While registering just now for(AWS), we discovered an intriguing example of “out of band” security verification (where the “band” is the web):
- Provide a telephone number
- AWS provides a PIN on the website
- Receive the call (within 5 seconds!)
- Enter the PIN using the telephone keypad
- Verification appears on the website 5 seconds later
This (almost) ensures that it’s a human interacting with the site, rather than a machine., so relying on a working telephone number with voice prompts makes it much harder for spam-bots/machines to interact with the system like this.
In theory, this is analgous to other multi-band techniques, such as receiving a credit card PIN in the post, but the slickness, speed and effectiveness of the AWS approach is impressive.