Silent Authentication
Silent Authentication uses a mobile phone's Subscriber Identity Module (SIM) to verify a user's identity, without any user input. It checks the user's phone number against their carrier's records to confirm that it is active and legitimate.
Once a request is verified, you can continuously authenticate the user until the request either expires or is canceled by the user.
Advantages
- Minimal user input - Silent Authentication is very user friendly; once the user has entered their credentials, the authentication process happens in the background. There are no OTP codes to input, making the process as frictionless as possible.
- No phishing - By moving authentication directly between the carrier and the mobile device, the threat of phishing via SMS is removed.
Requirements
- The user must own a mobile device - Silent Authentication needs the user to authenticate from a mobile device.
- A cellular network connection is required - Silent Authentication relies on a verified GSM response from the device to prove its credentials, which is not sent if the user is connected to Wi-Fi. The user must therefore trigger the authentication request using cellular data. You can use our mobile libraries to help force a mobile connection.
Bypass WiFi for Silent Authentication
Vonage provides two Libraries that you can use in your applications to help you make a HTTP request over a cellular network, even when on WiFi. These are available through GitHub:
Click on each platform for more details, including installation instructions, compatibility information, and usage examples.
Implementation
Silent Authentication can work both synchronously and asynchronously (using webhooks).
The recommended way to integrate Silent Authentication is through the asynchronous approach, as it includes a coverage check in the initial step.
Environments
Production
Using Verify in production requires the registration of your application using the Network Registry. Vonage’s Network API Registration service automates the registration process through a common dashboard interface and sends the information to the operators for approval.
Non-Production
Access to non-production environments depends on the country where Silent Authentication will be implemented:
| Country | Environment |
|---|---|
| Spain and Germany | Network APIs Playground |
| Rest of supported countries | Silent Authentication Sandbox |
Availability
Silent Authentication is currently available in the following territories:
| Country | Country Code | Network Name |
|---|---|---|
| Albania | AL | Vodafone |
| Canada | CA | Telus |
| Canada | CA | Bell |
| Canada | CA | Rogers |
| Germany | DE | Deutsche Telekom (DT) |
| Germany | DE | Vodafone |
| Germany | DE | Telefonica |
| Spain | ES | Movistar |
| Spain | ES | Orange |
| Spain | ES | Vodafone |
| France | FR | Orange |
| France | FR | SFR |
| France | FR | Bouygues Telecom |
| Ghana | GH | MTN |
| Great Britain | GB | O2 |
| Great Britain | GB | Vodafone |
| Great Britain | GB | 3 |
| Great Britain | GB | EE |
| Greece | GR | Vodafone |
| Hungary | HU | Vodafone |
| Indonesia | ID | Indosat |
| Indonesia | ID | 3 |
| Ireland | IE | Vodafone |
| Italy | IT | TIM |
| Italy | IT | Vodafone |
| Italy | IT | Wind Tre |
| Mexico | MX | Telcel |
| Netherlands | NL | Vodafone |
| Netherlands | NL | KPN |
| Netherlands | NL | T-mobile |
| Portugal | PT | Vodafone |
| Romania | RO | Vodafone |
| Singapore | SG | Singtel |
| South Africa | ZA | MTN |
| United States of America | US | Verizon |
| United States of America | US | T-Mobile |