The Octopush SMS API allows you to set up a strong authentication system by SMS very quickly. This type of authentication is also called MFA (Multi Factor Authentication, but also two factor authentication).
The principle is very simple:
- When authenticating a user, you check if he has activated the double authentication.
- You check if they are not already strong-authenticated recently on the same machine (depending on your security policy)
- If there is a need for dual-authentication, you generate a code that you save to the database.
- At the same time, you send it to your user, and redirect them to the double-authentication page.
- The user receives his code by SMS and fills in the double-authentication form
- You check the code typed by the user and the one stored in the database, by checking the number of failed attempts, the maximum time between the sending and the code, etc…
- If everything is ok, you validate their authentication, and can eventually validate :
- their IP
- their machine
- their browser