January 02, 2013
Transaction pricing can start at two cents. Subscription pricing is available on request. Pricing varies depending on volume and/or users.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Full, out-of-band, two-factor authentication through a user’s cell phone.
- Weaknesses: Requires modifying application code to deploy, which can be difficult for certain customers.
- Verdict: If you have web developers who can integrate this, it’s well worth looking into.
TeleSign 2FA is a full application programming interface (API) and software development kit (SDK) that allows an enterprise to integrate two-factor authentication into its existing web applications. This product allows administrators to modify their existing web applications to include a drop-down box on the authentication screen from which a user can choose the way of receiving their one-time passcode. Passcodes can be sent to the user either via SMS text message or by phone to a number that has been previously registered. This provides full, out-of-band, two-factor authentication without the need to purchase additional tokens.
While this tool is quite powerful, it is far from plug-and-play. This solution is meant as a way to bring two-factor authentication directly into existing web applications through code editing using the TeleSign SDK. With that said, this offering also can provide an excellent and affordable way to deploy this functionality. To get this product up and running, a developer or programmer must use the provided TeleSign code to modify the code in the specific web application. TeleSign includes sample code as part of the customer package so a programmer has a good base from which to start. Once the application has been modified and registered with the TeleSign user portal, it is ready for deployment.
Further, once the application has been deployed, users can access it just as they always have, but they will now have the option to have a one-time password sent to them either via SMS text or by a phone message. When a user requests their code, all communication is handled via TeleSign and the code will be sent directly to the user's device. Once the user has received their passcode, to be authenticated they can enter it along with any other authentication options chosen by the administrator.
Documentation included an API reference guide and a few sample workflow documents. We found the API guide to be well-organized with detailed information on how to modify application code to work with the TeleSign 2FA service. This guide also included many examples of code along with detailed explanations. The workflow examples provided were also quite helpful in providing a visual demonstration of many common tasks that could be added using the product.
TeleSign offers 11/5 and 24/7 support options. Customers have access to both phone- and email-based technical support, along with a full customer assistance web portal. Customers use this portal to access documentation, as well as to submit support requests and manage account billing. Unfortunately, the company does not provide a knowledge base at this time.
Pricing for this product is quite reasonable. Customers can pay per transaction or go with a subscription-based plan. The per-transaction rate can start as low as two cents, and volume discounts are available. We find this solution to be a good value for the money overall. TeleSign 2FA provides the ability for any web-based application to be modified for two-factor authentication at a reasonable price. Adding to its value, this product does not require the purchase of additional hardware for a server or tokens for the users.
Sign up to our newsletters
SC Magazine Articles
- Popular adult website XTube compromised, delivers malware
- Orgs predict $53M risk, on average, from crypto key, digital cert attacks
- Hanjuan Exploit Kit leveraged in malvertising campaign
- Report: More than 15,000 vulnerabilities in nearly 4,000 applications reported in 2014
- Amedisys notifies nearly 7,000 individuals of potential breach
- Obama orders new sanctions program to deter foreign cyber attackers
- 'Volatile Cedar' APT group spies on enterprises, focusing on Lebanese companies
- Orgs need to share info, crave more board oversight, study says
- Human error cited as leading contributor to breaches, study shows
- Nite Ize website attack impacts credit cards, possibly customer database