At Vonage, we are committed to keeping your account secure. That is why we're introducing a new way to add an extra layer of protection to your login process:Time-Based One-Time Password, or TOTP, authentication using authenticator apps. This gives you and new users more options for securing your account, including our existing SMS and WhatsApp solutions.
TOTP is a type of two-factor authentication that generates a temporary, time-sensitive code that you will need to enter in addition to your regular password. This code is generated by an authenticator app on your smartphone, such as Google Authenticator (on the Play Store or Apple App Store), Microsoft Authenticator, or Ente Auth.
Here is a quick step-by-step explanation:
We generate a shared secret key and store it securely.
The authenticator app uses this key and the current time to generate a unique code.
You will enter this code when you log in, along with your regular password.
Our system generates a code using the same logic as your authenticator app and checks the code to see that it matches.
Using an authenticator app for TOTP offers several advantages:
Enhanced security: The shared secret key is never transmitted after initial setup, and codes are only valid for a brief window.
Cost-effective: It's free, with no extra charges like SMS-based authentication.
Device-based: The code is generated on your smartphone, so you don't need to receive SMS codes or worry about phone signal issues.
We want to make sure our users have the best possible security experience. By offering TOTP as an option, we can help reduce the risk of account security issues for users who do not want to use SMS or WhatsApp to receive their 2FA codes. By adding TOTP, we are hoping to reduce the friction on customers who want to use an application they are familiar with while still providing solid security options.
It also helps provide a better alternative for customers who may have had issues with SMS-based or WhatsApp codes. Not all areas of the world have great network or internet coverage, and using a TOTP code can help when your phone cannot receive a message.
Adding TOTP gives you more control over your account security. If you have multiple devices, you can generally share the TOTP configuration across multiple devices. If you lose a device or your phone number changes, you can still recover your TOTP settings in most applications.
When you sign up or log in, you'll see an additional option to use an authenticator app.
Sign up for a Vonage accountIf you choose this option, you'll be guided through the setup process.
Set Up Authenticator AppYou can also manage your TOTP settings in your account profile.
Account security settingsIf you have any issues or forget your device, don't worry! You can use our self-service options to reset your TOTP setup.
TOTP CheckWe're excited to offer this enhanced security feature to our users. If you have any questions or need help with setup, our support team is here to assist you.
){kind=small}
Chris is the Senior PHP Developer Advocate and Server SDK Initiative Lead. He has been programming for more than 15 years across various languages and types of projects from client work all the way up to big-data, large scale systems. He lives in Ohio, spending his time with his family and playing video and TTRPG games.
