一个保护层。
数据很清楚--使用多个channels 来验证同一用户的身份,可以加强最终用户和企业的安全性。
99%的违规行为可以通过多因素认证来阻止(微软)
Using two-factor authentication (2FA) channels together to implement MFA enables you to protect user data and accounts, helping prevent malicious attempts before they can even start.
Understanding how and when to use SMS, Email or Voice as your preferred authentication channel establishes a more secure verification process without increasing the friction of the customer experience.
如何使用多因素认证来验证你的客户
There are multiple elements that must be considered when selecting a channel for MFA: use case, user preferences, reasons for verification and pricing.
使用案例
需要考虑的事情。
What moment of the user journey do you need to verify the identity of your users? Is that transaction critical?
Is it time sensitive?
Does your user have more time to perform that specific transaction for example like in contact updates?
Can it be done from any device?
最佳做法。
Look for variation across the user journey. Users prefer SMS for mobile applications. Email is normally more user-friendly for web applications or when users don’t have their phone nearby. We suggest testing the following combinations:
Account creation and verification: SMS and Email
Logins: SMS, Voice and Email
Transactions: SMS and Voice
Contact updates: Email
用户偏好
Things to consider:
What is your customer’s preferred way of authentication on your platform?
Which channel has the highest conversion rate?
Does the conversion rate change at different points in the customer journey?
最佳做法。
我们的数据显示,短信仍然是接收OTP代码的首选方式。然而,了解每个客户的首选认证方式的正确方法是分析你的性能报告和日志。
核查的原因
Things to consider:
Are you trying to comply with certain standards or regulations?
Are you trying to protect users' data?
Are you trying to prevent fraud and get a more robust secure solution?
最佳做法。
很可能都是,但确定这些原因将使你能够确定最适合你需求的MFA策略。例如,短信在大多数地方仍然是安全和合规的,但如果SIM卡交换在你的目的地很普遍,就应该考虑电子邮件。
价格
Things to consider:
发送OTP是按交易价格计算的,而且根据目的地的不同而不同--有些国家比其他国家更贵。
最佳做法。
了解每个发送目的地的价格。合适的供应商将帮助您了解每个渠道、目的地和使用案例的最佳价格。此外,它还能让您只对成功的验证进行pay ,以确保您获得最佳投资回报。
ǞǞǞ key is to leverage Email and Voice to improve SMS and vice versa for your authentication process.
将这些channels 结合起来,将为您的企业建立一个更完整的身份验证解决方案:
提高转换率
更多违规行为被阻止
更多真实的用户验证
使用Bird 验证 API 意味着 MFA 在安全性、速度和成本方面都得到了优化
支持ing your MFA authentication is easy with Bird's 验证API.
Bird’s multi-factor authentication platform connects you to enterprise-grade security, compliant worldwide.
Bird 通过了 27001:2013 认证,符合 GDPR 和 PSD2 标准。此外,所有数据在 REST 和传输过程中都进行了加密--采用直接加密的端到端 SMS 连接。
On top of its security, Bird’s SMS platform gives you best-in-class deliverability. Whether you’re sending hundreds or millions of codes, our infrastructure has 250+ direct-to-carrier connections to ensure your SMS is delivered fast and reliably around the world.
Bird’s Email platform powered by SparkPost also connects you to industry-leading security and deliverability trusted to optimally deliver 40% of all commercial emails — that always uses DKIM, SPF and DMARC protocols.
For Voice, Bird’s direct access to over 250 global telcos means your authentication messages are optimized for security and speed.
Use our 数字API to programmatically buy and use local numbers in 140 countries — to easily deploy cost-effective verification where needed.
Bird验证 API 与我们强大的全球基础设施和专门的 MFA 支持相结合,意味着您可以不断优化您的验证流程。