Director Product Management at Centime·
Needs advice
Amazon SNSAmazon SNS

Hi, We are looking to implement 2FA - so that users would be sent a Verification code over their Email and SMS to their phone.

We faced some limitations with Amazon SNS where we could either send the verification code to email OR to the phone number, while we want to send it to both.

We also are looking to make the 2FA more flexible by adding any other options later on.

What are the best alternatives to SNS for this use case and purpose? Looked at Twilio but want to explore other options before making a decision.

Would be great to know what the experience with Twilio has been, especially the limitations/issues with Twilio...

Appreciate any input from users of Twilio and others who have had similar use cases.

6 upvotes·17.3K views
Replies (4)
Head of Engineering at Stream Financial Technology·

I would recommend Twilio as well. If you're objective is to get off the ground quickly and build something that is robust without much effort, Twilio really nails the developer experience and easy of use. It's also light on any kind of set up or infrastructure as code. That said, it's a lot more expensive that AWS alternatives, so if you're operating at scale you may want to look closer at AWS options.

2 upvotes·5.4K views
VP Engineering at Not disclosed·

2FA Security is a pretty important topic. While as a convince it would be great to broadcast the security code to as many devices as possible this is fundamentally a bad security practice. Imagine for a minute that a bad actor has compromised one or the other of your message platforms now when you attempt to login to fix things they're also given your security code. If you read enough stories you will find that both email and SMS can be compromised to grab peoples codes.

Secondly, I have never interacted with a product that broadcasts to both messages upon login, they always present a choice of where to send it.

To you actual question; Twilio + SendGrid (a Twillo company) would be the default choice because both of these log what happened when you send a message. For instance with SendGrid you can see the delivery events in their UI to debug issues (e.g. was it delivered to a mailbox, or what was the error code). If you use Amazon SNS you will have to build out all of the logging to know what happened. At some point you'll need to have all of this info in your product because your CS agents will need it for quick debugging of customer issues, but when you first roll out it's great to just let the service do the logging.

2 upvotes·11.3K views
View all (4)
Avatar of Ravi Sathanapalli

Ravi Sathanapalli

Director Product Management at Centime