Skip to content

This project demonstrates how to implement multifactor authentication using Vonage's Verify v2 and SIM Swap APIs. The application allows users to verify their identity through a phone number and a PIN code while protecting against SIM swap fraud.

Notifications You must be signed in to change notification settings

Vonage-Community/blog-sim-swap_verifyv2-javascript-multifactor_authentication

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Multifactor Security Authentication Using Vonage APIs

Overview

This project is a web application demonstrating how to strengthen multifactor security authentication using the Vonage SIM Swap API and Verify v2 API. The application includes a simple bank dashboard and a login form. If the SIM Swap API detects that a phone number was swapped recently, the verification code will not be sent, and additional security measures will be applied. A verification code will be sent via the Verify v2 API to authenticate the user if no recent swap is detected.

Features

  • A login form to enter and verify a phone number
  • Secure multifactor authentication using Vonage Verify v2
  • SIM Swap detection to prevent compromised logins
  • Simple bank dashboard after successful login

Prerequisites

Getting Started

  1. Clone the repository and change directories

    git clone https://github.com/Vonage-Community/demo-sim-swap_verifyv2-javascript-multifactor_authentication
    cd demo-sim-swap_verifyv2-javascript-multifactor_authentication
  2. Install the required packages:

    npm install
  3. Move the .env.example file to .env file in the project root and include the following environment variables:

    mv .env.example .env
     VONAGE_API_SECRET=your_api_secret
     VONAGE_APPLICATION_ID=your_application_id
     VONAGE_APPLICATION_PRIVATE_KEY_PATH=/path/to/your/private.key
    
     JWT=your_jwt_token
    
     MAX_AGE=72
  4. You have the choice to set RECIPIENT_NUMBER, to define a different phone number from the one used during SIM Swap to receive the SMS.

  5. Run the application:

    node server.js
  6. Launch your web browser and enter the URL:

    http://localhost:3000/

How It Works

SIM Swap API

The application uses the Vonage SIM Swap API to check whether a given phone number has been swapped in the last few days. This protects users from attacks that exploit SIM swaps.

Verify v2 API

The Verify v2 API sends a one-time code to the user's phone number for authentication. This verification code will be sent if the SIM Swap API determines that the number has not been recently swapped.

Application Flow

  1. The user enters their phone number on the login page.
  2. The SIM Swap API checks whether the number was swapped recently.
  3. a verification code is sent via the Verify v2 API if no swap is detected.
  4. After successful verification, the user can access the bank dashboard.

About

This project demonstrates how to implement multifactor authentication using Vonage's Verify v2 and SIM Swap APIs. The application allows users to verify their identity through a phone number and a PIN code while protecting against SIM swap fraud.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published