Best practices for managing retry logic with SMS 2FA

By Kelley Robinson, 2021-07-27` Best practices for managing retry logic with SMS 2FA are essential to prevent accidental spamming of users, hitting API rate limits, toll fraud, or unnecessary spend. Implementing timeouts on the resend button and adding a buffer between retries can help prevent bad behavior. Tracking retry attempts can also increase the retry buffer with each additional attempt. Additionally, offering alternate channels like Voice on the 3rd verification attempt, displaying a "Call me instead" option in user experience, detecting landlines, disabling unused channels, and implementing reCAPTCHA for voice calls are recommended best practices. General user verification best practices include using Twilio's Lookup API to detect invalid numbers, building an allow or block list of countries, displaying complete phone numbers for initial user verification, masking phone numbers for ongoing login or two-factor authentication, and monitoring support costs and user satisfaction.