There are many myths about 2FA and how it relates with VoIP. If you have heard about 2FA and would like to know how it really works with VoIP technology, this article is just for you.
2FA stands for two-factor authentication and it is an industry-wide accepted method of verifying additional forms of online identity. For many years, online sites and services only required a single method of authenticating you such as a single passwords. However, single-factor credentials can be easily stolen or compromised through clever methods and cyber-attacks. This situation prompted many cloud providers, banks and other institutions to require a second method of authentication during the sign-in process. It is also called one-time password (OTP).
2FA requires another method of validating that you are who you say you are. Of the many methods of 2FA out there (we will not get into the nitty-gritty details), there is SMS messaging. Traditionally, SMS was implemented by mobile providers and grew to be not just a highly effective way of communicating between peers, but also validating identity.
Mainstream mobile providers such as T-Mobile, AT&T, and Verizon, are primary SMS providers servicing millions of subscribers in the US. Some sources estimate that more than 2 trillion messages are exchanged each year!
How does VOIP come into play with 2FA and SMS? It doesn’t. VoIP stands for voice over Internet Protocol. It is a protocol and software technology used over the Internet broadband connections designed to support voice calling. Nothing about VoIP includes SMS!
So how do we do it? Well, VoIP providers such as JVoIP, LLC work with upstream carriers to support SMS messaging using their API messaging platforms. You can have carriers for voice and carriers for messaging.
Many banking institutions and government agencies require validating your identity with 2FA by sending you a short-code message. However, many of these institutions only prefer mobile numbers managed by US cellular providers.
The number one question we get is: Will I get my 2FA codes with JVoIP? Our answer is maybe. It has nothing to do with VoIP, our SMS messaging platform or even our upstream providers. It has to do with the sending party. As explained, 2FA is all about security. Thus, some sending parties believe that trusting cellular or mobile providers is more secure from an identity standpoint than numbers managed by VOIP providers.
Technically speaking, you can lookup not only which mainstream provider hosts your number but also what is the number type. If the number type is not mobile, they will simply drop the message or notify you that the number is unsupported. The checking is all done by the sending parties in a matter of milliseconds.
Again, the decision to not send a 2FA code to a number managed by a VoIP provider is up to the sending party. When we are asked the question whether 2FA codes will work with our platform, we will simply let you know to try out our services. Many customers have accounts with banks, government agencies and cloud providers and it is hard to guarantee 2FA delivery from any VoIP provider. Also, given that it is up to the sending parties, they may change their security posture any time.
Now, you may say, “Well, my number is currently with a mobile provider, and I simply want to port my number to a VoIP provider. Isn’t my number still mobile?” The answer is no. Porting numbers from cellular carriers to VoIP providers will change the number type to either fixed-line or landline. Also, all numbers have special lookup codes to determine the upstream carrier and what type of carrier they are based on FCC codes.
There is no way around it. There are simply different types of numbers, different types of voice carriers. 2FA delivery is up to the sender, not up to VoIP provider with SMS messaging platforms in place.
This being said, we are happy to let you know that many of our customer’s sending parties have accepted JVoIP’s managed numbers (DIDs). Given that this is a hit or miss, we have begun publishing a list of institutions that work with JVoIP. Please see our help center article on 2FA-Support for more details.
We hope this answers many myths about 2FA and VoIP. Feel free to reach out to us if you have any questions!