Strengths: Full out-of-band two-factor authentication through a user’s mobile phone
Weaknesses: Requires modifying application code to deploy that can be hard for certain customers
Verdict: If you have web developers who can integrate this then it’s well worth looking into
TeleSign 2FA is a full API and SDK that allows an enterprise to integrate two-factor authentication into its existing web applications. It allows administrators to modify their existing web applications to include a drop-down box on the authentication screen from which a user can choose the way of receiving their one-time passcode. Passcodes can be sent to the user either via SMS text message or by phone to a number that has been previously registered. This provides full out-of-band two-factor authentication without the need to purchase additional tokens.
While this product is quite powerful, it is far from plug and play. It is meant as a way to bring two-factor authentication directly into existing web applications through code editing using the TeleSign SDK. However, it can provide an excellent and affordable way to deploy this functionality.
To get this product up and running a developer or programmer must use the provided TeleSign code to modify the code in the specific web application. TeleSign includes sample code as part of the customer package so a programmer has a good base to start from. Once the application has been modified and registered with the TeleSign user portal it is ready for deployment.
Once the application has been deployed users can access it just as they always have but they will now have the option to have a one-time password sent to them either via SMS text or by a phone message. When a user requests their code all communication is handled via TeleSign and the code will be sent directly to the user's device. Once the user has received their passcode they can enter it along with any other authentication options chosen by the administrator to be authenticated.
Documentation included an API reference guide and a few sample workflow documents. We found the API guide to be well organised, with detailed information on how to modify application code to work with the TeleSign 2FA service. This also included many examples of code and detailed explanations. The workflow examples provided were quite helpful in providing a visual demonstration of many common tasks that could be added using the product. Also available were several PDF guides that provided more detail on integrating the product into applications. These included code examples and many screenshots.
TeleSign offers 11/5 and 24/7 support options for customers and they have access to both phone-based and email-based technical assistance, along with a full customer support web portal. Customers use this portal to access documentation, as well as to submit support requests and manage account billing. Unfortunately the company does not provide a knowledgebase at this time.
Pricing for this product is quite reasonable. Customers can pay per transaction or go with a subscription-based plan, with volume discounts available (pricing available on request). We find this product to be very good value for the money overall. TeleSign 2FA provides the ability for any web-based application to be modified for two-factor authentication at a reasonable price. Adding to its value, it does not require the purchase of additional hardware for a server or tokens for the users.