TypingDNA Verify is designed to reduce the number of SMS/email 2FA codes required to be sent to your users, replacing them with in-browser, secure typing biometric verification when possible.
There are three scenarios in which typing biometrics verification is not possible, and traditional SMS/email verification codes are sent.
First, when a user initially registers their typing behavior with TypingDNA through the Verify window, a verification code is sent to the registered channel (SMS or email) to establish a Root of Trust (RoT).
Second, when a user fails typing verification, the service will defer to the RoT registered during enrollment to confirm their identity.
Finally, when an end-user’s device is determined to be mobile, a code is automatically sent, as typing verification is currently not supported on mobile.
How encrypted end-user data and verification results flow between your backend, frontend and the Verify window depends on the mode you have chosen when initializing the
TypingDNAVerifyClient object in the backend. There are two available modes, which to choose depends on UX preference:
To implement Standard mode, a callback function has to be included in the data attributes of the HTML button through which the TypingDNA Verify popup is opened (see Integrate Backend). After the user has attempted typing verification in the Verify window, if the user’s pattern is verified successfully, a verification code is returned as a parameter to the callback function. If the user fails verification, the error message is passed in the same parameter.
Show OTP mode
After the verification process has finished and the user has inserted the code into the input field on your frontend, a request to your backend is made with the code. The
typingDNAVerifyClient.validateOTP() method is then called to confirm the authenticity of the verification code using TypingDNA’s validation service.This method requires both the user identifier and code as parameters (see Reference section for details).
If the code is valid a success message will be returned. Otherwise, the code validation service will return a failure to validate message.