Go back to website

SMS Authn

SMS authentication sends a one-time passcode (TOTP) to the user’s registered mobile phone via SMS for verification. It is a possession-based authenticator, as the user must possess the mobile device to access the code. To ensure security, we have implemented the following controls:

  • One-time codes expire after a short duration, typically within 5 minutes.

  • Rate-limiting mechanisms are in place to prevent abuse of the SMS system.

  • Mobile phone numbers are verified to ensure that the code is sent to the correct device.

PreviousAuthenticatorsNextPasskeys Authenticator

Last updated