This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Passwordless SMS Authentication
Passwordless SMS Authentication

Version management

Difference between version and

At line 1 added 644 lines
!!! Overview
[{$pagename}] allows [Application] [Development Teams] to provide [Authentication] without the need to remember a [password].
[{$pagename}] allows [users] to enter their [Mobile Device] [Phone Number] or [Email Address] and receive a [One-Time password] (code) or [URL], which they can then use to [login].
[{$pagename}] the user is bound to the [connection] using an [Identity Provider (IDP)]. Since you can't force users to use the same mobile phone number or email address every time they [authenticate], users [MAY] end up with multiple user profiles in the [IDP] [DataStore] but you may be able to perform [Identity Correlation].
Passwordless differs from [Multi-Factor Authentication] ([MFA]) in that only one [Authentication Factor] is used to authenticate a user—the one-time code or link received by the user.
!! [{$pagename}] Benefits
The benefits of enabling [{$pagename}]s include:
* Improved [User Experience], particularly on mobile [applications], because users only need an [Email Address] or mobile [Phone Number] to [Registration], and the [credential] used for [authentication] is automatically validated after sign-up.
* Enhanced [security] because users avoid [Password Reuse]
* Less effort for you because you will not need to implement a [Password Recovery] procedure.
!! [{$pagename}] [Implementation] Issues
These are the primary [Implementation] Issues [{$applicationname}] is aware of:
* [infrastructure]. [Implementation] need to use a [Cloud Service Provider] or [Third-party] service to manage the [SMS] with [Mobile Network Operators]. [Auth0], [Twilio], [okta], and [AWS Cognito] are just a few [Service Providers] to get started.
* the additional cost of [SMS], especially global [SMS] and variable pricing. Even though these are one-time passcodes, the cost per [SMS] message is more expensive than the FREE options of federating [Social Identity Providers].
* [app] will most likely be running on [Mobile Devices] that do not have a [Phone Number] or cellular plan such as an iPad [Wi-Fi] edition. In this case, the user would need to have their [Mobile Device] nearby when they wanted to authenticate on a non-cellular device. Most of the time this is not a problem, however, in some families, children have a wifi iPad and no mobile SMS capable [Mobile Device]. So, in this case, the developer would need to offer additional [Authentication Factors] such as a basic username/password. Not too radical but does add an additional barrier and this is why most mobile developers will offer several ways for users to authenticate.
!! [{$pagename}] [Privacy Considerations]
[{$pagename}] supports [Privacy Enhancing Technologies] and supports [Law of Minimal Disclosure For A Constrained Use] where the [Relying Party] [Application] has no knowledge of the [user] other than their [Mobile Device] [Phone Number] or [Email Address]
!! [{$pagename}] [Security Considerations]
The obvious [risk] here is if someone gains access to the physical [Mobile Device] and bypasses the phone’s security to read [SMS] messages.
Some others are paranoid over a possible [SIM Swap].
The Interception of the [Mobile TAN] might be another [Risk] but generally, not using full [Multi-Factor Authentication] for [Financial transaction] is "Silly"
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Passwordless Connections|https://auth0.com/docs/connections/passwordless|target='_blank'] - based on information obtained 2019-10-14
* [#2] - [Passwordless SMS Authentication: The Basics|https://itnext.io/passwordless-sms-authentication-the-basics-fdf9dbecab04|target='_blank'] - based on information obtained 2019-10-14
* [#2] - [Passwordless SMS Authentication: Backend|https://itnext.io/passwordless-sms-authentication-backend-9932391c49dc|target='_blank'] - based on information obtained 2019-10-14
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop