FAQs: SMS Authentication in BoldSign

BoldSign’s SMS authentication feature adds an extra layer of security to electronic signatures by requiring signers to verify their identity with a one-time password (OTP) sent via SMS to their registered phone number. This ensures only authorized individuals can access and sign sensitive documents, complementing other methods like email OTP or access codes.

Below, you’ll find answers to frequently asked questions that will help you understand and use this feature effectively:

1. What is SMS authentication in BoldSign?
   SMS authentication is a security measure that verifies the signer’s identity by sending an auto-generated OTP to their phone number; the signer must enter this code to unlock and access the document for signing, adding an extra layer of protection against unauthorized access.
2. How does SMS authentication work?
   When enabled, the signer receives a link to the document via email or other delivery; upon clicking it, they are prompted to request an OTP via SMS, enter the code, and verify before proceeding to sign, ensuring the phone number matches the registered details.
3. Why use SMS authentication for eSignatures?
   SMS authentication enhances security for sensitive documents by validating that the signer is the legitimate owner of the registered phone number, reducing fraud risks and providing a quick, convenient verification method. It’s especially useful when email access is unreliable or for mobile-first users.
4. How much does SMS authentication cost?
   Each SMS authentication costs $0.20 per message, charged on a pay‑per‑use basis. The fee applies whether the OTP verification succeeds or fails. If you retry, each new attempt is billed separately, adding to the total cost. Charges are always applied to the sender’s account, not the signer.
5. Which BoldSign plans support SMS authentication?
   SMS authentication is available in Business, Premium, and Enterprise API plans.
6. Can I add SMS authentication after sending the document?
   Yes, you can add or edit SMS authentication to an existing document request even after sending it, as long as the signer has not yet completed the signing process, via the Add Authentication option in the document’s recipient details.
7. Which recipient roles support SMS authentication?
   SMS authentication is supported for all recipient roles, including Signers, Document Reviewers, and In-person Signers.
8. Can multiple signers use SMS authentication on the same document?
   Yes, you can enable SMS authentication independently for multiple signers on a single document, allowing tailored security for each participant.
9. What are the supported countries for SMS authentication?
   SMS authentication supports phone numbers from 26 countries, including the United States, United Kingdom, Australia, Brazil, Canada, Denmark, Finland, France, Germany, Greece, Hong Kong, Hungary, India, Ireland, Israel, Italy, Japan, Mexico, Poland, Portugal, Singapore, South Africa, Spain, Sweden, Switzerland, and Puerto Rico. For the complete list, check our article: Countries that support BoldSign SMS features.
10. What happens if a signer enters the wrong OTP?
    If the signer enters the wrong OTP more than three times, the document locks, and the status changes to Needs Attention, notifying the sender. The sender can then resume the process, reset attempts, or manually override to allow continued signing.
11. Is SMS authentication secure?
    Yes, it uses encrypted OTP delivery and complies with industry standards for two-factor authentication, ensuring the code is time-sensitive and tied to the signer’s phone, while all data transmission remains protected.
12. How does SMS authentication differ from email OTP?
    SMS OTP sends the verification code directly to the signer’s mobile phone for immediate access via text, ideal for on-the-go signing, whereas email OTP delivers to their inbox.
13. Can I customize the SMS message or OTP format?
    No, the SMS message and OTP format are standardized for compliance and security; customization is not available in the web app or via API.
14. What is included in the SMS authentication audit trail?
    The audit trail logs the authentication request timestamp, OTP delivery status (sent/delivered), verification outcome (success), number of attempts, signer’s IP address and device details, and any sender notifications for failures, ensuring full compliance traceability.
15. Is SMS authentication available via API?
    Yes, BoldSign’s API supports SMS authentication by setting authenticationType to SMSOTP in the signer object, along with the phoneNumber (countryCode and number), for seamless integration in document sending or embedded signing workflows.
16. Can I track the status of SMS OTP delivery?
    Yes, in the document overview, you can monitor OTP delivery status (sent, successful, or failed), view signer attempts, and receive real-time notifications for issues, allowing quick resolution like resending or switching methods.
17. What if the signer’s phone number is invalid or unreachable?
    If the number is invalid or the SMS fails to deliver, the signer cannot proceed; verify the phone and country code in the recipient details, then resend the request or switch to an alternative authentication method like email OTP.
18. Can signers opt out of SMS authentication?
    No, once enabled by the sender, SMS authentication is mandatory for that signer until modified by the sender.

For additional help, reach out to BoldSign support.