Most eSignature disputes don't happen because someone forged a signature. They happen because no one can prove who actually signed. Signer identity verification is the difference between a document that holds up and one that falls apart the moment it's challenged.
GoodSign gives you four distinct ways to verify signer identity online — SMS codes, email 2FA, access codes, and passkey biometrics. Each one serves a different situation. Understanding which to use, and why, is what this guide is for.
An electronic signature is only as strong as the audit trail behind it. Courts and contracts don't just ask "was it signed?" — they ask "can you prove the right person signed it?"
Strong identity verification creates that proof. Every authentication step gets logged with a timestamp, IP address, and method used. That metadata becomes your evidence if a signer ever claims they didn't authorize a document.
The method you choose should match the risk level of the document. A low-stakes internal approval needs less friction than a high-value client contract or a legally binding financial agreement.
SMS verification for electronic signatures works exactly as you'd expect. The signer receives a one-time code by text message, enters it before accessing the document, and the system logs that their phone number was used to authenticate.
When to use it: Any time you need to confirm a signer's identity beyond their email address alone. This is ideal for client contracts, vendor agreements, or any document where you know the signer's mobile number and want a second layer of proof.
The strength here is that SMS codes are tied to a physical device. Even if someone intercepts an email invitation, they can't complete signing without access to the recipient's phone. It's a meaningful barrier — and the extra step rarely slows things down. Across GoodSign, 65.3% of documents get signed within 24 hours, even with verification enabled.
One honest limitation: SMS isn't foolproof. SIM-swapping attacks are rare but real. For most business documents, SMS verification is more than adequate. For high-stakes financial or legal documents, consider pairing it with another method.
Access code document signing is deceptively simple and highly effective. You set a password or code, you share it with the signer through a separate channel (a phone call, a secure message, in person), and they enter it before opening the document.
This method shines precisely because it operates outside the digital chain. If someone intercepts the email link, they still can't open the document without the code you communicated verbally or through another platform.
When to use it: Real estate transactions, high-value service agreements, or any situation where you've already verified the signer's identity in person or over the phone. It's also a strong choice when you're working with signers who may not have a mobile number on file but need more than just email-level authentication.
Access codes work just as well for agencies managing multiple clients. Since GoodSign charges $1.50 per envelope with no subscription and no user limits, you can apply access codes across every client file without worrying about plan tier restrictions.
Email two-factor authentication doesn't sound exciting, but it solves a real problem: confirming that the person opening a document has active access to the email account you sent it to.
When to use it: Lower-risk internal approvals, standard vendor onboarding, or any workflow where you trust the recipient's email security and simply need a clean, lightweight confirmation step. It adds a verification layer without introducing any friction that might delay signing.
This is also the right default for freelancers and small businesses running lean. You're not skipping verification — you're right-sizing it to the document's actual risk.
Passkey-based authentication — Face ID, Touch ID, and similar biometric methods — represents the strongest form of signer verification available in consumer-grade tools. Instead of a code that can be shared, biometric verification ties the authentication event to a specific physical device and the person enrolled on it.
When to use it: Financial agreements, employment contracts, healthcare-adjacent documents, or any situation where you need the highest level of assurance that the right individual completed the signing. Biometric methods are also the hardest to repudiate — it's difficult
All rights reserved © GoodSign Limited 2026
2 Stuart St, Ponsonby, Auckland 1011, New Zealand..