So, in this scenario, losing the device (phone, tablet, computer) will mean losing access to the account right? It is coupled to device ID or some cookie right?
I am going to add an addendum about this which I will do now. On the app we are developing, the app installation has a unique id. Every once in a while, all of the "history" is stored in a secure fashion back on the server. So a device migration can be done. I must admit, losing a device is trickier because you wouldnt which id to use to restore on a new device. Let me think about this a bit
But seriously, this is literally the problem that logins were designed to solve. With a login, you are defining an external concept of "user" that is distinct from the device.
Available security factors are: something you are, something you possess, something you know. Right now, you're using something you possess (the device). The problem is, if I lose the device, I've lost my security credential, and no longer "own" my account.
To fix this, you could collect an email, and when installing your app, you could prompt the user if they want to use an existing account or create another. But then, you probably want to add some security in the form of a password... and then you've created a login.
> I must admit, losing a device is trickier because you wouldnt which id to use to restore on a new device.
This will happen. It will happen all the time. And when it does, people will be disappointed. People will stop using your app because they lost everything. I've seen this happen.
This system can work if the data is not important. But the nature of apps that store data or have a concept of "your data is stored" needs to account for cases where the original device is no longer accessible/usable.
> So a device migration can be done.
Relying on device migration is foolish. It will fail. And I will blame your app for losing my data.