Ask HN: Why are SMS verification codes typically numeric?
I am in the process of implementing an SMS verification process for an old website of mine and got to thinking about why most SMS verification codes (even those send by Google) typically consist of only numbers?
Surely an alpha-numerical code would be much more secure than a numeric code?
The only reason I can think of for numeric codes being prevalent is that perhaps latin/ascii alphabetical characters aren't readily available to keyboards around the world, while decimal numbers are?
Can you think of any reason why I should not implement alpha-numeric SMS verification codes?
5 comments
[ 3.3 ms ] story [ 26.1 ms ] threadverification codes don't have to be long. 4-7 numbers with limited amount of retry is plenty.
My customers are entering the verification phones through a computer keyboard, they are only receiving the SMS verification messages to their mobile phone once so I can verify that they own a phone.
Unless you were assuming that their "browser" they would be entering the verification code into is on their feature phone?