# Handling SMS Verification

Aikido supports SMS-based verification for authenticated pentests by provisioning a dedicated phone number for your authentication set.

**Use this feature if your application requires:**

* **SMS 2FA / MFA:** A text message code is required after entering username/password.

{% hint style="info" %}
If your app uses authenticator apps, use [TOTP setup](/pentests/configure-a-pentest/setting-up-authenticated-testing/handling-two-factor-authentication-totp.md).

If your app sends codes via Email, use the [Email Verification feature](/pentests/configure-a-pentest/setting-up-authenticated-testing/handling-email-verification-and-magic-links.md).
{% endhint %}

#### How it works

In the **Test User** modal, Aikido can create a phone number for your project. You use that number in your login flow, and include it in your instructions with the `<phone_number>` placeholder.

You can open **View Messages** at any time to inspect incoming SMS messages and quickly copy detected verification codes.

#### Setup Guide

{% stepper %}
{% step %}
**Select the SMS Authentication Method**

When adding a test user, choose **Username & Password + SMS Verification**.
{% endstep %}

{% step %}
**Create a Phone Number**

In the **SMS Phone Number** section:

1. Click **Create Phone Number**.
2. Copy the generated number.

<div data-with-frame="true"><figure><img src="/files/bTMAOBA8mQ6f8NYMa2N4" alt=""><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}
**Use the Number in Your App**

Configure your test user so SMS verification codes are sent to the generated number.
{% endstep %}

{% step %}
**Update Authentication Instructions**

Use explicit, step-by-step instructions and include `<phone_number>` where relevant.

**Example Instruction:**

```
1. Navigate to https://app.example.com/login
2. Enter username: pentest_user
3. Enter password: super_secure_password
4. Click "Log In"
5. Wait for an SMS verification code sent to +1234567890
6. Enter the SMS code and click "Verify"
```

{% endstep %}

{% step %}
**Watch Incoming Messages**

Click **View Messages** to open the SMS inbox:

* Messages appear in real time.
* If a numeric code is detected, use **Copy Code** for quick input/testing.

<div data-with-frame="true"><figure><img src="/files/2TCxs9LV6lxl3uer1u1z" alt=""><figcaption></figcaption></figure></div>
{% endstep %}

{% step %}
**Test the Configuration**

1. Click **Save & Test**.
2. The agent runs the login flow, including the SMS verification step.
3. Confirm it reaches the authenticated state.
   {% endstep %}
   {% endstepper %}

#### Troubleshooting

* **No SMS received:** Confirm your app sends codes to the exact generated number and that the test user profile is updated.
* **Placeholder not replaced:** Use the exact token `<phone_number>` in your instructions.
* **Could not create phone number:** Check wallet balance, creating phone numbers is for free but requires you to have enough credits in your wallet to avoid abuse.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/pentests/configure-a-pentest/setting-up-authenticated-testing/handling-sms-verification.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.