Out-of-band security verification

While registering just now for Amazon Web Services (AWS), we discovered an intriguing example of “out of band” security verification (where the “band” is the web):

  1. Provide a telephone number
  2. AWS provides a PIN on the website
  3. Receive the call (within 5 seconds!)
  4. Enter the PIN using the telephone keypad
  5. Verification appears on the website 5 seconds later

This (almost) ensures that it’s a human interacting with the site, rather than a machine. CAPTCHA is broken, so relying on a working telephone number with voice prompts makes it much harder for spam-bots/machines to interact with the system like this.

In theory, this is analgous to other multi-band techniques, such as receiving a credit card PIN in the post, but the slickness, speed and effectiveness of the AWS approach is impressive.

1 Comment

Leave a Comment