# Two factor authentication for no App users

Hello
Here is my test case: I have an app to manage a service. Part of that service includes people that don’t have my app but they rather call my help center. I need for a way to authenticate that they are who they say they are. So i thought of sending them a SMS message that includes a link. when they click the link i receive their phone number, if that phone number matches the one in the Database they are authenticated and i can provide them my service.

Is there a way someone knows?

Thanks

To send a SMS message, may I humbly ask don’t you already need to know the recipients phone numbers?

3 Likes

@LeventK is correct. The users need to already be registered into your system in some way. Then to authenticate, adopt what most organizations are doing already. Send a unique ID code in the SMS message, a randomly generated 6-8 digit number or use the UNIQUEID() function. You want a code that is UNATTACHED from the user so it cannot be easily guessed. The user then gives you back that code to fully authenticate.

2 Likes

@LeventK when you are right you are right

1 Like

That sounds like a good idea, now i need to find a way to generate a unique number rather than UNIQUEID.
Thanks

1 Like

Hi,
Randbetween gives me a number, how do i make sure it is not a duplicate of a previous number?

Provided you give a range between i.e. 100000 - 999999, the probability of getting the same number as previous is basically like this:

The number of n-digit numbers is given by the formula: 9x10^(n-1).

Therefore, there are 9x10^(6–1) = 9x10^5 = 900,000 six- digit numbers.

So, if your random number generator generates a 6-digit number, the chance of generating a second matching number is:

1 in every 900,000 randomization

3 Likes

@LeventK I have a Statistic exam this Thursday, perhaps you want to join me

1 Like

@1111
hahaha…would love to join you but it’s more than 3 decades ago when I have lastly attended an exam, but can give you some cheatsheets though

3 Likes

I would mimic other similar authentication functions where the authorization code has an expiry date/time. Then it doesn’t really matter if the same code is repeated occasionally - which with the RANDBETWEEN() function will happen very infrequently if at all.

2 Likes