When building it doesn't make sense anymore
As regulations like the General Data Protection Rule and the new Payment Services Directive roll in, technology departments reassess the security tools they currently use and try to understand which new tools will be deemed necessary. Regarding new tools, it’s fair to ask, “do we build our own, or do we seek out a partner and buy the tool."
Analyzing needs and understanding the costs behind them is a daunting and time-consuming task, so for two-factor authentication, we’ve done the work for you.
You have two options: build and maintain a two-factor authentication system in house, or deploy an API and use a trusted partner’s toolkit. We surveyed our customers to find out how long it takes to deploy our tools, as well as how long it would take them to build tools like ours.
Option 1: Build your own.
Based on our survey, as well as our own experience, it takes 5-6 weeks of full-time developer hours to build an SMS-only 2FA solution for an online service. Step up to a time-based one-time password system, and it will be 8-10 weeks. Assuming that the average cost of an in-house developer is €1,750-2,000 per week, a fully-functioning in-house solution will cost €14,000 to €20,000. Add 50% if the work is outsourced.
And that’s only to build the system. The technology team would also be required to maintain SMS delivery quality and manage connections to network operators. Then add the cost of sending SMS messages to variable costs. At the end of the day, you’ll need to dedicate people on your tech team to maintain the 2FA solution, which adds to ongoing costs.
Pro: More control over specific functionality.
Cons: Longer implementation time, larger investment, and handling all service and quality issues internally.
Option 2: Use an API from a trusted partner.
This same customer survey tells us that developers dedicate 8-24 hours to deploy every verification and authentication tool available from Messente. We have no deployment costs, so deploying our tools costs €350 to €1,200 of developer time.
Also, Messente does not charge for support and delivery quality (SMS.)
Variable costs will be similar, if not less, on the SMS side of things, as we maintain much higher volumes than a single business would; we have bargaining power with higher SMS volumes and have more options for SMS routing. One-time password costs are typically half of SMS costs per authentication. (Contact us if you’re interested in pricing.)
While building your own 2FA solution negates the one-time password variable costs, our data shows that 70% of authentications are still SMS PIN codes, so an SMS fallback option is crucial for successful 2FA adoption. Also, the tech team would need to maintain the one-time password system and mobile app.
Pros: Significantly lower implementation time and costs, optimized SMS delivery routes by the partner, and have the partner handle any delivery quality issues.
Con: Less control over specific functionality.
Overall, leaving it to the experts with two-factor authentication makes more sense. While making your own gives you more control over functionality, Messente is completely open to customer feedback, and we build our tools to suit customer needs.