Answer the question
In order to leave comments, you need to log in
K
K
Konstantin B.2015-03-03 08:22:19
Konstantin B., 2015-03-03 08:22:19
Switching to authorization only by mobile phone?
What stones can happen when switching to authorization by mobile phone?
For those who suddenly do not understand, but I hope there are none)) This means that a complete absence of a bunch of
login \ email \ and password is foreseen. Just entered the number -> received SMS -> entered the code if true authorized, ip entered in the database, logged in with the same automatic machine authorized, no, we send a new code.
So far, the thought of losing my phone comes to my mind ..
1 answer(s)
@DmitriyEntelis
As practice shows, this is not a problem at all.
It is much easier to recover a phone number than stolen mail.
I see a few other problems:
1) SMS sending costs. Authorization is a fairly frequent event in the general case, SMS will need to be sent a lot.
2) Users are wary of the idea of entering something on the site that came via SMS, all these stories with subscriptions have taught something all the same.
3) Long authorization process. Until the SMS comes, while the user rewrites the code. If such conditions are on some ordinary site, I, as a user, would spit and leave.
In general, I see no reason why authorization should be done through a one-time code.
If the application has increased security requirements, you need to use both the login password and the one-time code (because the phone can be stolen and authorized
) registration.
Kostik_1993 , DevMan : confirmation of any critical actions via SMS with a one-time code is a long time standard in the banking industry and is gradually penetrating the rest. Two-factor authorization (at the request of the user in non-critical cases and forced - in critical ones), password recovery are excellent cases for SMS.
In fact, we currently have no other way to check the user.
Or an application on ios with biometrics, or one-time SMS.
When choosing a normal telecom operator, the phone number is the only way to communicate with the user that the user cannot unknowingly lose for a long time.
D
Dmitry Entelis, 2015-03-03 @DmitriyEntelis
DevMan
I blew a phone / number / roaming passed out (or it doesn’t exist at all) - let’s goodbye.
As practice shows, this is not a problem at all.
It is much easier to recover a phone number than stolen mail.
I see a few other problems:
1) SMS sending costs. Authorization is a fairly frequent event in the general case, SMS will need to be sent a lot.
2) Users are wary of the idea of entering something on the site that came via SMS, all these stories with subscriptions have taught something all the same.
3) Long authorization process. Until the SMS comes, while the user rewrites the code. If such conditions are on some ordinary site, I, as a user, would spit and leave.
In general, I see no reason why authorization should be done through a one-time code.
If the application has increased security requirements, you need to use both the login password and the one-time code (because the phone can be stolen and authorized
) registration.
Kostik_1993 , DevMan : confirmation of any critical actions via SMS with a one-time code is a long time standard in the banking industry and is gradually penetrating the rest. Two-factor authorization (at the request of the user in non-critical cases and forced - in critical ones), password recovery are excellent cases for SMS.
In fact, we currently have no other way to check the user.
Or an application on ios with biometrics, or one-time SMS.
When choosing a normal telecom operator, the phone number is the only way to communicate with the user that the user cannot unknowingly lose for a long time.
Similar questions
S
Stannis Romanov2015-10-13 20:51:45
Where can I find the script (parser/grabber) of rss feeds?
5Reply
L
C
J
J
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question