# How to Verify a Signer's Identity Online: SMS, Access Codes, and Passkey Explained Canonical: https://goodsign.io/blog/how-to-verify-signer-identity-online Source: GoodSign — pay-per-document electronic signatures (https://goodsign.io) --- # How to Verify Signer Identity Online: A Practical Guide to GoodSign's Authentication Methods Most eSignature disputes don't happen because someone forged a signature. They happen because no one can prove *who* actually signed. Signer identity verification is the difference between a document that holds up and one that falls apart the moment it's challenged. GoodSign gives you four distinct ways to verify signer identity online — SMS codes, email 2FA, access codes, and passkey biometrics. Each one serves a different situation. Understanding which to use, and why, is what this guide is for. ## Why Authentication Method Matters Legally An electronic signature is only as strong as the audit trail behind it. Courts and contracts don't just ask "was it signed?" — they ask "can you prove the right person signed it?" **Strong identity verification creates that proof.** Every authentication step gets logged with a timestamp, IP address, and method used. That metadata becomes your evidence if a signer ever claims they didn't authorize a document. The method you choose should match the risk level of the document. A low-stakes internal approval needs less friction than a high-value client contract or a legally binding financial agreement. ## SMS Verification: The Fastest Way to Confirm a Real Person SMS verification for electronic signatures works exactly as you'd expect. The signer receives a one-time code by text message, enters it before accessing the document, and the system logs that their phone number was used to authenticate. **When to use it:** Any time you need to confirm a signer's identity beyond their email address alone. This is ideal for client contracts, vendor agreements, or any document where you know the signer's mobile number and want a second layer of proof. The strength here is that SMS codes are tied to a physical device. Even if someone intercepts an email invitation, they can't complete signing without access to the recipient's phone. It's a meaningful barrier — and the extra step rarely slows things down. Across GoodSign, **65.3% of documents get signed within 24 hours**, even with verification enabled. One honest limitation: SMS isn't foolproof. SIM-swapping attacks are rare but real. For most business documents, SMS verification is more than adequate. For high-stakes financial or legal documents, consider pairing it with another method. ## Access Codes: Control Without Complexity **Access code document signing** is deceptively simple and highly effective. You set a password or code, you share it with the signer through a separate channel (a phone call, a secure message, in person), and they enter it before opening the document. This method shines precisely *because* it operates outside the digital chain. If someone intercepts the email link, they still can't open the document without the code you communicated verbally or through another platform. **When to use it:** Real estate transactions, high-value service agreements, or any situation where you've already verified the signer's identity in person or over the phone. It's also a strong choice when you're working with signers who may not have a mobile number on file but need more than just email-level authentication. Access codes work just as well for agencies managing multiple clients. Since GoodSign charges **$1.50 per envelope with no subscription and no user limits**, you can apply access codes across every client file without worrying about plan tier restrictions. ## Email 2FA: The Baseline That's Underestimated Email two-factor authentication doesn't sound exciting, but it solves a real problem: confirming that the person opening a document has active access to the email account you sent it to. **When to use it:** Lower-risk internal approvals, standard vendor onboarding, or any workflow where you trust the recipient's email security and simply need a clean, lightweight confirmation step. It adds a verification layer without introducing any friction that might delay signing. This is also the right default for freelancers and small businesses running lean. You're not skipping verification — you're right-sizing it to the document's actual risk. ## Passkey Biometrics: Face ID and Touch ID for High-Stakes Documents Passkey-based authentication — Face ID, Touch ID, and similar biometric methods — represents the strongest form of signer verification available in consumer-grade tools. Instead of a code that can be shared, **biometric verification ties the authentication event to a specific physical device and the person enrolled on it**. When to use it: Financial agreements, employment contracts, healthcare-adjacent documents, or any situation where you need the highest level of assurance that the right individual completed the signing. Biometric methods are also the hardest to repudiate — it's difficult