As web applications and other digital solutions become more prevalent in everyday life, securing access to these apps against cyber threats becomes more an integral part of their design rather than a separate line of thought.
Global cybercrime costs are expected to grow by 15% per year over the next five years, reaching $10.5 trillion annually by 2025. With data protection taking center stage, it’s no surprise that more and more applications are requiring two-factor authentication (2FA), including SMS as one of the most widespread types of multi-factor authentication (MFA).
2FA is a highly effective way to deliver an additional layer of security by verifying the identity of the user. However, by design, it requires some additional interaction by a human user. This “human element,” as such, may often lead to challenges for automated testing of web applications.
The good news is that Uptrends currently supports a new approach for SMS-based 2FA as part of its transaction monitoring solution. Here’s how it works.
How a standard 2FA scenario works
With standard two-factor authentication, users navigate to the login page of the application and type in their credentials into a text field. This starts the first identification phase of standard 2FA. This action triggers the underlying system to send an SMS message to the user’s mobile phone.
While the user waits for the SMS message on their smartphone, the web app navigates to another page so the user can input a unique code that has been sent to their phone. Typing the code into the text field will complete the second identification phase of 2FA.
If the code input into the web app matches the code sent to the user’s smartphone, the user is officially logged in and can begin using the application for its intended purposes. Users will not be asked for a verification code for as long as they are logged in. Simple and straightforward so far.
Overview of Uptrends solution for SMS-based 2FA
Here’s where things deviate from standard 2FA scenarios by automating the process while also making for better monitoring visibility of applications and end user testing. Rather than using a physical smartphone, Uptrends arranges a virtual phone number from our solutions partner that will be used to receive SMS messages as part of the 2FA process.
One of the steps in the transaction script is to wait for the incoming SMS message. Once received, the number is entered into a specific text field simulating exactly what a user would do, only automatically and seamlessly for a better customer experience.
It’s important to note that Uptrends takes care of the setup stage for creating the transaction behind-the-scenes. Uptrends Support registers new virtual phone numbers in each user profile and manually tests that the SMS communication works reliably.
Once Uptrends Support determines that the setup works as intended — triggering and receiving an SMS message verified by the system — they will build a transaction — typically based on a transaction recording created by using our Transaction Recorder browser plugin.
At this point, the transaction can be put into production, maintained, and updated at will without help from Uptrends Support although technical assistance is always available if requested from the team by customers.
In a climate where web application growth, transaction security, and personal data protection are commanding more and more IT resources in terms of time and money to protect against cyberthreats, traditional authentication measures employing passwords and usernames alone are risky and ineffective.
Two-factor authentication, although not a panacea against today’s ever-evolving security threats, offers an added layer of security that is typically cost-effective and quicker than others to implement. Uptrends support for SMS-based 2FA provides customers with the convenience of using a secure, virtual phone number as part of its Transaction Monitoring solution. Talk to your account manager or get in touch with Uptrends Support to learn more about Transaction Monitoring and SMS-based 2FA.