Telephony #1520
Merged
Telephony #1520
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
edunham
commented
Aug 15, 2024
•
edunham
commented
- add CTA
- check md rendering
- fix communities list
✅ Deploy Preview for okta-blog ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Co-authored-by: Semona Igama <[email protected]>
Co-authored-by: Semona Igama <[email protected]>
alisaduncan
reviewed
Aug 16, 2024
| --- | ||
| {% include toc.md %} | ||
|
|
||
| ## Approaches to keep sending OTP over SMS... for now |
There was a problem hiding this comment.
Suggested change
| ## Approaches to keep sending OTP over SMS... for now |
Please delete this header. This is the same as the title. A blog should not start immediately with a header as the title is a header. There needs to be an intro.
| image: blog/telephony/social.jpg | ||
| type: conversion | ||
| --- | ||
| {% include toc.md %} |
There was a problem hiding this comment.
Suggested change
| {% include toc.md %} |
Please move this below intro.
|
|
||
| ## Approaches to keep sending OTP over SMS... for now | ||
|
|
||
| "SMS has long played an important role as a universally applicable method of verifying a user's identity via one-time passcodes. And over the last decade, SMS and voice-based Multifactor Authentication has prevented untold attempts to compromise user accounts. |
There was a problem hiding this comment.
Consider using > plus citation tags. We have examples of it in the blog
|
|
||
| * Longer login times than other methods | ||
|
|
||
| Okta [recommended moving away](https://www.okta.com/blog/2020/05/why-you-should-ditch-sms-as-an-auth-factor/)[ from SMS/Voice authentication](https://www.okta.com/blog/2020/05/why-you-should-ditch-sms-as-an-auth-factor/) some time ago. There are many other factors you can use for authentication, including: |
There was a problem hiding this comment.
Suggested change
| Okta [recommended moving away](https://www.okta.com/blog/2020/05/why-you-should-ditch-sms-as-an-auth-factor/)[ from SMS/Voice authentication](https://www.okta.com/blog/2020/05/why-you-should-ditch-sms-as-an-auth-factor/) some time ago. There are many other factors you can use for authentication, including: | |
| Okta [recommended moving away](/blog/2020/05/why-you-should-ditch-sms-as-an-auth-factor/)[ from SMS/Voice authentication](/blog/2020/05/why-you-should-ditch-sms-as-an-auth-factor/) some time ago. There are many other factors you can use for authentication, including: |
Blog references do not include domain so that preview mode works. Also, consider using the new embed tag
There was a problem hiding this comment.
Will people be able to distinguish between the two links?
|
|
||
| * Generating codes in an authenticator app such as Okta Verify, Authy, Google Authenticator, or 1Password. | ||
|
|
||
| * FIDO2.0 (WebAuthn) which, in addition to phones, can use hardware keys and on-device authenticators. |
There was a problem hiding this comment.
Are you sure this is the correct term? (stating "FIDO2.0 (WebAuthn)") I'm not sure the parenthesis here is correct, probably should verify with Okta standards for reference?
There was a problem hiding this comment.
good question; Maurice went through other reviews on the content so I'll ask
|
|
||
| You can send the OTP in the SMS/Voice flow using the [telephony inline hook]([https://help.okta.com/oie/en-us/content/topics/telephony/telephony-inline-hook.htm](https://help.okta.com/oie/en-us/content/topics/telephony/telephony-inline-hook.htm)). Okta uses the code or URL in the hook to send the OTP, though, as you'll see, the hook may not be called every time (and that's a good thing). When your hook fails to send the message or takes too long to update the status, Okta takes over sending the message. However, the number of those messages is heavily rate-limited. | ||
|
|
||
| The code or URL you provide may simply send the message and communicate the outcome to Okta. The code or server may be more complex, managing geo-specific vendors, failure, failover to another provider, and hacking. No matter how easy or complex the code, there are three main approaches: |
There was a problem hiding this comment.
Suggested change
| The code or URL you provide may simply send the message and communicate the outcome to Okta. The code or server may be more complex, managing geo-specific vendors, failure, failover to another provider, and hacking. No matter how easy or complex the code, there are three main approaches: | |
| The code or URL you provide may simply send the message and communicate the outcome to Okta. The code or server may be more complex, managing geo-specific vendors, failure, failover to another provider, and hacking. No matter the code, there are three main approaches: |
I recommend steering away from these terms for inclusivity.
|
|
||
| Some of the main things to consider when choosing an approach are the regions for messages, the expected traffic, the desired reliability, branding requirements, protection from hacking, and your resources. | ||
|
|
||
| ### Which regions? |
There was a problem hiding this comment.
Consider working keywords into the H2 and H3 headers for SEO. If that is at all a concern.
|
|
||
| * Registration of a sender ID for your business. For example, messages without a valid sender ID are automatically marked as "Likely-SCAM" in Singapore. | ||
|
|
||
| * Using *short codes*–special telephone numbers designed for high traffic. This can add significant cost. |
There was a problem hiding this comment.
Suggested change
| * Using *short codes*–special telephone numbers designed for high traffic. This can add significant cost. | |
| * Using *short codes*—special telephone numbers designed for high traffic. This can add significant cost. |
Writing style is em dash
|
|
||
| * [Twilio Verify](https://www.twilio.com/docs/verify/api) | ||
|
|
||
| ## What Next? |
There was a problem hiding this comment.
Suggested change
| ## What Next? | |
| ## What's next? |
I still recommend working in keywords though... But headers are sentence case per the writing guidelines.
|
|
||
| Moving to a service provider minimizes the technical requirements, though there's still vendor management and monitoring. | ||
|
|
||
| ## Designing a DIY Hook |
There was a problem hiding this comment.
Suggested change
| ## Designing a DIY Hook | |
| ## Designing a DIY hook |
deepu105
pushed a commit
that referenced
this pull request
Aug 29, 2024
* add Maurice as author * telephony post * oops * cleanup + add cta * fix quotes * Update _source/_posts/2024-08-15-otp-over-sms.md Co-authored-by: Semona Igama <[email protected]> * Update _source/_posts/2024-08-15-otp-over-sms.md Co-authored-by: Semona Igama <[email protected]> --------- Co-authored-by: Semona Igama <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.