Upgrade to Pro — share decks privately, control downloads, hide ads and more …

apidays London 2023 - Building Multi-Factor Aut...

apidays
September 21, 2023

apidays London 2023 - Building Multi-Factor Authentication into your applications, Nathaniel Okenwa, Twilio

apidays London 2023 - APIs for Smarter Platforms and Business Processes
September 13 & 14, 2023

Building Multi-Factor Authentication into your applications
Nathaniel Okenwa, Staff Developer Evangelist at Twilio

------

Check out our conferences at https://www.apidays.global/

Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8

Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io

Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/

apidays

September 21, 2023
Tweet

More Decks by apidays

Other Decks in Programming

Transcript

  1. Nathaniel Okenwa Developer Evangelist @ Twilio @ChatterboxCoder Loves: Coding 󰞵/

    MMA 🥊 / Anime 🀄 / Superheroes󰭅󰭄 / Action Movies 🎬
  2. Blade Runner 1982 A blade runner must pursue and terminate

    four replicants who stole a ship in space and have returned to Earth to find their creator.
  3. Sending Your Own OTP Can Be Difficult Additional dev requirements

    Security Gaps Costly in some countries Regulations
  4. SMS Pumping This happens when fraudsters request OTPs over and

    over, in order to generate SMS traffic for which they are incentivised by small local carriers.
  5. Fraud Indicators Conversion behaviour Monitor OTP Conversion Rates Detect Non-Human

    Behaviour Traffic Spikes Spike in Account Activity Country-Specific Spikes Number Prefix (Bulk) Unexpected Destinations Carrier Ranking Maintain Telco Fraud Rank
  6. Alternative Channels WhatsApp Email Already have Phone Number Works over

    WiFi SMS Pumping doesn’t work Strong User Adoption
  7. Silent Network Auth • Relies on secure carrier network technology

    • Not vulnerable to common OTP Phishing/Hijacking • Silent & fast! No end-user friction ✅ 15% increase in conversion ✅ ZERO reported Account Takeover incidents ✅ Keep user’s attention on your app ✅ Save 30 seconds or more during registration and logins
  8. Usability is Imperative When security introduces too much friction. Users

    are more likely to skip or ‘turn off’ these security features.
  9. One solution for all channels “Silent authentication” / biometric authentication

    Verify Verification request Has the request come from browser or mobile? Verification request from Mobile App (Best Case) Verification request from browser, user received a push notification on app with verification code Verification request from browser, if push notifications aren’t enabled, TOTP is used Verification request from browser, but user doesn’t have app installed. User receives the code via SMS, WhatsApp, Email or Phone Call
  10. A complete verification solution SMS Email Voice WhatsApp Silent Network

    Auth Push Authentication TOTP Future Channels WebAuthn (FIDO2) Device Authentication User Registrations & Logins Logins & Transaction Authorization Pre-approved templates Automatic SMS fraud detection Rate limiting Phone numbers, short codes, Alpha ID Route optimization, redundancy, failover Localization & translation Monitoring & reports Global customer support Security & Business Logic
  11. THANK YOU FOR LISTENING!! Do you have any questions? [email protected]

    @ChatterboxCoder CREDITS: This presentation template was created by Slidesgo, including icons by Flaticon and infographics & images by Freepik