Mobile app security: 3 reasons for authenticating your users via SMS

Authenticating users via SMS

Another day, another account hacked. As a mobile app developer it might give you pause to think: how is my security looking? Here are three reasons why implementing SMS user authentication would benefit you and your users. 

Passwords are not enough.

Online credentials are becoming more valuable by the day. The RAND report found that Twitter accounts sell for more than credit card details on the black market and predicts that exploitation of social networks and mobile devices are on the increase. Experian shares this view in the 2015 Data Breach Industry Forecast predicting hackers targeting user names and passwords will continue to be a serious security concern in 2015. So if passwords aren't enough because they are too easy to crack or steal, what can we do to make our mobile applications more secure? One solution would be adding an extra layer of security by implementing two-factor authentication.

Tech giants are leading the pack.

Google, Facebook, Twitter and Apple all have implemented optional 2FA to better authenticate users. It's also an integral part of getting a WhatsApp account set up on your mobile phone (as half a billion people around the world have done). This means authenticating users using more than just passwords is a well-known industry standard and should be familiar to your users. 

Cheaper, simpler and implement. 

Authenticating users via SMS is much cheaper than implementing a hardware based solution. Carrying around a physical token is also a hassle and is detrimental to user experience. The users of your app already have a mobile phone available - why not use it? The user experience needs to remain as smooth as possible while still providing the needed security. Consider when you would want to authenticate the users of your mobile application. Is it just with the initial account registration (think WhatsApp registration process) or would you also want to also add the extra layer of security when the user performs a higher risk task?

The answer will depend on the nature of your application and the risks involved. After you've decided when to authenticate, you'll need to choose a software authenticator (Google Authenticator is free to use). Then, sign up for a free Clickatell account. You'll soon be on your way to integrating with our SMS APIs. If you hit a snag, there are real support persons to chat with 24/7.