|
|
|
|
|
|
by GregHolmes
1401 days ago
|
|
|
If you were, for example building a mobile application. tru.ID's PhoneCheck is superior to SMS in several ways. The first is, it provides a seamless UX. The user only has to enter their phone number (or your backend may already have this stored?). Then all they see is a couple seconds loading followed by a success or failure. It's also taking away the possibilities of the user entering numbers incorrectly (TOTP for example). Some countries have started introducing rules for certain industries where they're not allowed to switch between apps on a mobile phone. For example when trying to find their Authenticator app or checking their SMS/email for a TOTP. And finally, it is phishing resistant. You can phish for a users TOTP. You can't with a data connection the mobile device itself has to make over cellular data to the mobile network operator directly. There is an API specifically for SIM Swap. Or SubscriberCheck does both PhoneCheck and SimSwap together. Further increasing the security of the authentication process for the mobile app. |
|
|
Awfully weak.
> Some countries have started introducing rules for certain industries where they're not allowed to switch between apps on a mobile phone. For example when trying to find their Authenticator app or checking their SMS/email for a TOTP.
Which countries are these?
> And finally, it is phishing resistant. You can phish for a users TOTP. You can't with a data connection the mobile device itself has to make over cellular data to the mobile network operator directly.
What if the user is using a VPN?