Ask HN: Why doesn't MFA as a stand alone API exist?

2 points by amukbils ↗ HN
Most MFA exist only as part of an identity product like Auth0 or Stytch.

We only want to use 2FA for specific purposes under specific circumstances. Why doesn't this service exist?

Well Twilio's Verify APIs exist, but they're incredibly expensive ($0.05 / verification + SMS prices). If you plan on verifying users regularly, that's a huge cost.

I cannot be the only one who needs this service (can I?).

So why doesn't it exist? What am I missing?

5 comments

[ 2.9 ms ] story [ 24.8 ms ] thread
This is kind of driving me crazy. I really cannot find anything out there and I cannot understand why.

- I'm either not able to search well enough to find a tool - It's just not valuable enough for anyone to create - Schelp blindness

In Ruby-on-Rails it's part of the authentication framework Devise https://github.com/tinfoil/devise-two-factor and related modules including creating QR codes, backup codes etc. PHP Laraval has similar libraries https://jetstream.laravel.com/2.x/features/two-factor-authen...

Auth0 and similar commercial companies might very good at marketing. Try replacing "API" with "library" or a programming language name.

> It's just not valuable enough for anyone to create

For a commercial API you need to charge $10 USD/month, or equivalent in terms of per-API-call, otherwise your service won't be profitable. You call 5 US cent already expensive, so I think you're right, it's not valuable enough.

Thanks!

- Both libraries are not quite stand-alone a true stand-alone would be API-based (maybe include SDKs). My search comes up empty.

- How'd you determine the $10 USD / month number?