Authentication

[LittleJoe]

I've been developing a web application for many months and once it goes online I want the users of it to authenticate themselves after signing up. Of course I'll also ask users to verify their e-mail addresses like all websites do but I would like to properly authenticate the users but I don't know exactly how best to do it since the users will have different backgrounds and such. Originally I thought about credit card authentication – transferring 1 pound/euro/dollar to my merchant account and then use that as a credit for something on the site or to use PayPal in a similar fashion. I'm not too happy with that and so now I'm trying to look into whether I can use similar authentication as Google does for their Gmail service. When the person signs up they either have to receive a SMS with a code or phone call from a robot that reads the code in the language of the user. This is a pretty cool way to authenticate but I'm guessing that you have to be a pretty big business to be able to pay for such service and I don't even know how to get it (suppose Google runs this service themselves). Any thoughts?

Edited March 10, 2013 by LittleJoe

[jeffman]

The most user-friendly authentication get run through is the one where they send an email to my address and I have to reply. Usually that just means clicking on a link in my email app. I'm not aware of any SMS providers that don't have an email gateway (e.g., 1234567890@vzwpix.com), so that would be pretty easy. But of course not everyone has SMS. The phone robot sounds expensive.

[LittleJoe]

The most user-friendly authentication get run through is the one where they send an email to my address and I have to reply. Usually that just means clicking on a link in my email app.

I wouldn't call the e-mail address verification proper user authentication. It's a lot harder for bots for example to pass the SMS/call-back thing. Edited March 11, 2013 by LittleJoe