/ Aswen News/August 10, 2022 Guangzhou - With the development of mobile Internet, verification codes, as a supplement to multi-factor identity authentication, have been widely used in many scenarios, such as user registration, login and authorization. However, some enterprises lack sufficient security protection ability in the process of verification code delivery, which is easy to be used by criminals and carry out network attacks such as SMS bombing to specific users, causing security threats to users and enterprises.
In this context, Tencent security release Tianyu verification code version 2.0, in the user experience, business visibility, development and access to make three important upgrades, with more intelligent user experience, more comprehensive data display, more agile access configuration, for the enterprise's technological innovation and digital operation change, to provide a solid security guarantee. At the same time, based on ten security fences, this version for web page, App, small program developers to create a three-dimensional, comprehensive man-machine verification, will maximize the protection of enterprise platform registration and login, activity sec-kill, like Posting, data protection and other business security.
Smart verification exemption, creating a better user experience
Verification code is an important component of identity verification and risk prevention, as well as the first key to user interaction experience. Therefore, balancing security and ease of use becomes key.
Tencent security verification code 2.0 officially launched the intelligent verification free function. By using data analysis and artificial intelligence judgment, user characteristics can be intelligently identified to enhance the trusted user group. On the one hand, this function can save the trusted user from the trouble of identifying and operating the verification code, and at the same time, it can conduct secondary verification or directly intercept the abnormal user. On the other hand, the exemption also reduces the possibility of cracking the verification code from the source.
In addition, the version supports multiple authentication modes so that services can select a proper verification code type based on their own scenario requirements and flexibly configure a defense model that best suits users' requirements. In this way, only black production is prevented but not users are protected.
dynamic visual, open a more comprehensive vision of protection
For enterprises, its own verification code security protection ability is insufficient, after being bombed software if not implemented effective countermeasures, will become the SMS bombing software "chicken", not only costs normal website operating costs, will also seriously affect the brand image, Bring about a crisis of confidence.
In response, Tianyu Verification code 2.0 has made a comprehensive upgrade to the console. Through the Kanban, enterprises can view multiple indicators such as verification and interception data in real time, and control the dynamic service security in real time. The statistics granularity reaches the minute level.
At the same time, this version based on user feature discovery, behavior trajectory analysis, anti-simulator, POW authentication, hierarchical verification, dynamic encryption, virtual machine reinforcement, device fingerprint, blacklist database and credit history ten protection capabilities, breaking the traditional single point defense limitations, layer upon layer block hacking. For web page, App, small program developers to create a set of three-dimensional, comprehensive man-machine verification defense system.
Flexible and efficient, support easier access configuration
Open data shows that the industry has more than 2000 websites of more than 3500 verification code interface, more than 2400 SMS interface is used by the black gray industry, the whole network of SMS bombing more than 1.6 million times a day.
To cope with high-frequency and complex hacking attacks, Tenyu Verification Code 2.0 supports hour-level fast access. Access can be completed in three steps from obtaining the key for new authentication, pulling the verification code for client access, and verifying the ticket for server access. After access, enterprises can quickly complete the verification combination construction according to the video guidance and animation demonstration, combined with their own business requirements, greatly improving the convenience.
In addition, in terms of stability, the new version has realized high availability and 10,000 level qps support, which can meet the high concurrency scenarios and effectively ensure the secure and stable operation of services.
At present, Tencent security verification code has been successful for Douban reading, Lipin net, Yonghui supermarket, Luzhou Laojiao, SF technology and other enterprise customers to provide security services, effectively standardize the text message verification code issued security protection mechanism, to ensure business security and optimize the user experience.
In the future, Tencent security will continue to rely on 20 years of security capacity building and security practice experience, and continue to enrich technical treatment means, from the source to avoid the risk of being used by SMS bombing software, help enterprises establish an effective risk control and protection mechanism, promote SMS bombing black production management work, safeguard a better life.
