(Dennis Hopper voice) “Pop quiz hotshot : There’s one thing that companies like Google, Facebook, PayPal, Dropbox, Twitter and Salesforce all have in common. What is it? What is it?”

(Love that movie). Anyway, the answer for those that didn’t click on the links or read the title of this post: Mobile Two Factor Authentication.

Given the players involved, pretty obvious that mobile two factor authentication is pretty important. But what’s to know beyond that?

That’s why we’re here. Here’s the A.2.F.A.Q. (answers to frequently asked questions):

Q: What is Mobile Two Factor Authentication? 

A: In a world of web software, online usernames and passwords have become the gateway to everything, from personal information to company-sensitive records, photographs and bank statements. On one hand, awesome, because the internet makes everything accessible from anywhere. On the other, not so awesome, because the internet makes everything accessible from anywhere by people who may not be you.

In order to combat these web hackers, companies have experimented with various forms of authentication, including making password entry requirements more stringent, captchas and more CAPTCHAS. The issue with these solutions is that they still involve the web.

Enter Mobile Two Factor Authentication. By requesting your cell phone number, online software programs like Google and Twitter can text message a code to your phone that you can then enter online to verify your identity as an account holder.

Q: Why Is This Cool? 

A: By introducing a mobile verification process, online software knows a person’s online identity (from the username and password) and that same person’s offline identity (because person has to receive, read and enter a code from his/her phone). Hence, the term “two factor” authentication.

The second factor enhances privacy protection because end users have to simultaneously submit online and offline credentials before accessing account information. So, even if online data is easy to obtain by the most skilled hacker, the offline data presents a much different, more difficult obstacle. And both together? That’s security.

Q: Wow – seems cool. Can you show me a real life example? 

A: Sure – here’s a customer announcement email from Salesforce:

Using Mobile For Two-Factor Authentication

Q: I struggle with small print – any way you can please tell me what this email says in three sentences?

A: You got it: Salesforce decided to change the default option for identify confirmation from email to SMS/text messaging. SMS is better than email for verification because there is less potential for third parties to compromise multiple user devices simultaneously. Customers have to verify their identify via SMS every time they attempt to log in from a unrecognized IP address or device.

Q: So, SMS for mobile two factor verification?  

A: Yes. SMS has become the de-facto method of choice for the mobile two factor authentication for several reasons, namely its singular ease-of-use, ubiquity, speed, accessibility, interactivity and availability.

Q: What are some things companies should keep in mind before launching two factor mobile verification via SMS?  

A: Well, for one you’ll need to understand SMS marketing, as there are a number of technology issues that need ironing out before launch like short codes vs. long codes and proper compliance practices.

Moreover, you’ll need to understand Operational Mobile Alerts. Without grasping some of the intricacies of mobile messaging, companies launching two factor mobile authentication will double or triple their total cost of ownership.

Q: Noted. At a high level what are some of these intricacies?   

A: First and foremost is approaching mobile from a data perspective. Operational SMS, e.g. two factor authentication, serves as an ideal entry point to start tracking what type of mobile communication customers prefer.

Second, user experience. Unless deployed with proper session management and interactivity, two factor authentication could become frustrating for end users (for instance if they cannot access their account due to technical difficulties). Introducing simple mobile-based options like how to request assistance will greatly enhance overall customer satisfaction.

Third is economies of scale. Launching two factor authentication as part of an overall mobile strategy that includes operational and marketing messaging will allow companies to not only increase the size of their mobile customer base, but also reduce their variable messaging costs.

Last but not least, the buy vs. build decision. Blindly deciding to build instead of buy (and vice versa) will lead to slow rollouts and frustrated end users.

Q: Anything else I should keep in mind?    

A: Don’t forget to think through how your customers use your product. Oftentimes online software platforms allow for multiple managers to share the same login and password. Since a text only goes to one phone, two factor authentication might be a point of contention among colleagues. One solution? Send the authentication code to a mobile list of users. That way everyone on the account will be able to access the account and know when it’s being accessed from a un-recognized device or location.

Q: Thanks for the info. What if I have more questions? 

A: Please post them to the comments and we’ll get a conversation going. If you’re without questions but have answers, consider this: should every company use mobile two factor authentication? Why or why not?

Similar Blog Posts You Might Like:
Keys to TCPA Compliance: How Marketers Can Track Reassigned Mobile Numbers

Share This