We take security very seriously at DocuSign. This is why DocuSign is the only eSignature and Digital Transaction Management provider to be ISO 27001-certified and SSAE 16-certified (SOC 1 and SOC 2) and is internationally tested across the entire company and its data centers. In addition, DocuSign is certified compliant on the xDTM Standard, version 1.0 —the transaction management standard for an open, digital world.
We choose our partners for the same level of security focus, which is why we use the Twilio API to provide two-factor authentication (also known as 2FA) using SMS. Instead of reinventing the wheel, DocuSign relies on Twilio’s world-class communication APIs to manage the strong authentication required by DocuSign’s clients. (If you are not familiar with Twilio – they enable companies to integrate messaging, voice, video, and authentication into their apps using the Twilio API.)
Why should you care about two-factor authentication? Two-factor authentication is one of the best ways to protect against remote attacks such as phishing, credential exploitation and other attempts to take over your accounts. Per a Verizon Data Breach Report, 95% of breaches involve the exploitation of stolen credentials.
Here’s how two-factor authentication works at a high level:
- STEP 1: DocuSign makes an HTTP request to the Twilio API.
- STEP 2: The HTTP request is received by Twilio and a one-time code is generated and sent to the recipient via SMS.
- STEP 3: The DocuSign user receives the one-time code on their mobile device.
- STEP 4: The DocuSign user enters the one-time code and is authenticated. The two-factor authentication workflow is now complete.
Since both DocuSign and Twilio have powerful, flexible REST APIs, you can integrate legally-binding eSignature capabilities and secure messaging, voice, video and authentication into your apps – and get all the benefits of going paperless safely and securely.
Come Visit DocuSign at the Twilio Signal Conference
If you are going to be at the Twilio Signal Conference from May 24 – May 25, 2016 at Pier 27 in San Francisco, come see us in the Community Hall. We’d love to show you the deep integration with DocuSign and Twilio and to discuss how to integrate document management and eSignature services into your applications. You can also visit us at the DocuSign Developer Center and get started with your free sandbox today.