Nexmo logoIn a mobile-first world, SMS is proving to be one of the most essential tools for businesses. From its critical role in communicating with customers globally to providing top security, this series produced by Nexmo explores key aspects of SMS that many organizations may be unaware of. See all the posts here.


Security is one of the biggest issues on developers’ minds today. When you ask people to store personal or financial information on your app or Web service, safeguarding that information is paramount to protecting your brand, your business and your customers.

That’s why many businesses are having to rethink the traditional user-name-and-password approach to securing customer accounts. The problem with passwords is people forget them. So they choose simple ones that are easy to remember — but also easy for hackers to guess.

But even lengthy passwords, though a deterrent, do not guarantee account protection. Sophisticated Trojan horse malware, unknowingly downloaded by users, can intercept even the most complex passwords. Hackers can also steal passwords from company systems. We hear about these data breaches all too often.

Once hackers get a hold of user account information, they will often use bots to test credentials on different consumer sites, gaining access to bank accounts, games, travel awards and more, according to Gartner. This is why it’s so critical to encourage your customers to use unique passwords on different sites.

So how can you make customer accounts safer? Alternatives to the single password approach include email-based authentication, social network identities, biometrics, various authentication apps and ID tokens. But all those have limitations. Internet access is scanty in some areas of the world, making email unreliable. Social network logins are easy to fake. And secondary devices required by some methods are costly and cumbersome.

A more secure — and practical — password alternative involves sending your users a randomly generated one-time password (OTP) via an SMS text message or a voice call.

OTP works because getting hold of a user’s phone is not easy for a hacker to do. And think about it. Today, a phone number is the ultimate user identifier. It is associated with a single person and people tend to keep their numbers for years. What’s more, SMS and voice calls will work on legacy mobile phones, making OTP effective all over the globe — even in corners of the world where smartphone penetration is still low.

Some single sign-ons use OTP. But more often, OTP is an embodiment of two-factor authentication (2FA), where it is used in conjunction with static passwords. We discussed the different industries that use 2FA. Now let’s talk about where you might use phone-based verification.

Verifying users at login

When users log into accounts, you want to confirm they truly are who they say they are to prevent criminal attacks, data breaches, and account takeovers for malicious activities.

Many email services implement 2FA as an option when a user logs in from a new location or a new device. Google will send a text message with a code to your phone if you log into your account using a computer or device it doesn’t recognize. And, as an example of OTP as a single sign on, Yahoo offers a password-free login by sending users on-demand passwords via SMS the moment they need access.

Resetting passwords

When passwords are forgotten — a fairly regular occurrence since most people have so many passwords to remember — users need a way to reset those passwords quickly and easily. But cyberthieves will also use password reset as an inroad to hacking accounts.

Questions like, “What town were you born in?,” which some sites use for added security at password reset, are easy for hackers to figure out. Phone number verification is a more reliable way of keeping hackers at bay. After a recent data breach, Slack implemented two-factor authentication to reduce future incidents.

Keeping an eye on suspicious activity

When a user makes unusual changes to an account, like adding a new delivery address, or starts making large purchases at odd hours of the day, you want to make sure they are acting on their own behalf. Verifying account changes or large transactions at the moment those occur with an OTP is a good way to stay in front of criminal activity.

YouTube actively uses phone verification to prevent spammers from abusing its system and protect users from abuse. Paypal as well as many other financial services firms use text to verify unusual activities.

Improving call center efficiency

In the past, if you wanted to activate a new credit card or authorize a large purchase on your card, you had to make a phone call and talk to a live person. But now financial services firms are using mobile phones to authenticate users and purchases instead.

Bank of America provides a service called SafePass for additional protection against fraud and identity theft in online and mobile banking. All you have to do is confirm your identity with a single use passcode sent via mobile phone to authorize transactions.

Your customers trust you to protect their data. Securing customer data is no longer simply about risk. It’s becoming a competitive advantage. Phone verification is an easy, affordable way to implement an added layer of security. If your customers aren’t already demanding services like 2FA, it’s time you offered.

Dig deeper — Download the Nexmo whitepaper: Increase Security & Prevent Fraud by Overcoming the Top 7 Phone Verification Challenges.


Sponsored posts are content that has been produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. The content of news stories produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact sales@venturebeat.com.