Large enterprises, banks and other places requiring very high security log on systems use multi-factor authentication. Multi-factor authentication is using multiple means of verifying if the person trying to log in to the system is the real person and not someone stealing credentials. For example a conventional single-factor authentication is simply entering the user name and password to log in to check your email. A example in multi-factor authentication in a high security area might be entering a pin number and doing a retinal eye scan. Notice that multi-factor means using two different means to gain access, in this case the pin number and the retinal eye scan.

A really easy way to set up multi-factor authentication for one your systems is to use the conventional username/password as one factor, and then using the SMS technology in your phone as the second factor. An example case will better demonstrate this.

User enter username/password and log in to the System
System sends a SMS message to pre-defined phone number with a code
Enter code in next step in the log in process
Log into website

When you set up the account, you need to set up a phone number to pair up with the given username/password pair. To make things a little more secure, you can change things around

User enter username/password and log in to the System
System sends a SMS message to pre-defined phone number with a code
Unscramble the code manually (reverse the code)
Enter unscrambled code in next step in the log in process
Log into website

This might seem nice and all, but as most cool ideas, you might say the implementation is too much trouble to go through. Wrong, this is extremely easy to implement. Most mobile phone carriers now have email to SMS gateways. For a few of the gateways you can visit my previous post or just google. There are a few services popping up online that allow you to send a email to a single phonenumber@domain which will select correct SMS and send it.

For example to send a SMS to a t-mobile phone number with 123456789 you would send a email to 123456789@tmomail.net and thats just a single php function.

Good luck, this is a very easy mechanism to implement to make it harder for someone to gain illegal access to your systems.