Skip to content

Latest commit

 

History

History
72 lines (51 loc) · 2.55 KB

README.md

File metadata and controls

72 lines (51 loc) · 2.55 KB
Raw

Multifactor Security Authentication Using Vonage APIs

Overview

This project is a web application demonstrating how to strengthen multifactor security authentication using the Vonage SIM Swap API and Verify v2 API. The application includes a simple bank dashboard and a login form. If the SIM Swap API detects that a phone number was swapped recently, the verification code will not be sent, and additional security measures will be applied. A verification code will be sent via the Verify v2 API to authenticate the user if no recent swap is detected.

Features

  • A login form to enter and verify a phone number
  • Secure multifactor authentication using Vonage Verify v2
  • SIM Swap detection to prevent compromised logins
  • Simple bank dashboard after successful login

Prerequisites

Getting Started

  1. Clone the repository and change directories

    git clone https://github.com/Vonage-Community/demo-sim-swap_verifyv2-javascript-multifactor_authentication
cd demo-sim-swap_verifyv2-javascript-multifactor_authentication

  2. Install the required packages:

    npm install

  3. Move the .env.example file to .env file in the project root and include the following environment variables:

    mv .env.example .env
     VONAGE_API_SECRET=your_api_secret
 VONAGE_APPLICATION_ID=your_application_id
 VONAGE_APPLICATION_PRIVATE_KEY_PATH=/path/to/your/private.key

 JWT=your_jwt_token

 MAX_AGE=72

  4. You have the choice to set RECIPIENT_NUMBER, to define a different phone number from the one used during SIM Swap to receive the SMS.

  5. Run the application:

    node server.js

  6. Launch your web browser and enter the URL:

    http://localhost:3000/

How It Works

SIM Swap API

The application uses the Vonage SIM Swap API to check whether a given phone number has been swapped in the last few days. This protects users from attacks that exploit SIM swaps.

Verify v2 API

The Verify v2 API sends a one-time code to the user's phone number for authentication. This verification code will be sent if the SIM Swap API determines that the number has not been recently swapped.

Application Flow

  1. The user enters their phone number on the login page.
  2. The SIM Swap API checks whether the number was swapped recently.
  3. a verification code is sent via the Verify v2 API if no swap is detected.
  4. After successful verification, the user can access the bank dashboard.