There is increasing use of short message service (SMS) messages to verify user identity such as for enabling access to a given computing service. Typically, a service provider sends an SMS with a code to be received by a user device. The user then inputs this code as part of an authentication procedure, in which verification is performed with the service provider, which in turn enables access to the service if successful. However, there are drawbacks to this approach, including degrading of a user experience as well as possible security threats.