Challenge
An organization running a web application needed two-step login verification to protect user accounts, but third-party verification services imposed ongoing subscription costs and offered limited control over security policies.
The available off-the-shelf options could not be configured to meet the organization’s specific requirements for how verification codes behaved, how quickly they expired, or how abuse was prevented. Adopting one of these services would have meant accepting their limitations and paying recurring fees for a system the team could not fully control.
Solution
84EM built a custom text-message verification system that sends unique login codes to users and enforces security rules automatically. The system handles the full verification process – code delivery, user validation, and abuse prevention – without ongoing subscription costs or dependence on a third-party provider.
Codes expire automatically after a short window, and the system prevents repeated requests that could signal misuse. The operations team does not need to monitor or intervene; security enforcement runs on its own.
The verification codes were designed to avoid characters that look similar to each other, reducing the chance of users mistyping a code on the first attempt.
Key Capabilities
- Automatic code expiration and abuse prevention that enforces security rules without manual oversight, including timed code expiration and limits on how frequently codes can be requested.
- User-friendly verification codes designed to avoid characters that look alike, reducing mistyped codes and “code didn’t work” support contacts.
- Two-way messaging supporting both outbound verification codes and inbound user responses for a flexible login experience.
Results
The organization eliminated the ongoing subscription costs that third-party verification services would have required. Instead of paying recurring fees for a system they could not fully configure, they gained a purpose-built solution with complete control over security policies.
The operations team’s security monitoring burden dropped significantly. Abuse prevention that would have required manual intervention with a simpler system now happens automatically – repeated code requests, expired codes, and suspicious activity are all handled without staff involvement.
Login-related support contacts decreased after the new verification codes were introduced. Users misread codes less frequently, which meant fewer failed login attempts and fewer re-send requests reaching the support team.
