January 02, 2013
Transaction pricing can start at two cents. Subscription pricing is available on request. Pricing varies depending on volume and/or users.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Full, out-of-band, two-factor authentication through a user’s cell phone.
- Weaknesses: Requires modifying application code to deploy, which can be difficult for certain customers.
- Verdict: If you have web developers who can integrate this, it’s well worth looking into.
TeleSign 2FA is a full application programming interface (API) and software development kit (SDK) that allows an enterprise to integrate two-factor authentication into its existing web applications. This product allows administrators to modify their existing web applications to include a drop-down box on the authentication screen from which a user can choose the way of receiving their one-time passcode. Passcodes can be sent to the user either via SMS text message or by phone to a number that has been previously registered. This provides full, out-of-band, two-factor authentication without the need to purchase additional tokens.
While this tool is quite powerful, it is far from plug-and-play. This solution is meant as a way to bring two-factor authentication directly into existing web applications through code editing using the TeleSign SDK. With that said, this offering also can provide an excellent and affordable way to deploy this functionality. To get this product up and running, a developer or programmer must use the provided TeleSign code to modify the code in the specific web application. TeleSign includes sample code as part of the customer package so a programmer has a good base from which to start. Once the application has been modified and registered with the TeleSign user portal, it is ready for deployment.
Further, once the application has been deployed, users can access it just as they always have, but they will now have the option to have a one-time password sent to them either via SMS text or by a phone message. When a user requests their code, all communication is handled via TeleSign and the code will be sent directly to the user's device. Once the user has received their passcode, to be authenticated they can enter it along with any other authentication options chosen by the administrator.
Documentation included an API reference guide and a few sample workflow documents. We found the API guide to be well-organized with detailed information on how to modify application code to work with the TeleSign 2FA service. This guide also included many examples of code along with detailed explanations. The workflow examples provided were also quite helpful in providing a visual demonstration of many common tasks that could be added using the product.
TeleSign offers 11/5 and 24/7 support options. Customers have access to both phone- and email-based technical support, along with a full customer assistance web portal. Customers use this portal to access documentation, as well as to submit support requests and manage account billing. Unfortunately, the company does not provide a knowledge base at this time.
Pricing for this product is quite reasonable. Customers can pay per transaction or go with a subscription-based plan. The per-transaction rate can start as low as two cents, and volume discounts are available. We find this solution to be a good value for the money overall. TeleSign 2FA provides the ability for any web-based application to be modified for two-factor authentication at a reasonable price. Adding to its value, this product does not require the purchase of additional hardware for a server or tokens for the users.
Sign up to our newsletters
SC Magazine Articles
- Website observed serving 83 executable files, more than 50 percent malware
- Long list of devices believed to be affected by NetUSB vulnerability
- Scammers target oil companies with sneaky attack
- TeslaCrypt used to extort over $76K in recent months
- CareFirst BlueCross BlueShield breached, more than one million individuals notified
- Hackers exploit Starbucks auto-reload feature to steal from customers
- Study: Nearly all SAP systems remain unpatched and vulnerable to attacks
- Former Nuclear Regulatory Commission employee arrested for alleged spear phishing campaign
- Millions of WordPress websites vulnerable to XSS bug
- FireEye first cybersecurity firm awarded DHS SAFETY Act certification
- FTC gives thumbs up to companies that cooperate during breach probes
- Researchers publish developer guidance for medical device security
- Senate gears up for Saturday USA Freedom Act vote; House breaks for recess
- Researchers observe SVG files being used to distribute ransomware
- Federal prosecutors charge Chinese nationals with trade secret theft