Challenge

A web application required secure two-factor authentication but needed complete control over code generation, validation timing, and rate limiting that third-party services couldn’t provide.

Off-the-shelf solutions lacked the customization flexibility needed for specific security requirements and would have added ongoing subscription costs.

Solution

84EM engineered a custom SMS-based authentication system that generates unique verification codes, validates user input, and automatically enforces security policies.

The system integrates with Twilio for reliable message delivery while maintaining complete control over the verification workflow and security parameters.

Built-in rate limiting and automatic code expiration protect against brute force attempts without requiring manual oversight.

Technical Implementation

• Custom Code Generation: Randomized letter sequences eliminate confusion between similar-looking characters.
• Twilio SMS Integration: Reliable message delivery through industry-standard API.
• Database-Driven Validation: MySQL storage enables persistent verification across user sessions.
• Automatic Code Expiration: Five-minute validity window balances security with user convenience.
• Rate Limiting Protection: One code per minute per phone number prevents SMS flooding and abuse.
• Bidirectional Messaging: Supports both sending verification codes and receiving user responses.
• Comprehensive Error Handling: Validates phone numbers, user IDs, and API credentials before processing.
• Efficient Resource Management: Singleton pattern ensures consistent database connections.
• Automated Cleanup: Expired codes are automatically removed to maintain database performance.

Results

The custom solution eliminated ongoing third-party subscription costs while providing granular control over security parameters.

Built-in protections against abuse and automated maintenance reduced the need for manual security oversight.