Managing Two-Factor Authentication Messages

In Hosted Login v2, two-factor authentication (2FA) is a relatively straightforward process:

  1. A user logs on to an app or a web site, and is successfully authenticated.
  2. An access code is sent to the user by email or by text message.
  3. The user types that access code into a screen displayed on the app or web site.

Note. Yes, there is a little more to it than that. See this article for mor more detailed information.

This documentation focuses on the messages sent to users during the 2FA process. For example, the default email sent to a user when logging on looks similar to this:

If the access code is sent by text message, that message will look like the following:

All told, Hosted Login v2 uses three different 2FA messages:

  • secondFactor, sent after a user has been authenticated but before that user is fully logged on.
  • resendVerification, sent if a user fails to complete the registration process.
  • registrationVerification, sent after a user has created a new account but before that user is fully logged on.

So what’s the problem here? To be honest, there is no problem: if you’re comfortable with the way 2FA and 2FA messages are set up then you don’t have to do a thing. That said, however, it is possible that you might want to modify the messages that are sent as part of the 2FA process; for example, you might want to change the text, or you might want to translate the messages into other languages, or you might want to use CSS to add your own branding to the HTML email messages. In those cases (and others), then this documentation is for you. Here’s what we cover: