|
|
|
|
|
|
by pkavanagh
1565 days ago
|
|
|
Hi, other founder here. Thank you for your feedback! >It sounds like associating and verifying a phone number is required to sign up and use the service - is this something you're open to changing? Are you looking for something like Authy or Google Authenticator here? |
|
|
Precisely! Both are implementations of TOTP[0] - it's a simple protocol which doesn't rely on any particular implementation.
The other common one with that same characteristic would be Fido U2F[1] (for hardware keys such as Yubikey and Google Titan). If/when you do implement it, make sure to support adding more than one token to facilitate users sorting out their own backups.
Both are open standards that are well-supported with both proprietary and open implementations across platforms.
If you have to initially only pick one of the two I'd go with TOTP.
[0]: https://en.wikipedia.org/wiki/Time-based_one-time_password
[1]: https://en.wikipedia.org/wiki/Universal_2nd_Factor