CommuniGate Pro supports customizable set of methods of verification that password authentication is performed by a user who possess something that can be contacted separately from the primary authentication channel: for example a mobile phone ready to receive an SMS, a land-line phone ready to receive a call, an e-mail address on another mail system, and so on. Having verified the account's primary password, CommuniGate Pro uses the x2auth.sppr PBX script to deliver to the user an one-time password using either of these additional methods. The user then has to enter that one-time password to confirm the possession of the items used for this additional authentication.
This additional authentication is supported for logins through the WebUser Interface or the XIMSS protocol. After a successful login the additional verification can be not requested for the logins from the same IP address for the specified period of time.