Hacker News new | past | comments | ask | show | jobs | submit login

Another technology to read up on is Silent Network Auth: https://www.twilio.com/blog/silent-network-authentication-sn...

If you operate a mobile app, this allows you to force a data packet over the device’s SIM that the carrier can validate. Platforms like Twilio/Boku have worked with the carriers to provide an API for this.

SMS is completely removed from the process and SMS pumping becomes a non issue.

Another option that could be mentioned in the article is using WhatsApp for OTP delivery. It’s the de facto messaging app in many countries with scketchy carriers, precisely because people don’t enjoy paying 5 cents per SMS.




> using WhatsApp for OTP delivery. It’s the de facto messaging app in many countries with scketchy carriers

I don't think that would go over very well in the less sketchy countries - I know many folks (myself included) who would be up in arms if a service requires WhatsApp just to send an OTP - in that (and any) case I'd prefer 2FA via authenticator apps


author here: these are great ideas, thank you!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: