Phone Verification
The Phone Verification step allows you to verify users' phone numbers through an SMS-based OTP (One-Time Password) authentication flow.
How It Works
- Phone Number Entry: The user enters their phone number in international format (E.164).
- OTP Delivery: The system sends a 6-digit verification code via SMS to the provided phone number.
- Code Verification: The user enters the received code to complete the verification.
- Completion: Once verified, the phone number is securely stored (hashed) and the verification step is marked as complete.
Customize Settings
General Details
- Name: The name of the flow step. It will be used to identify the step in the flow.
- Success Button Label: A custom label for the Continue button that is shown once the step is completed.
Technical Details
Phone Number Format
Phone numbers must be provided in E.164 format, which includes:
- A leading
+sign - Country code (1-3 digits)
- Phone number (up to 15 digits total)
Examples:
+1234567890(Valid)+19876543210(Valid)1234567890(Invalid - missing+)
Security Features
- OTP Expiration: Verification codes expire after 3 minutes (180 seconds).
- Rate Limiting:
- Starting verification: Maximum 3 requests per 5 minutes per verification request.
- Code verification: Maximum 5 attempts per 3 minutes per verification request.
- Data Privacy: Phone numbers are stored as SHA-256 hashes. Only the last 4 digits are stored in plain text for reference.
SMS Delivery
SMS messages are sent via AWS SNS with the sender ID "Zyphe" and include the verification code in the user's locale.
Requirements
info
The Phone Verification product must be enabled for your organization. Please contact support if you need access to this feature.
