Design of verification code

This is all I can think of for now, don’t believe me. I am a product dog who digs holes for programmers to jump.

The purpose of designing the verification code is to verify whether it is a machine or a human being, and also to verify whether it is done by myself. Earlier, verification codes were sent to emails, but now the registration system generally uses mobile phone numbers as the main body, so the mainstream is still to send verification codes via SMS.

1. Short test design

Short test content: SMS signature XXXX, #text, sending scenario, short test number, danger reminder#. For example: APP name 1234, payment verification code number 15, please do not give it to others to avoid being deceived.

(1) Generally, the SMS signature is placed in the signature to mark which product the SMS is sent from. If the user operates multiple products in a short period of time and sends short-term verification, there will be a delay problem in sending short-term verification. , the SMS signature is placed in the signature, allowing people to identify the party to which the short verification belongs at a glance to prevent mistakes. Of course, putting it at the back is also a common practice, and the difference is not big.

(2) The short test length is generally 4 or 6 random numbers. As for why it is 4/6, it is based on the comprehensive consideration of system security and human instant memory. It takes 10^4 times for a machine to traverse a 4-digit verification code, and 10^6 times to traverse a 6-digit verification code. It takes at least a few minutes for an ordinary machine to traverse it. . The 4/6 length is a better experience for people's instant memory, but it will be a bit difficult to remember it for a long time.

(3) Considering that the short verification is sent due to network congestion and other reasons, and the user has not received it for a long time, it will be obtained multiple times in a short period of time. Therefore, the validity period of the verification code is generally set. Within the validity period and the short verification has not been When invalid, the short verification content will be consistent to prevent the user from obtaining the short verification multiple times but receiving the previous short verification and the verification will fail. For example, if the user obtains the verification code (1234) for the first time and the network delays the user to obtain the verification code (5678) for the second time, he will receive a short verification code of 1234 and the verification will fail. The general approach is that the second short verification is still 1234, so even if the sending is delayed, the verification can be successful. This approach is suitable for scenarios that don’t require too much rigor.

For some methods that require regeneration of the short-term verification after obtaining it once, you can refer to the bank's practice and write the short-term verification number on the interface for sending the short-term verification and the content of the text message, as shown below.

(4) Operators/partners and some sensitive periods have requirements for text message copywriting, and some copywriting cannot be sent. Therefore, it is recommended to confirm the text message copywriting and report it to the operator/partner beforehand. When cooperating, Party A’s father requested that a fraud reminder be added after the short-term inspection. A word of caution: SMS texts exceeding 70 characters (characters?) will be divided into 2 text messages and sent on some mobile phones. It is best to keep the copywriting concise.

(5) Some people with bad intentions will deliberately and frequently request short verifications to affect normal user operations and extort money. Therefore, the number of sending times for the same IP, the same mobile phone number, etc. is generally limited within a certain period of time; for example, the same mobile phone number is restricted to obtain a maximum of 10 short-term tests within 24 hours. If the number exceeds the number, it will prompt you to try again after 24 hours;

( 6) Price: According to the previous delivery volume of the company and several channel providers it has connected with, the price of notification text messages is generally about 0.02-0.04 yuan, the price of marketing text messages is 0.03-0.04 yuan, and dad-level partners charge 0.1 yuan.

2.? Interaction design

Take registration verification code as an example, other scenarios are similar;

Generally, the mobile phone number and verification code on the registration page are on the same interface Displayed as shown in Figure 1 below.

Notes:

1. When the focus is on the mobile phone number and verification code input box, the numeric keys are automatically evoked and keyboard switching is supported (digression: a lazy person like me puts the card number, Mobile phone numbers, etc. are saved as common phrases and can be pasted directly by switching the keyboard without typing each word);

2. The input box supports one-click deletion;

3. Verify the mobile phone Number length, when the length = 11 digits, the Get Verification Code button will light up;

4. A purely numeric input box, does not support input of characters other than numbers;

5. Get Verification A delayed reminder will be given after the code is passed;

6. After the request for obtaining the verification code is successful, the mobile phone number will be grayed out and cannot be modified;

7. When the required fields on the page have empty values, The login button is grayed out;

8. Do not disable the paste function in the input box, and allow users to paste without entering numbers one by one;

9. The input box has a default prompt copy; (This is particularly applicable Due to the strange password requirements, some website passwords do not support special characters, and the error message does not state the reason. You can use the default copy to inform the setting requirements)

10. If the number of times the same mobile phone number is retrieved exceeds the threshold in a short period of time , can increase the difficulty, such as adding graphic and text verification codes. Short verification can be obtained only after the graphic and text verification is passed;

Sometimes there are too many registration items and it increases the difficulty of frequently obtaining verification codes (entering the mobile phone number and obtaining the short verification code The test is 2 pages. One more page will cause multiple difficulties (but it will only cure the symptoms but not the root cause) and will be designed into pages, as shown in Figure 2 below;

Multi-page design is also suitable for scenarios with too many input items to provide fault tolerance. The high rate prevents the user from making mistakes in one item and refilling all the input boxes; secondly, there are too many input items and there is no desire to operate; (If it must be displayed on one page, it is hoped that the input box can be automatically stored when it loses focus, and the user can return to the page next time. Display)

Notes on multi-page design:

1. After entering the mobile phone number in the correct format, the verification code will be automatically obtained without requiring user operation;

2. The verification code acquisition page displays the mobile phone number, which can facilitate the user to check whether it is filled in incorrectly;

3. If it is divided into multiple pages, inform *** how many pages there are, and it is currently on the first page, such as the first page , second page, third page...;

3.? Short-term inspection sending logic

1. We directly connect with the channel provider: we tell the channel provider to send a certain To verify the short message sent to the mobile phone number, the channel provider tells the operator, and the operator sends a text message to the user's mobile phone, such as path 1;

2. We connect with the partner: we tell the partner to send a short message to a certain mobile phone number Through experience, the partner is telling the channel provider--gt; operator--gt; mobile phone, such as path 2;

The relationship between the partner and "our products" can be understood as the relationship between the group and its subsidiaries. Firstly, the group is large and has strong bargaining power. If the group cooperates with the channel dealers, it can negotiate lower and better prices/services. Secondly, if the group has multiple subsidiaries that want to cooperate with the channel dealers, each subsidiary will have to deal with the troublesome process. , general cooperation is: group talks about cooperation, applicable to subsidiaries. Note: Verification code generation rules: generated by us or generated by partners/channel providers, not all short verification codes are generated by our own program.

4.? Reconciliation

Taking path 1 as an example, we tell the channel merchants to send short verifications to 10 mobile phone numbers, and the channel merchants will immediately (synchronously) feedback that we have received the request. The request to send 10 text messages was received successfully. After 10 seconds (asynchronously), we were told that he had notified the operator to send 8 text messages. After 20 seconds, the operator told the channel provider, and the channel provider told us that 5 text messages had been sent to the mobile phone. The text message was sent successfully. .

Therefore, when checking the sending quantity, you must clearly check whether the number of successful sending requests or the number of successful sending SMS messages;

Generally speaking, when we say that SMS messages are sent successfully, it means that we tell our partners/channels If the merchant successfully sends the SMS, it does not mean that the user successfully receives the verification code. Because the short-term verification sending path is long, errors at every step will result in the user not being able to receive the text message. Either the text message cannot be received, or there is a bug.

5. Reasons and solutions for failure to receive text messages

1. The mobile phone is in arrears and is shut down (check by the user);

2. Intercepted The software has intercepted it (find it in the intercepted text message);

3. The signal is not good (change to a place/mobile phone with a better signal);

4. Operator blacklist (find it) The blacklist will be lifted after verification by the channel provider or operator);

5. Mobile phone problem (try another mobile phone);

6. Encountered a ghost (find a programmer to solve it);

7. I forgot about the others, I will add them when I think of them;

6. The moment of shady rumors

Sometimes short-term tests are obtained frequently, which may be a bad channel Business is in momentum.

The cost of text messages can be high or low, and the rebates are huge.