Multi factor authentication is a rising trend in signup systems and payment procedures, that provides an extra layer of security and reinforces identity verification online.
For many years, passwords have been the main and only authentication factor for web and app applications or signup systems. But passwords reveal some security issues, due to password reuse, hacking or database leaks. This is mainly the reason why other authentication factors are being used to complement passwords.
Discover what types of extra authentication factors you can apply to your methods and how to easily implement them.
What is multi factor authentication (MFA)?
Multi factor authentication is a method both to verify identities and grant access to a certain platform, resting on at least two different pieces of evidence.
On the other hand, it is frequent to talk about two-factor authentication (2FA), when the method that identifies and grants access rests on only two different methods.
Multi factor authentication or two-factor authentication are used both on offline and online contexts, to provide an extra layer of security to users. Nowadays, it is frequent to talk about MFA and 2FA in signup and payment processes.
5 types of multi factor authentication
Frequently, signup processes include passwords as a the main credential, that it is afterwards complemented with other extra factors of authentication. MFA may include a combination of the following systems:
1. Phone verification with OTP
One-time passwords (OTPs) are unique codes linked to a reference. They are sent to the user's phone number, so the user can later on enter the code and continue to following steps.
One-time passwords can consist of a text string or a voice string containing the verification code. The verification code is only valid during a certain amount of time and each code is linked to a determined user, which makes it particularly secure.
Pros and cons of phone verification with OTP
✅ Phone number verification. One-time passwords sent to the user's email is a valid way of verifying users' identity.
✅ Suitable for the visually impaired. Voice strings can reproduce the one-time password in a text or a voice call. This is a suitable option for the visually impaired, and can help you build a more inclusive business.
✅ Suitable for SMS, voice calls or texting apps. Sending OTPs to a phone number offers different sending options. You can choose to send it via SMS, voice call or a texting app, like Telegram. The more choices, the better!
❌ SMS fraud. Duplicating SIM cards is more difficult than hacking an email account, but it is still possible that the phone verifying process gets hurt.
❌ Relies on external factors. Sending SMS or triggering voice calls imply relying on eternal factors, such as broadband coverage. When not available, your user will get the message later on.
2. Email verification with OTP
Email verification with OTPs is a similar system, where the verification code is sent via email to the user's email account. This method verifies the user's email account instead of the their phone number.
Pros and cons of email verification with OTP
✅ Email verification. Email verification with OTPs is a rising practice in signups, since it provides user verification and it's useful to avoid bots or spam accounts.
✅ More economical. It's a fact — sending emails is cheaper than sending SMS. Depending on the volume of OTPs you need to send, you may want to consider this factor.
❌ Email fraud. Email hacks do happen and, if this is the case, the email verification will fail and users will experience fraud.
3. Phone verification with authenticated URLs (or magic links)
Another popular method to use as a complementary authentication system are magic links. Magic links are URLs sent to the user, containing authentication tokens that grant access to the requested site.
Pros and cons of phone verification with magic links
✅ Phone verification. Magic links may be sent via SMS, or messaging platforms, therefore they are a way to verify the user's phone number.
✅ Frictionless method. The difference between just clicking a link or entering several numbers is small but significant. Choosing less friction can translate into better conversion rates.
❌ SMS fraud. Even though this is a pretty secure system, copying SIM cards can cause this auth system to fail.
4. Email verification with auth URLs
Just like with OTPs, authenticated URLs can be used to verify phone numbers or email accounts. Magic links sent via email is a more frequent approach and it has become a very popular method to verify users in two-factor authentication systems or even as the sole authentication system.
Pros and cons of email verification with magic links
✅ Email verification. When sent to the user's email account, magic links are a way to validate the user's email account.
✅ More economic. Sending emails is cheaper than sending SMS, so you may want to consider this option.
✅ Frictionless method. Users simply need to click one link to be verified, authenticated and redirected. Avoiding friction will benefit the user experience and the conversion rates.
❌ Email fraud. If the magic link is sent to a hacked email account, the verification process will be invalid.
5. Hardware authentication methods
Other advanced methods may be combined to obtain a multi factor authentication system are fingerprints or facial recognition.
Some transactions also use hardware authentication methods, or data present on the user's credit card, among many others.
Pros and cons of authentication with hardware methods
✅ The best of both worlds. Combining a digital authentication system with a physical one can be a great idea for certain online platforms, like online banks.
✅ Extra security. Adding methods like fingerprints or facial recognition adds an even more reliable layer of security.
❌ More friction. Some of these methods may add some extra effort for the user: taking pictures and sending them, for instance, add friction to the process.
❌ Not suitable for digital-only business. If your business is fully digital, these authentication methods are not as convenient.
❌ Less economic. As obvious as it may seem, relying on hardware methods implies owning and maintaining the authentication devices, which can be pricey.
How to add multi factor authentication to your signup forms?
Arengu provides different ways to add more authentication systems to your forms. Whether you're looking to reinforce security on your signup forms, lead acquisition channels or payment forms, with Arengu you can build personalized logic to implement multi factor authentication with your preferred methods.
Multifactor authentication templates: Email OTP or SMS OTP form templates
When building your forms and flows, you'll be given the option to start out with a predefined template. Templates target some of the most popular use cases, including email and phone verification forms with OTPs.
Even when choosing a template, you can modify every bit of your form, both on the front side, as well as on the logic side.
Templates include actions with SendGrid and Twilio as email and SMS providers. Still, if you want to use other providers, you can do so by choosing other native actions or integrating your own provider with an HTTP request.
Learn how to build an email verification form with OTP step by step with our guides and tutorials.
Build a multi factor authentication form with personalized logic
Arengu also provides you with all the necessary tools to build your own personalized form, with custom server-side logic. If you want to create a completely tailored form, with your preferred authentication methods, you can do so by starting from scratch and easily adding your preferred actions.
- Create a form
On Forms, easily create a form by dragging and dropping all the fields you need and organize them into different steps, if you wish to have a multi step form.
- Create server-side logic
On Flows, create any logic you need to link it afterwards with the form you created. You can include as many actions as you need and interconnect them to have a dynamic form with intricate logic behind it.
For instance, if you're looking to add extra authentication factors to your systems, you can combine as many methods as you want. Arengu offers native actions to generate and send one-time passwords and magic links.
Learn more on how to create server-side logic for your forms with our tutorial on our blog.
- Connect your flows with the steps of the form
Arengu allows you to connect flows on any stages of your form: before submission, after submission, in between steps... Link your flows wherever you need them to be executed.
- Embed your forms
Copy and paste the two lines of code, including the form ID, wherever you need. You can add your form in as many pages as you need so your user acquisition channels are centralized. This will make you save a considerable amount on time on maintenance and modifications on the form and its logic.
Want to add some extra authentication factors to your signups or payment forms? Try Arengu for free and reinforce your systems!